HITECH Audit – HIPAA Security Rule Compliance
Meet HIPAA / HITECH security requirements with a comprehensive audit of security controls or validate your organization’s HIPAA Compliance.
Thorough security analysis affords the least impact to the organization for validation with over fifty-four unique security provisions within the HIPAA Security Rule (45 CFR Parts 160, 162, 164), many organizations are concerned about how to demonstrate conformity with the least amount of impact to the organization – Enter our audit process helping your organization meet HIPAA Regulatory requirements as well as the HITECH Act’s Meaningful Use.
Health Insurance Portability and Accountability Act of 1996 – HIPAA attempts to answer this concern by placing requirements for assessment into the Rule: Sec. 164.308 Administrative Safeguards A covered entity must conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of protected health information held by the entity. Where is electronic protected health information stored and how does it move through your organization? What risks and foreseeable threats exist today to your information, systems, and facilities? Where are your weaknesses, vulnerabilities, and misconfiguration? Are you HIPAA Compliant? Do you conform to the HIPAA Security and Privacy Rules? The official “HIPAA Audit Protocols” were just released July of 2012!
How much security is enough?
There are 77 audit protocol provisions of the Security Rule that covered entities must consider for implementation in addition to the 88 required audit provisions of the Privacy Rule each of these provisions is frequently refereed as a separate rule hence: HIPAA Security and Privacy Rules even through there is only a single HIPAA Rule for each privacy and security. You much have documentation indicating whether the audit provision or protocol was considered reasonable and appropriate; was implemented, whether it was implemented through an alternate solution, or whether it was not implemented at all and why…. How much security is enough for your organization? What is reasonable and appropriate? What proof do you have to support your decisions???? Is “Addressable” really “Required” in order to pass a HIPAA Audit??
A HIPAA Regulatory Security Assessment or Audit provides the unbiased analysis and documentation of your security measures and delivers the detailed information you need to design, plan, and implement improvements.
- On-site Assessment — Inspects the state of your administrative, physical, and
technical security policies, plans, procedures, systems, and networks.
- Risk Assessment — Identifies assets, potential threats, and operational risks
- Internal & External Vulnerability Assessment — Identifies technical weaknesses and vulnerabilities.
- Gap Analysis — Identifies areas that conform and those that do not to the Security Rule provisions and is used for planning of any remediation efforts and proof of due-diligence.
- Remedy Recommendation —Documents reasonable and appropriate recommendations to support your rationale in designing and implementing any Required and Addressable safeguards.
We are experts and subject matter experts (SMEs) in HIPAA Compliance, HITECH Audits and security assessment – our skilled and experienced security consultants deploy with all the tools necessary to assess your organization’s security controls within a process specifically designed for HIPAA Security and Privacy Rules compliance. The result is an in-depth documented assessment and recommendation/remediation package. Findings are reviewed in detail with your staff. Offset the cost of compliance with outsourced efficiency. An investment is required to acquire the security expertise, planning, implementation processes and tools to accurately and thoroughly audit for compliance. Spohn’s Audit offsets the total cost of periodic auditing through lower cost on demand services .
- HSS.Gov – HIPAA Rule Summary Compliance
- HSS.Gov – HIPAA Audit Protocol – July 2012
- HSS.Gov -HIPAA Resource Page
- Health Insurance Portability and Accountability Act (HIPAA) – Wikipedia
Our audit process is the prefect tool to validate your HIPAA Security and HIPAA Privacy Rule, HITECH Act, Texas Medical Privacy Law or California Medical Privacy Laws compliance. It will assess your organizations overall security posture, definitively answers your compliance concerns and it puts your mind at ease. Call us today at 512.685.1817/512.685.1000.