Problem

HIPAA introduces a variety of organizational and procedural changes that address the confidentiality, availability, integrity and overall security of Electronic Patient Health Information (eHPI) within the HealthCare and Medical Services industry. If your organization is a Covered Entity (CE) as defined by the Health and Human Services Department, you are required to implement a variety of practices within your organization. These are defined in the HIPAA Security Rule. We provide our clients comparative information and baselines against industry standard practices in addition to the HIPAA mandated review items in the Security Rule. A complete assessment as required under the HIPAA specifications includes on-site interviews with personnel, system analysis, policy and procedure review and remediation suggestions.

Solution

An information security audit is an in-depth appraisal of the organization’s adherence to existing policies and industry best practices and identification of areas of weakness that need to be addressed to meet business needs or regulatory and compliance requirements. We will assess the existing weaknesses and develop countermeasures in three area, people, process and technology.We can analyze your compliance measures HIPAA requirements. We can determine cost effective software, procedures and process compliance measures to adhere to regulatory standards. Through our gap analysis approach, we design a remediation process and identify mitigating controls. The audit can be broken down into the following areas:

• External – Analyzing the security of the organization’s perimeter from an external perspective
• Internal – Analyzing the security of the desktops, laptops, servers and storage as well as the existing security processes and procedures from an internal perspective. Areas that can be reviewed include but are not limited to security over intellectual property, vendors, legal and compliance issues, disaster recovery, business continuity, data storage, etc.
• People and Process– Assess vulnerabilities associated with how employees conduct themselves, including contractors, visitors and unauthorized insiders. Review business processes for inherent weaknesses according to industry best practices.
• Physical – Assess the physical controls around information assets for potential vulnerabilities.
  • Environmental disasters
  • Deliberate acts of destruction
  • Loss of services
  • Equipment and system failure
  • Serious information security incidents
  • Personnel (hiring, firing, transferring/moving) and safety
  • Building and property access, monitoring and recording

How the Process Works

We will be onsite to interview relevant staff, conduct automated testing and review all pertinent documentation that is required by HIPAA regulations. Current practices will be compared to industry best practices and any regulatory requirements that the company must follow. A summary and detailed report will be provided identifying all findings and detailed solutions will be provided to both fix the current problem and change business processes as necessary to avoid the problems from reoccurring. You may choose to have us do a retest using only automated techniques after you have completed the recommended fixes. This will be at a discounted rate.