
The HIPAA Security Rule: Basic Requirements
Your organization must assess the security risks involved with storing or transmitting ePHI and ensure compliance with the HIPAA security rule and proper documentation of your compliance processes.
An AUP engagement performed by an independent third party focuses on defined agreed-upon procedures on a specific subject matter. The subject matter of an AUP engagement may take many different forms and focus on a point in time or cover a period of time. The specified parties to the engagement take responsibility for the sufficiency of the agreed-upon procedures for their purposes.
Please note: Due to the confidential nature of the report it is considered a limited distribution report to those specified parties to the engagement.
Fill out this form to get in touch with one of our specialists. We’ll be in touch soon to discuss your compliance needs.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The report delivered at the end of the engagement, the “Independent Accountant’s Report on Applying Agreed-Upon Procedures”, includes all standard language required by the American Institute of Certified Public Accountants (AICPA) covered under the attestation standards, to include the following:
If you answer yes to any of these questions, then an AUP is your starting point on your path to compliance:
Is your team required to have an independent third party perform procedures that relate to specific duties/functions/operations or risk areas for your company due to contractual obligations or third party requests? Typically, these procedures have definite or distinct requirements which are limited in scope.
Do you need an internal controls structure review in order to determine the strength of and validate the implementation of the controls to meet any regulatory requirements?
Are you seeking to grow through mergers or acquisitions and have potential targets?
Is the industry you are in highly regulated and you would benefit from compliance reviews focused on your current regulatory environment or the environment you are moving towards such as governmental, financial and healthcare arenas?
“…The Auditwerx team provided us with the necessary guidance, tools and knowledge allowing us to improve the overall process concerning both system’s security and privacy, as well as support to implement better controls that are a hard requirement in our sector…We would highly recommend Auditwerx services to organizations of all sizes and requirement complexities. “
Your organization must assess the security risks involved with storing or transmitting ePHI and ensure compliance with the HIPAA security rule and proper documentation of your compliance processes.
In many industries, compliance reporting is expected to be delivered by December each year. If your industry requires fourth quarter compliance reporting, it is important to give your auditor enough time to complete the process.
When your clients are asking to see your cybersecurity certifications, you need efficient reporting services to show your commitment to data protection and effective security controls in a timely manner. Auditwerx consistently works to provide the cybersecurity solutions you need in a way that works with your business needs.