HIPAA Assessment

Serving healthcare providers across the nation.

If you’re a healthcare provider, you’re likely familiar with HIPAA, which sets the security standards for electronic protected health information (ePHI). Auditwerx can serve as the independent third party you need to not only ensure compliance but also strengthen your existing internal controls.

Why a HIPAA Compliance Assessment?

Assessing and implementing the safeguards listed above can be enhanced greatly by an assessment team with extensive technical capability and experience, as well as audit skills. The mix of these skills allows efficient communications with highly technical IT departments while simultaneously providing understandable technical requirements and remediation strategies to management and internal audit departments. This combination of technical expertise and the ability to translate IT terms and processes for various audiences is typically one of our IT audit team’s most complemented attributes.

IS THE COMPLETION OF AN IT RISK ASSESSMENT NECESSARY FOR COMPLIANCE WITH THE HIPAA SECURITY RULE?

The completion of a risk assessment is a requirement of the HIPAA compliance process. The risk assessment identifies the current level of risk to ePHI data in use, at rest or in transmission. Completing this process is one of the most critical steps in identifying controls used to mitigate risks to ePHI – and the effectiveness of the control in reducing the risk to ePHI. This process can also be leveraged in the identification of other requirements for data privacy.

Simplify HIPAA Compliance

Fill out this form to get in touch with one of our specialists. We’ll be in touch soon to discuss your compliance needs.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

We are confident that our work will exceed your expectations.

We pride ourselves on going above and beyond to provide added value and personalized attention, while delivering reports in an efficient, professional and quality manner.

THE HIPAA ASSESSMENT PROCESS

HIPAA READINESS AND RISK ASSESSMENT

The Auditwerx IT audit team defines the system boundaries and completes an ePHI risk assessment based on the ePHI data flow – and the risks associated with ePHI data at rest in transit and in use. During a HIPAA security assessment, each of the four areas listed below of the HIPAA security standards will be assessed.

STEP 1: HIPAA ADMINISTRATIVE SAFEGUARDS

The nine standards in this area outline the process infrastructure needs for effective security of electronic Protected Health Information. These standards address:

security management,
assigned security responsibility,
workforce security,
information access,
security awareness and training,
security incidents,
contingency plans (for emergencies and disasters),
evaluation of security effectiveness, and
business associate contracts (or other arrangements) with the hospital’s business partners.

The approach for assessing administrative safeguards will involve reviewing policies, procedures and processes, and interviewing responsible personnel, with respect to information security responsibility.

STEP 2: HIPAA PHYSICAL SAFEGUARDS

The four standards in this area address the physical infrastructure that needs to be in place through:

facility access controls,
workstation use,
workstation security,
and device and media controls.

The physical safeguards assessment occurs by reviews of policies, procedures, and processes; interviews with those personnel responsible for them; and an investigation of the physical facilities. We evaluate whether accessibility to facilities and systems exposes the facility (and the information for which it’s responsible) to unintended information disclosure.

STEP 3: HIPAA TECHNICAL SAFEGUARDS

This area outlines the technical infrastructure that needs to be in place for the security of electronic PHI. The four standards in this category address:

access control,
audit controls,
integrity (of electronic PHI),
person or entity authentication, and
transmission security.

Although the standards are somewhat neutral, the Auditwerx HIPAA IT security assessment team considers the various technology components of a computing system and assesses them relative to the applicable standards.

This process consists of reviewing application level software controls, the operating system controls beneath it, the internal network controls to which it is connected, and the controls on external networks that it transmits across.

STEP 4: HIPAA ORGANIZATIONAL REQUIREMENTS

Security standards address the security aspects of third party business associate contracts.

Our IT audit team focuses on interviewing appropriate business and legal counsel personnel that are involved in developing and drafting business associate contracts and reviewing their content for the security elements that need to be included.

STEP 5: HIPAA RECOMMENDATIONS REPORT

Upon completion of our review, we prepare a report describing identified weaknesses and provide suggestions for technology options to address each weakness. We also provide guidelines for the implementation of a corrective action plan. The Auditwerx IT audit team empowers healthcare and healthcare service organizations by delivering clear and concise security information that looks beyond compliance toward the bigger picture of building strong internal control processes that drive success for your healthcare business.

What Our Clients Are Saying

Our priority is to make your security compliance journey stress free. See what real clients have said about Auditwerx:

"...Auditwerx helped us securing a SOC 2 Type 1 and Type 2 attestation…Both operations and auditing teams executed the engagement flawlessly, on-time and on-budget. The Auditwerx team provided us with the necessary guidance, tools and knowledge allowing us to improve the overall process concerning both system’s security and privacy, as well as support to implement better controls that are a hard requirement in our sector..."

"...Their auditors and team have brought a level of expertise and professionalism that has been unmatched...Auditwerx has truly been pleasure to work with. I have referred Auditwerx to a number of clients and would recommend them to anyone who is looking to complete a SOC engagement."

"...Like many other companies, we were new to the entire SOC 2 landscape and we were happy to engage Auditwerx. They are experts in the process and provided direction and guidance throughout the process , explaining trusted principles, conducting a readiness assessment, identifying gaps and weaknesses and organizing the final audit. Auditwerx allowed us to quickly get through this process painlessly..."