Serving healthcare providers across the nation.
If you’re a healthcare provider, you’re likely familiar with HIPAA, which sets the security standards for electronic protected health information (ePHI). Auditwerx can serve as the independent third party you need to not only ensure compliance but also strengthen your existing internal controls.
Each of the four areas listed below of the HIPAA security standards will be assessed.
The nine standards in this area outline the process infrastructure needs for effective security of electronic Protected Health Information. These standards address:
The approach for assessing administrative safeguards will involve reviewing policies, procedures and processes, and interviewing responsible personnel, with respect to information security responsibility.
The four standards in this area address the physical infrastructure that needs to be in place through
The physical safeguards assessment occurs by reviews of policies, procedures, and processes; interviews with those personnel responsible for them; and an investigation of the physical facilities. We evaluate whether accessibility to facilities and systems exposes the facility (and the information for which it’s responsible) to unintended information disclosure.
This area outlines the technical infrastructure that needs to be in place for the security of electronic PHI. The four standards in this category address:
Although the standards are somewhat neutral, the Auditerx HIPAA IT security assessment team considers the various technology components of a computing system and assesses them relative to the applicable standards.
This process consists of reviewing application level software controls, the operating system controls beneath it, the internal network controls to which it is connected, and the controls on external networks that it transmits across.
Security standards address the security aspects of third party business associate contracts. Our IT audit team focuses on interviewing appropriate business and legal counsel personnel that are involved in developing and drafting business associate contracts and reviewing their content for the security elements that need to be included.
Upon completion of our review, we prepare a report describing identified weaknesses and provide suggestions for technology options to address each weakness. We also provide guidelines for the implementation of a corrective action plan.
The Auditwerx IT audit team empowers healthcare and healthcare service organizations by delivering clear and concise security information that looks beyond compliance toward the bigger picture of building strong internal control processes that drive success for your healthcare business.
Contact us below to learn how.
Auditwerx conducted a HIPAA Assessment of our company that concluded in July of 2020. In spite of the COVID lockdown, Auditwerx was able to request artifacts, discuss control implementations and provide the attestation in a timely and professional manner. This assessment helped us to identify any weaknesses and assisted with shoring up any weak controls. Much of the work was conducted via phone calls and through the Auditwerx Dashboard, where artifacts could be uploaded in a secure manner. Auditwerx was understanding of our timelines and adjusted project plans to meet our requirements.