SlideShare a Scribd company logo

Official HIPAA Compliance Audit Protocol Published

Redspin, Inc.
Redspin, Inc.

Official HIPAA Compliance Audit Protocol Published - Of particular interest to Redspin is the section dedicated to IT security.

Health & Medicine
1 of 1
Download to read offline
Official HIPAA Compliance Audit Protocol Published July 2, 2012 The Department of Health and Human Services’ Offices for Civil Rights (OCR) have finally published the official protocol and detailed procedures guiding their HIPAA Audit program. The protocol, developed by subcontractor KMPG together with OCR, includes 77 evaluation areas for security and another 88 areas for privacy/breach notification. Here’s a link to the publication which is conveniently keyword searchable. http://ocrnotifications.hhs.gov/hipaa.html Of particular interest to Redspin is the section dedicated to IT security. As former White House Cybersecurity Czar Howard Schmidt said recently, “Without security, there can be no privacy.” We were pleased, but not surprised, to see that the audit protocol maps directly to the HIPAA Security Rule sections§164.308, §164.310 and §164.312. For the past several years, we’ve advised our clients that any official HIPAA security audit program would necessarily revert back to existing HIPAA Security Rule provisions “on the books” since 2005. It’s how Redspin designed its own methodology for our HIPAA Security Risk Assessments (click here to download our crosswalk map) and we were 100% confident that our approach would pass muster with any subsequent interpretations. Further, at the June 7th HIPAA Security Rule conference, Linda Sanchez, Senior Advisor and Health Information Privacy Lead at OCR, reported that the results of the first 20 OCR/KPMG pilot audits showed that security compliance was a far more troublesome area than privacy compliance. More specifically, 74% of the findings were security gaps or breach issues compared to 26% policy violations. Against the backdrop of the transition of the healthcare industry from a paper-based system to electronic health records, Redspin continually stresses that IT security is job one. OCR concurs. Ms. Sanchez went on to recommend “next steps” that all covered entities should implement not simply as preparation for a potential audit but as best practices. Her first suggestion? Conduct a robust review and assessment. Next? Determine stakeholders – all lines of business that are impacted by HIPAA regulations. Then identify all of the protected health information (PHI) within the organization and map its flow within the organization and to/from business partners. In conclusion, the audit protocol itself is informative at least in the sense that there are no surprises, but neither does it offer any more explicit guidance than what is in the HIPAA Security Rule. Redspin continues to advise our clients that safeguarding PHI is the primary objective. By conducting a comprehensive security risk analysis and implementing a remediation plan that address the findings in a diligent and timely manner, a covered entity will not only improve its security posture and reduce risk, but will also have nothing to fear from an OCR/KPMG audit. WEB PHONE EMAIL WWW.REDSPIN.COM 800-721-9177 INFO@REDSPIN.COM

Recommended

Privacy Risk Assessment
Privacy Risk AssessmentPrivacy Risk Assessment
Privacy Risk Assessment
Healthcare Information Technologies
 
WEBINAR: HIPAA 101: Five Steps Toward Achieving Compliance
WEBINAR: HIPAA 101: Five Steps Toward Achieving ComplianceWEBINAR: HIPAA 101: Five Steps Toward Achieving Compliance
WEBINAR: HIPAA 101: Five Steps Toward Achieving Compliance
KSM Consulting
 
What Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud StorageWhat Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud Storage
Texas Medical Liability Trust
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Compliancy Group
 
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPABoards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Hernan Huwyler, MBA CPA
 
Iadmdhipmkt1.0
Iadmdhipmkt1.0Iadmdhipmkt1.0
Iadmdhipmkt1.0
profit10
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin, Inc.
 
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Hernan Huwyler, MBA CPA
 

Recommended

Privacy Risk Assessment
Privacy Risk AssessmentPrivacy Risk Assessment
Privacy Risk Assessment
Healthcare Information Technologies
 
WEBINAR: HIPAA 101: Five Steps Toward Achieving Compliance
WEBINAR: HIPAA 101: Five Steps Toward Achieving ComplianceWEBINAR: HIPAA 101: Five Steps Toward Achieving Compliance
WEBINAR: HIPAA 101: Five Steps Toward Achieving Compliance
KSM Consulting
 
What Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud StorageWhat Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud Storage
Texas Medical Liability Trust
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Compliancy Group
 
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPABoards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Hernan Huwyler, MBA CPA
 
Iadmdhipmkt1.0
Iadmdhipmkt1.0Iadmdhipmkt1.0
Iadmdhipmkt1.0
profit10
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin, Inc.
 
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Hernan Huwyler, MBA CPA
 
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
Redspin, Inc.
 
Respond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security reqRespond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security req
SHIVA101531
 
Tips for Securing ePHI in the Cloud
Tips for Securing ePHI in the CloudTips for Securing ePHI in the Cloud
Tips for Securing ePHI in the Cloud
Peak 10
 
Hernan huwyler ISOs for cyber security and privacy
Hernan huwyler ISOs for cyber security and privacyHernan huwyler ISOs for cyber security and privacy
Hernan huwyler ISOs for cyber security and privacy
Hernan Huwyler, MBA CPA
 
GDPR Healthcheck
GDPR HealthcheckGDPR Healthcheck
GDPR Healthcheck
Paul Webb-Jones
 
Health insurance portability and accountability act (hipaa)
Health insurance portability and accountability act (hipaa)Health insurance portability and accountability act (hipaa)
Health insurance portability and accountability act (hipaa)
ZyLAB
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016
Compliancy Group
 
Technology Assesment
Technology AssesmentTechnology Assesment
Technology Assesment
David Duncan
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
himalya sharma
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012
Redspin, Inc.
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
himalya sharma
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA Compliance
Hostway|HOSTING
 
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
DATUM LLC
 
Guide to hipaa compliance for containers
Guide to hipaa compliance for containersGuide to hipaa compliance for containers
Guide to hipaa compliance for containers
Abhishek Sood
 
Ecfirstbiz
EcfirstbizEcfirstbiz
Ecfirstbiz
shailu devi
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
supportc2go
 
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyTech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Events2018
 
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anyway
IRIS
 
Complying with HIPAA Security Rule
Complying with HIPAA Security RuleComplying with HIPAA Security Rule
Complying with HIPAA Security Rule
complianceonline123
 
c~Sharpe Security Services
c~Sharpe Security Servicesc~Sharpe Security Services
c~Sharpe Security Services
Kenya Soares, CISSP,CISM,CEH,CHFI,PMP
 
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
HPCC Systems
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
amburyj3c9
 

More Related Content

What's hot

HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
Redspin, Inc.
 
Respond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security reqRespond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security req
SHIVA101531
 
Tips for Securing ePHI in the Cloud
Tips for Securing ePHI in the CloudTips for Securing ePHI in the Cloud
Tips for Securing ePHI in the Cloud
Peak 10
 
Hernan huwyler ISOs for cyber security and privacy
Hernan huwyler ISOs for cyber security and privacyHernan huwyler ISOs for cyber security and privacy
Hernan huwyler ISOs for cyber security and privacy
Hernan Huwyler, MBA CPA
 
GDPR Healthcheck
GDPR HealthcheckGDPR Healthcheck
GDPR Healthcheck
Paul Webb-Jones
 
Health insurance portability and accountability act (hipaa)
Health insurance portability and accountability act (hipaa)Health insurance portability and accountability act (hipaa)
Health insurance portability and accountability act (hipaa)
ZyLAB
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016
Compliancy Group
 
Technology Assesment
Technology AssesmentTechnology Assesment
Technology Assesment
David Duncan
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
himalya sharma
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012
Redspin, Inc.
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
himalya sharma
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA Compliance
Hostway|HOSTING
 
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
DATUM LLC
 
Guide to hipaa compliance for containers
Guide to hipaa compliance for containersGuide to hipaa compliance for containers
Guide to hipaa compliance for containers
Abhishek Sood
 
Ecfirstbiz
EcfirstbizEcfirstbiz
Ecfirstbiz
shailu devi
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
supportc2go
 
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyTech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Events2018
 
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anyway
IRIS
 
Complying with HIPAA Security Rule
Complying with HIPAA Security RuleComplying with HIPAA Security Rule
Complying with HIPAA Security Rule
complianceonline123
 
c~Sharpe Security Services
c~Sharpe Security Servicesc~Sharpe Security Services
c~Sharpe Security Services
Kenya Soares, CISSP,CISM,CEH,CHFI,PMP
 

What's hot (20)

HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
 
Respond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security reqRespond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security req
 
Tips for Securing ePHI in the Cloud
Tips for Securing ePHI in the CloudTips for Securing ePHI in the Cloud
Tips for Securing ePHI in the Cloud
 
Hernan huwyler ISOs for cyber security and privacy
Hernan huwyler ISOs for cyber security and privacyHernan huwyler ISOs for cyber security and privacy
Hernan huwyler ISOs for cyber security and privacy
 
GDPR Healthcheck
GDPR HealthcheckGDPR Healthcheck
GDPR Healthcheck
 
Health insurance portability and accountability act (hipaa)
Health insurance portability and accountability act (hipaa)Health insurance portability and accountability act (hipaa)
Health insurance portability and accountability act (hipaa)
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016
 
Technology Assesment
Technology AssesmentTechnology Assesment
Technology Assesment
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA Compliance
 
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
 
Guide to hipaa compliance for containers
Guide to hipaa compliance for containersGuide to hipaa compliance for containers
Guide to hipaa compliance for containers
 
Ecfirstbiz
EcfirstbizEcfirstbiz
Ecfirstbiz
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
 
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyTech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
 
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anyway
 
Complying with HIPAA Security Rule
Complying with HIPAA Security RuleComplying with HIPAA Security Rule
Complying with HIPAA Security Rule
 
c~Sharpe Security Services
c~Sharpe Security Servicesc~Sharpe Security Services
c~Sharpe Security Services
 

Similar to Official HIPAA Compliance Audit Protocol Published

Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
HPCC Systems
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
amburyj3c9
 
HIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy WebinarHIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy Webinar
Compliancy Group
 
The IT Analysis Paralysis
The IT Analysis Paralysis The IT Analysis Paralysis
The IT Analysis Paralysis
PYA, P.C.
 
Meaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health informationMeaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health information
Redspin, Inc.
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
DVV Solutions Third Party Risk Management
 
Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2
Flaskdata.io
 
Cyber Defence - Service portfolio
Cyber Defence - Service portfolioCyber Defence - Service portfolio
Cyber Defence - Service portfolio
Kaloyan Krastev
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
Shanmugavel Sankaran
 
SAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | SymmetrySAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | Symmetry
Symmetry™
 
Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)
Michael Trofi Jr. CISSP, CISM, CGEIT
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB
 
Risk Assessment Famework
Risk Assessment FameworkRisk Assessment Famework
Risk Assessment Famework
lneut03
 
DHHS OCR steps up to increase HIPAA audits of Business Associates
DHHS OCR steps up to increase HIPAA audits of Business AssociatesDHHS OCR steps up to increase HIPAA audits of Business Associates
DHHS OCR steps up to increase HIPAA audits of Business Associates
David Sweigert
 
Security Risk Assessment
Security Risk AssessmentSecurity Risk Assessment
Security Risk Assessment
Healthcare Information Technologies
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
Ken M. Shaurette
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
awish11
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Health Catalyst
 
Information Governance Checklist and Privacy Impact Ass.docx
Information Governance Checklist and Privacy Impact Ass.docxInformation Governance Checklist and Privacy Impact Ass.docx
Information Governance Checklist and Privacy Impact Ass.docx
carliotwaycave
 
How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach
Abhishek Sood
 

Similar to Official HIPAA Compliance Audit Protocol Published (20)

Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
HIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy WebinarHIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy Webinar
 
The IT Analysis Paralysis
The IT Analysis Paralysis The IT Analysis Paralysis
The IT Analysis Paralysis
 
Meaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health informationMeaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health information
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
 
Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2
 
Cyber Defence - Service portfolio
Cyber Defence - Service portfolioCyber Defence - Service portfolio
Cyber Defence - Service portfolio
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
 
SAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | SymmetrySAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | Symmetry
 
Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
 
Risk Assessment Famework
Risk Assessment FameworkRisk Assessment Famework
Risk Assessment Famework
 
DHHS OCR steps up to increase HIPAA audits of Business Associates
DHHS OCR steps up to increase HIPAA audits of Business AssociatesDHHS OCR steps up to increase HIPAA audits of Business Associates
DHHS OCR steps up to increase HIPAA audits of Business Associates
 
Security Risk Assessment
Security Risk AssessmentSecurity Risk Assessment
Security Risk Assessment
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor Risk
 
Information Governance Checklist and Privacy Impact Ass.docx
Information Governance Checklist and Privacy Impact Ass.docxInformation Governance Checklist and Privacy Impact Ass.docx
Information Governance Checklist and Privacy Impact Ass.docx
 
How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach
 

More from Redspin, Inc.

HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business Associates
Redspin, Inc.
 
HIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateHIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest State
Redspin, Inc.
 
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Redspin, Inc.
 
Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?
Redspin, Inc.
 
Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?
Redspin, Inc.
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin, Inc.
 
Redspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin Webinar Business Associate Risk
Redspin Webinar Business Associate Risk
Redspin, Inc.
 
Redspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP Template
Redspin, Inc.
 
Mobile Device Security Policy
Mobile Device Security PolicyMobile Device Security Policy
Mobile Device Security Policy
Redspin, Inc.
 
Financial institution security top it security risk
Financial institution security top it security riskFinancial institution security top it security risk
Financial institution security top it security risk
Redspin, Inc.
 
Managing Windows User Accounts via the Commandline
Managing Windows User Accounts via the CommandlineManaging Windows User Accounts via the Commandline
Managing Windows User Accounts via the Commandline
Redspin, Inc.
 
Redspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful UseRedspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful Use
Redspin, Inc.
 
Redspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach ReportRedspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach Report
Redspin, Inc.
 
Email hacking husband faces felony
Email hacking husband faces felonyEmail hacking husband faces felony
Email hacking husband faces felony
Redspin, Inc.
 
Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...
Redspin, Inc.
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011
Redspin, Inc.
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Redspin, Inc.
 
Ensuring Security and Privacy in the HIE Market - Redspin Information Security
Ensuring Security and Privacy in the HIE Market - Redspin Information SecurityEnsuring Security and Privacy in the HIE Market - Redspin Information Security
Ensuring Security and Privacy in the HIE Market - Redspin Information Security
Redspin, Inc.
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
Redspin, Inc.
 
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
Redspin, Inc.
 

More from Redspin, Inc. (20)

HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business Associates
 
HIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateHIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest State
 
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
 
Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?
 
Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
 
Redspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin Webinar Business Associate Risk
Redspin Webinar Business Associate Risk
 
Redspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP Template
 
Mobile Device Security Policy
Mobile Device Security PolicyMobile Device Security Policy
Mobile Device Security Policy
 
Financial institution security top it security risk
Financial institution security top it security riskFinancial institution security top it security risk
Financial institution security top it security risk
 
Managing Windows User Accounts via the Commandline
Managing Windows User Accounts via the CommandlineManaging Windows User Accounts via the Commandline
Managing Windows User Accounts via the Commandline
 
Redspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful UseRedspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful Use
 
Redspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach ReportRedspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach Report
 
Email hacking husband faces felony
Email hacking husband faces felonyEmail hacking husband faces felony
Email hacking husband faces felony
 
Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
 
Ensuring Security and Privacy in the HIE Market - Redspin Information Security
Ensuring Security and Privacy in the HIE Market - Redspin Information SecurityEnsuring Security and Privacy in the HIE Market - Redspin Information Security
Ensuring Security and Privacy in the HIE Market - Redspin Information Security
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
 
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
 

Recently uploaded

THERAPEUTIC ANTISENSE MOLECULES .pptx
THERAPEUTIC ANTISENSE MOLECULES .pptxTHERAPEUTIC ANTISENSE MOLECULES .pptx
THERAPEUTIC ANTISENSE MOLECULES .pptx
70KRISHPATEL
 
Journal Article Review on Rasamanikya
Journal Article Review on RasamanikyaJournal Article Review on Rasamanikya
Journal Article Review on Rasamanikya
Dr. Jyothirmai Paindla
 
Tests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptxTests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptx
taiba qazi
 
share - Lions, tigers, AI and health misinformation, oh my!.pptx
share - Lions, tigers, AI and health misinformation, oh my!.pptxshare - Lions, tigers, AI and health misinformation, oh my!.pptx
share - Lions, tigers, AI and health misinformation, oh my!.pptx
Tina Purnat
 
Part II - Body Grief: Losing parts of ourselves and our identity before, duri...
Part II - Body Grief: Losing parts of ourselves and our identity before, duri...Part II - Body Grief: Losing parts of ourselves and our identity before, duri...
Part II - Body Grief: Losing parts of ourselves and our identity before, duri...
bkling
 
Hemodialysis: Chapter 4, Dialysate Circuit - Dr.Gawad
Hemodialysis: Chapter 4, Dialysate Circuit - Dr.GawadHemodialysis: Chapter 4, Dialysate Circuit - Dr.Gawad
Hemodialysis: Chapter 4, Dialysate Circuit - Dr.Gawad
NephroTube - Dr.Gawad
 
Ketone bodies and metabolism-biochemistry
Ketone bodies and metabolism-biochemistryKetone bodies and metabolism-biochemistry
Ketone bodies and metabolism-biochemistry
Dhayanithi C
 
Chapter 11 Nutrition and Chronic Diseases.pptx
Chapter 11 Nutrition and Chronic Diseases.pptxChapter 11 Nutrition and Chronic Diseases.pptx
Chapter 11 Nutrition and Chronic Diseases.pptx
Earlene McNair
 
Integrating Ayurveda into Parkinson’s Management: A Holistic Approach
Integrating Ayurveda into Parkinson’s Management: A Holistic ApproachIntegrating Ayurveda into Parkinson’s Management: A Holistic Approach
Integrating Ayurveda into Parkinson’s Management: A Holistic Approach
Ayurveda ForAll
 
Post-Menstrual Smell- When to Suspect Vaginitis.pptx
Post-Menstrual Smell- When to Suspect Vaginitis.pptxPost-Menstrual Smell- When to Suspect Vaginitis.pptx
Post-Menstrual Smell- When to Suspect Vaginitis.pptx
FFragrant
 
Efficacy of Avartana Sneha in Ayurveda
Efficacy of Avartana Sneha in AyurvedaEfficacy of Avartana Sneha in Ayurveda
Efficacy of Avartana Sneha in Ayurveda
Dr. Jyothirmai Paindla
 
TEST BANK For An Introduction to Brain and Behavior, 7th Edition by Bryan Kol...
TEST BANK For An Introduction to Brain and Behavior, 7th Edition by Bryan Kol...TEST BANK For An Introduction to Brain and Behavior, 7th Edition by Bryan Kol...
TEST BANK For An Introduction to Brain and Behavior, 7th Edition by Bryan Kol...
rightmanforbloodline
 
Adhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.comAdhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.com
reignlana06
 
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdfCHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
rishi2789
 
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
rishi2789
 
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdfCHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
rishi2789
 
Abortion PG Seminar Power point presentation
Abortion PG Seminar Power point presentationAbortion PG Seminar Power point presentation
Abortion PG Seminar Power point presentation
AksshayaRajanbabu
 
Artificial Intelligence Symposium (THAIS)
Artificial Intelligence Symposium (THAIS)Artificial Intelligence Symposium (THAIS)
Artificial Intelligence Symposium (THAIS)
Josep Vidal-Alaball
 
Osteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdfOsteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdf
Jim Jacob Roy
 
Muscles of Mastication by Dr. Rabia Inam Gandapore.pptx
Muscles of Mastication by Dr. Rabia Inam Gandapore.pptxMuscles of Mastication by Dr. Rabia Inam Gandapore.pptx
Muscles of Mastication by Dr. Rabia Inam Gandapore.pptx
Dr. Rabia Inam Gandapore
 

Recently uploaded (20)

THERAPEUTIC ANTISENSE MOLECULES .pptx
THERAPEUTIC ANTISENSE MOLECULES .pptxTHERAPEUTIC ANTISENSE MOLECULES .pptx
THERAPEUTIC ANTISENSE MOLECULES .pptx
 
Journal Article Review on Rasamanikya
Journal Article Review on RasamanikyaJournal Article Review on Rasamanikya
Journal Article Review on Rasamanikya
 
Tests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptxTests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptx
 
share - Lions, tigers, AI and health misinformation, oh my!.pptx
share - Lions, tigers, AI and health misinformation, oh my!.pptxshare - Lions, tigers, AI and health misinformation, oh my!.pptx
share - Lions, tigers, AI and health misinformation, oh my!.pptx
 
Part II - Body Grief: Losing parts of ourselves and our identity before, duri...
Part II - Body Grief: Losing parts of ourselves and our identity before, duri...Part II - Body Grief: Losing parts of ourselves and our identity before, duri...
Part II - Body Grief: Losing parts of ourselves and our identity before, duri...
 
Hemodialysis: Chapter 4, Dialysate Circuit - Dr.Gawad
Hemodialysis: Chapter 4, Dialysate Circuit - Dr.GawadHemodialysis: Chapter 4, Dialysate Circuit - Dr.Gawad
Hemodialysis: Chapter 4, Dialysate Circuit - Dr.Gawad
 
Ketone bodies and metabolism-biochemistry
Ketone bodies and metabolism-biochemistryKetone bodies and metabolism-biochemistry
Ketone bodies and metabolism-biochemistry
 
Chapter 11 Nutrition and Chronic Diseases.pptx
Chapter 11 Nutrition and Chronic Diseases.pptxChapter 11 Nutrition and Chronic Diseases.pptx
Chapter 11 Nutrition and Chronic Diseases.pptx
 
Integrating Ayurveda into Parkinson’s Management: A Holistic Approach
Integrating Ayurveda into Parkinson’s Management: A Holistic ApproachIntegrating Ayurveda into Parkinson’s Management: A Holistic Approach
Integrating Ayurveda into Parkinson’s Management: A Holistic Approach
 
Post-Menstrual Smell- When to Suspect Vaginitis.pptx
Post-Menstrual Smell- When to Suspect Vaginitis.pptxPost-Menstrual Smell- When to Suspect Vaginitis.pptx
Post-Menstrual Smell- When to Suspect Vaginitis.pptx
 
Efficacy of Avartana Sneha in Ayurveda
Efficacy of Avartana Sneha in AyurvedaEfficacy of Avartana Sneha in Ayurveda
Efficacy of Avartana Sneha in Ayurveda
 
TEST BANK For An Introduction to Brain and Behavior, 7th Edition by Bryan Kol...
TEST BANK For An Introduction to Brain and Behavior, 7th Edition by Bryan Kol...TEST BANK For An Introduction to Brain and Behavior, 7th Edition by Bryan Kol...
TEST BANK For An Introduction to Brain and Behavior, 7th Edition by Bryan Kol...
 
Adhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.comAdhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.com
 
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdfCHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
CHEMOTHERAPY_RDP_CHAPTER 1_ANTI TB DRUGS.pdf
 
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
 
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdfCHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
 
Abortion PG Seminar Power point presentation
Abortion PG Seminar Power point presentationAbortion PG Seminar Power point presentation
Abortion PG Seminar Power point presentation
 
Artificial Intelligence Symposium (THAIS)
Artificial Intelligence Symposium (THAIS)Artificial Intelligence Symposium (THAIS)
Artificial Intelligence Symposium (THAIS)
 
Osteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdfOsteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdf
 
Muscles of Mastication by Dr. Rabia Inam Gandapore.pptx
Muscles of Mastication by Dr. Rabia Inam Gandapore.pptxMuscles of Mastication by Dr. Rabia Inam Gandapore.pptx
Muscles of Mastication by Dr. Rabia Inam Gandapore.pptx
 

Official HIPAA Compliance Audit Protocol Published

  • 1. Official HIPAA Compliance Audit Protocol Published July 2, 2012 The Department of Health and Human Services’ Offices for Civil Rights (OCR) have finally published the official protocol and detailed procedures guiding their HIPAA Audit program. The protocol, developed by subcontractor KMPG together with OCR, includes 77 evaluation areas for security and another 88 areas for privacy/breach notification. Here’s a link to the publication which is conveniently keyword searchable. http://ocrnotifications.hhs.gov/hipaa.html Of particular interest to Redspin is the section dedicated to IT security. As former White House Cybersecurity Czar Howard Schmidt said recently, “Without security, there can be no privacy.” We were pleased, but not surprised, to see that the audit protocol maps directly to the HIPAA Security Rule sections§164.308, §164.310 and §164.312. For the past several years, we’ve advised our clients that any official HIPAA security audit program would necessarily revert back to existing HIPAA Security Rule provisions “on the books” since 2005. It’s how Redspin designed its own methodology for our HIPAA Security Risk Assessments (click here to download our crosswalk map) and we were 100% confident that our approach would pass muster with any subsequent interpretations. Further, at the June 7th HIPAA Security Rule conference, Linda Sanchez, Senior Advisor and Health Information Privacy Lead at OCR, reported that the results of the first 20 OCR/KPMG pilot audits showed that security compliance was a far more troublesome area than privacy compliance. More specifically, 74% of the findings were security gaps or breach issues compared to 26% policy violations. Against the backdrop of the transition of the healthcare industry from a paper-based system to electronic health records, Redspin continually stresses that IT security is job one. OCR concurs. Ms. Sanchez went on to recommend “next steps” that all covered entities should implement not simply as preparation for a potential audit but as best practices. Her first suggestion? Conduct a robust review and assessment. Next? Determine stakeholders – all lines of business that are impacted by HIPAA regulations. Then identify all of the protected health information (PHI) within the organization and map its flow within the organization and to/from business partners. In conclusion, the audit protocol itself is informative at least in the sense that there are no surprises, but neither does it offer any more explicit guidance than what is in the HIPAA Security Rule. Redspin continues to advise our clients that safeguarding PHI is the primary objective. By conducting a comprehensive security risk analysis and implementing a remediation plan that address the findings in a diligent and timely manner, a covered entity will not only improve its security posture and reduce risk, but will also have nothing to fear from an OCR/KPMG audit. WEB PHONE EMAIL WWW.REDSPIN.COM 800-721-9177 INFO@REDSPIN.COM