One of the primary goals of the Health Insurance Portability and Accountability Act (HIPAA) was to simplify administrative processes in the healthcare industry by requiring the use of standardized electronic transmission of administrative and financial information.
The regulations requiring adoption of specific security and privacy standards apply to all healthcare providers, health plans and healthcare clearinghouses who transmit and store health information electronically. Covered entities must have sufficient protections in place to ensure the security and confidentiality of patients’ health records during storage and transmission.
In HIPAA Security Auditing: How To Create a Consistent, Repeatable and Documented Program, a special report from the Healthcare Intelligence Network, you’ll get a step-by-step guide to developing, implementing and refining a HIPAA security auditing program.
You’ll get advice from two leading industry experts, Chris Apgar, CISSP, principal, Apgar & Associates and Mikel Lynch, director of corporate compliance for University of Missouri Health Care on the key components of an audit program to ensure HIPAA security compliance.
This 38-page report is based on the September 21, 2004 audio conference on HIPAA Security Auditing, during which successful approaches for security audits were discussed. You’ll get:
- 17 crucial elements to consider for project management and implementation;
- details on how to overcome compliance challenges;
- how the 50% rule applies in auditing
- how to position audits as a management tool
- an in-depth case study of the University of Missouri Health Care auditing program
- an 18-point checklist for implementing an audit program
- how to “audit” your audit program
- auditing and technical safeguards
Table of Contents
- Why Audit?
- Rules and Regulations
- Protected Paperwork
- Building an Audit Program
- Audit Program Construction
- Audit Programs Project Management
- Project Management and Program Implementation
- Q&A: Legacy Systems
- Keep It Coming
- Authority and Responsibility
- Overcoming Challenges to Compliance
- Compliance Challenges
- The 50% Rule
- Q&A: Self-Funded Plans
- Word of Warning
- Audits As a Management Tool
- Auditing Is a Tool That...
- CASE STUDY: Three-Dimensional Auditing
- Random Audits
- Targeted Audits
- Universe for Targeted Audits
- Targeted Auditing and Staffing
- Performance Report Card
- Implementation Considerations
- Security Issues
- Privacy Issues
- Faxed PHI
- Patient Questions
- Auditing Your Audit Program
- Reasonableness Test
- Point to Note
- Technology Considerations
- “Funnel” Vision
- Q&A: Strong Passwords
- Technical Safeguards
- System Down
- Q&A: Network Monitoring
- Access Considerations
- The Clock Is Ticking