Guide To Hipaa Auditing

Guide to HIPAA Auditing: Practical Tools for Privacy and Security Compliance, Third Edition Margret Amatayakul, MBA, RHIA, CHPS, CPHIT, CPEHR, CPHIE, FHIMSS What you don't know about HIPAA can hurt you! Workforce turnover, new information systems, and external forces are continuous compliance challenges. A 138% increase in the number of privacy and security breaches affecting 500 or more individuals between 2012 and 2013, plus HIPAA Omnibus Rule requirements, make a workable HIPAA compliance plan, adequate resources, and tools to help you determine your current compliance status more critical than ever. With HIPAA audits slated to resume and Office for Civil Rights (OCR) monetary settlements steadily increasing, the risk of ending up on OCR's "wall of shame" is greater than ever. OCR and two covered entities recently entered into the largest HIPAA settlement to date--a combined $4.8 million penalty for alleged violations during a joint arrangement. The first step to ensuring HIPAA compliance is developing an effective risk analysis and management process that identifies threats, corrects vulnerabilities, and protects your patients. The Guide to HIPAA Auditing: Practical Tools for Privacy and Security Compliance, Third Edition, will help you build a successful HIPAA compliance auditing and monitoring program at your organization. It will help you identify potential risks, improve your compliance program, and document your activities--putting you in good standing for any government audit or litigation that requires you to substantiate your efforts. This book will help you do the following: Build the business case for compliance assurance Understand and communicate to all concerned, including your workforce and business associates, the purpose and nature of auditing and monitoring for privacy and security compliance Develop an appropriately resourced privacy and security compliance assurance program Use tools to effectively plan for, conduct, and document the process of auditing and monitoring privacy and security compliance Close the feedback loop when potential issues arise and necessitate privacy and security compliance assurance improvements Identify and evaluate external resources for constructing your privacy and security compliance assurance program TABLE OF CONTENTS: Chapter 1: Building the Business Case for Compliance Assurance Chapter 2: Compliance Assurance Program Chapter 3: Organizational Relationships Chapter 4: Audit Planning Chapter 5: Auditing Uses and Disclosures Chapter 6: Auditing Individual Rights Chapter 7: Auditing Risk Analysis Chapter 8: Auditing Privacy and Security Administrative Requirements Chapter 9: Auditing Physical Security Chapter 10: Auditing Technical Security Chapter 11: Auditing Breach Notification Compliance Chapter 12: Education, Training, and Awareness Appendix WHO SHOULD READ THIS BOOK: Privacy officers Information security officers Compliance officers Risk officers HIM directors and managers IT security staff

HIPAA is very complex. So are the privacy and security initiatives that must occur to reach and maintain HIPAA compliance. Organizations need a quick, concise reference in order to meet HIPAA requirements and maintain ongoing compliance. The Practical Guide to HIPAA Privacy and Security Compliance is a one-stop resource for real-world HIPAA

Derived entirely and directly from government regulations and guidance publications, this easy-to-follow guide introduces and explains all essential concepts necessary for an understanding of what is required to bring an organization into compliance with the complex and often confusing regulatory framework governing medical records and information.HIPAA compliance is mandatory for organizations like medical, dental or health insurance offices where personal medical information is handled, and penalties for non-compliance can be devastating.This guide provides the information you must have to attain the all-important "good faith effort" standard, along with a list of additional resources which san help bring you into full compliance without unnecessary expense or time and effort.Covers all essential elements of the Privacy Rule, the Security Rule, the Enforcement Rule, the Omnibus Final Rule and the HITECH act.

Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001.

This updated edition re-published in July 2013, includes 2013 HIPAA Omnibus changes and simplifies the overwhelming complexity of the HIPAA Privacy and Security regulations. HIPAA standards and implementation specifications can be understood with the help of this simple guide. Risk management program can be built with step-by-step implementation guide, risk self-assessment, set of comprehensive policies and procedures, privacy, security, office productivity forms and ready to use templates. The book also contains HIPAA awareness quiz to test the basic understanding of rules and provides examples of workable solutions and documents. More about Robert K. Brzezinski MBA, CHPS, CISA, CPHIMS can be found at www.bizwit.us

Updated as of January 1, 2018, this guide includes relevant guidance contained in applicable standards and other technical sources. It explains the relationship between a service organization and its user entities, provides examples of service organizations, describes the description criteria to be used to prepare the description of the service organization’s system, identifies the trust services criteria as the criteria to be used to evaluate the design and operating effectiveness of controls, explains the difference between a type 1 and type 2 SOC 2 report, and provides illustrative reports for CPAs engaged to examine and report on system and organization controls at a service organization. It also describes the matters to be considered and procedures to be performed by the service auditor in planning, performing, and reporting on SOC 2 and SOC 3 engagements. New to this edition are: Updated for SSAE No. 18 (clarified attestation standards), this guide has been fully conformed to reflect lessons learned in practice Contains insight from expert authors on the SOC 2 working group composed of CPAs who perform SOC 2 and SOC 3 engagements Includes illustrative report paragraphs describing the matter that gave rise to the report modification for a large variety of situations Includes a new appendix for performing and reporting on a SOC 2 examination in accordance with International Standards on Assurance Engagements (ISAEs) or in accordance with both the AICPA’s attestation standards and the ISAEs