HIPAA Risk Analysis and Attestation

The HIPAA Audit (Risk Analysis)
More than a simple gap assessment, the HIPAA risk analysis is designed to assess an organizations risk management and regulatory effectiveness.

Healthcare organizations have witnessed the increased responsibilities of the HIPAA privacy and security officer over the past 13 years from that of HIPAA program support and training, to a role comparable to a risk manager. Compliance officer tasks now include; HIPAA final Rule upgrades, implementing annual audits, updating policies and procedures, monitoring the organization to reduce data breach events, managing business associates and agreements and effectively disseminating privacy and security standards across all business units.

We believe that healthcare organizations must be proactive in identifying, managing, and controlling existing and future regulatory risks. To ensure each audit delivers value, HIPAA Analytics begins each engagement by working with the client to develop an audit plan that includes –

  • The expectations or goal of the audit
  • Assessing external events, such as new regulations and how they impact the organization
  • Analytics that assist with benchmarking and metrics for quality improvement
  • Documentation of strengths, weaknesses, opportunities, and threats
  • Ensure that audit coverage will provide early warning of risk indicators
  • Capture and share knowledge and best practices for use throughout the organization
  • Address the need for continual learning and training elements to improve business judgment, and  perspective
  • Provide balance, independence, objectivity, and value

Audit Scope
A HIPAA risk analysis identifies relevant privacy and security risks the organization faces, details the risks within each area, and categorizes them by priority. With such an assessment, management can make informed decisions regarding risk mitigation and allocations of risk management resources. In a typical audit, areas of assessment include, privacy and security policies and procedures, business operations/compliance process, management, staff and volunteer interviews, review of all business units, technology/security side operations, examination of business associate and subcontractor agreements, business operations/compliance PHI usage and training and awareness programs.

HIPAA Analytics also provides healthcare organizations with the flexibility of audit focus, for example, audit examinations may  include -

  • Meaningful Use security risk analysis
  • Privacy and security audit report and opinion letter Attesting that HIPAA controls are suitably designed and operational
  • HIPAA business associate audit that provides assurances to their healthcare customers that they meet or exceed HIPAA requirements.
  • Audit of Protected Health Information (PHI), providing organization wide inventory of PHI, business process and risk assessment
  • Audit of Data Breach Plan management and effectiveness
  • Required HIPAA security evaluation due to organization acquisition or partnering
  • Review of the HIPAA Contingency Plan, including, Data Backup Plan, Disaster Recovery Plan, Emergency Mode Operations Plan, Testing and Revision Procedure and Applications and Data Criticality Analysis

HIPAA Privacy and Security Attestation
The audit attestation is a widely recognized standard, “attesting” that a healthcare organization or business associate has had its HIPAA privacy and security policies, procedures and business process examined by an independent consulting firm, and that the examination concluded that the organization met or exceeded HIPAA requirements.

The attestation audit is conducted on-site and is customized to the specific business operation and the customers they serve.

Types of Engagements

  • Ambulatory Clinics
  • Behavioral Health
  • Urgent Care Clinics
  • Healthcare Data Centers
  • Ambulatory Surgery
  • Healthcare Foundations
  • Software Compliance Review
  • eHealth / Virtual Medicine
  • Patient Engagement Applications
  • Technical Healthcare Solutions
  • Community Service Groups
  • Revenue Cycle Management
  • Senior Housing
  • Medical Language Services
  • Corporate Business Units

 How HIPAA Analytics Can Help

More than examining for deficiencies, our audit services approach client examinations with a focus on analytics that provide rich insight into the compliance program. By digging deeper into the root cause of issues and uncovering business/compliance process patterns, our audits help validate client concerns, assess options and predict compliance performance.

Based in Minneapolis/St. Paul, MN we are centrally located to serve clients anywhere in the nation.