CipherTechs auditors can perform gap assessments or audits against the Health Insurance Portability and Accountability Act (HIPAA), the U.S. legislation that provides data privacy and security provisions for safeguarding medical information. HIPAA regulations are divided into five major Standards or Rules: Privacy Rule, Security Rule, Transactions and Code Sets (TCS) Rule, Unique Identifiers Rule and (HITECH) Enforcement Rule. CipherTechs can assist with everything, except the TCS.

Who is it for

Any organization who needs a starting point to review current security processes and controls for processing credit cards to meet HIPAA compliance or the formalized audit to submit for the annual certification.

How is it performed

CipherTechs Auditors establishing the timeline for completion of annual certification or gap analysis and understands the business model for processing medical information, then the Auditor conducts a series of interviews with the client personnel in charge of IT operations, cyber security, application developers, and call centers to gather evidence and observe the organization following their HIPAA program documented controls. It may also be necessary to bring in other stakeholders for new hire, terminations, and third-party processes to meet HIPAA compliance, such as the Business Associate Agreement (BAA).