Nothing gets the blood pumping than the thought of getting audited. And before the end of 2012 that's exactly what's going to happen to 150 entities and institutions that must comply with HIPAA. The U.S. Department Health and Human Services (HHS) awarded KPMG with a $9.2 million contract to conduct these audits which are required by law under the amendments made through the HITECH Act in 2009. Unfortunately the Act itself provides no explanation of what an audit might entail but the Office of Civil Rights which awarded the contract provides some basic details:
So what exactly is the 'Observation of compliance with regulatory requirements' anyways? That's a good question and for HIPAA it boils down to the privacy and protection of health records, wherever they reside and whenever they are moved. The impact this has on the IT organization is huge and affects the storage, messaging, and traffic of this data. The most important HIPAA information security considerations for IT departments and service providers managing ePHI can be found in the HIPAA's Security Rule, which requires that covered entities must:
Many healthcare providers refer to the Control Objectives for Information and related Technology (COBIT) framework to help them comply with HIPAA and other compliance regulations. At Quest we simplify the collection and reporting of this data for COBIT and HIPAA in the form of Report Packs that get applied to the Quest Knowledge Portal. The HIPAA Secuirty Standards Compliance Report Pack provides a set of predefined reports that are organized in accordance with the requirements found in 164.308(a), 164.312(a), and 164.312(b) of the HIPAA Security Rule. These specifications require organizations to:
Additional information on how Quest can help achieve HIPAA compliance can be found in this tech brief.