HIPAA Security Compliance Audit for Evaluation Standard

The HIPAA Security Rule establishes very clearly the requirements for the Evaluation standard:

Evaluation Standard

HIPAASecurityEvaluationComp

Perform a periodic technical and non-technical evaluation to demonstrate and document compliance with the entity’s security policy and the requirements of the HIPAA Security Rule.

Standards
Implementation
Specifications
R = Required
A – Addressable
Evaluation
R

As part of the Administrative Safeguards requirement, an organization must meet the requirements of the Evaluation standard.

HIPAAShield™ Security Methodology: Step 7 of 7:

The HIPAAShield™ security methodology identifies seven critical steps for an organization to implement to become compliant with the HIPAA Security Rule. The seven steps as described in Figure 2 are:

Step 1: Assign Security Responsibility
Step 2: Conduct Risk Analysis
Step 3: Develop Security Strategy and Policies
Step 4: Remediate
Step 5: Update Business Associate Contracts
Step 6: Train all Members of the Workforce
Step 7: Evaluate

SevenSteps (1)

HIPAAShield™ Step
Required Activities
Step 7 Evaluate
  1. Assess if all vulnerabilities have been addressed
  2. Verify that all compliance requirements have been met

It is strongly recommended that organizations repeat the process of identification of all vulnerabilities to electronic Protected Health Information (ePHI) as well as other information assets and determine appropriate security measures to reduce risks to a reasonable and appropriate level.

All organizations should go beyond just meeting HIPAA Security Rule compliance requirements. The compliance requirements are limited to electronic PHI. Organizations must evaluate their security requirements for not just all PHI, but all information assets. The requirement for evaluating if compliance requirements have been met may be done internally or with an external resource or jointly.

The Security Rule requires that covered entities periodically conduct an evaluation of their security safeguards to demonstrate and document their compliance with the entity’s security policy and the requirements of the Security Rule.

How can we help your HIPAA compliance efforts?

HIPAA Academy™ consultants will visit client site for HIPAA Security Compliance for Evaluation Standard. Our consultants will come back to our office and write the report offsite. The key deliverables of the report will be:

The HIPAAShield™ Evaluation Report will include information on the compliance status of the organization with all standards and implementation specifications of the HIPAA Security Rule. Only if the organization is found to be fully compliant with all aspects of the HIPAA Security Rule will the HIPAA Academy™ Seal of Compliance with the HIPAA Security Rule be authorized for use for a maximum period of twelve months from the date of issue.

In the event the organization was found to be not in compliance, then those areas will be specifically identified in the HIPAA Academy™ Report. Recommended Next Steps with an Action Plan will identify critical areas that the organization must address expeditiously.

To receive a FREE no obligation proposal for Evaluation or pricing for HIPAA consultants for your compliance project, please contact Lorna Waggoner at +1.877-899-9974 x17 or Lorna.Waggoner@ecfirst.com.