Security Audit Description

Why do a HIPAA Security Audit?

• To determine how well you meet the proposed HIPAA Security Standard
• To learn what needs to be done to comply with the proposed HIPAA Security Standard
• To avoid violating the current HIPAA privacy standard stricture regarding security

What does a HIPAA Security Audit include?

The basic (Level-1) audit includes

• An on-site inspection of the physical facilities
• Interviews with key staff
• Evaluation of over 70 individual requirements and implementation features in the Proposed HIPAA Security Rule.

What do you receive?

• An electronic HIPAA Security Scorecard in Excel® and printed format.  The Scorecard rates each requirement or implementation feature on a scale of one to five, and uses a proprietary weighting algorithm to calculate an overall score, and individual scores for the areas of:
  • Administrative Procedure
  • Physical Safeguards
  • Technical Security Services (no data transmission)
  • Technical Security Mechanisms (data transmission)
  as designated in section 142.308 of the proposed Security Standard.  You can use the Excel® Scorecard to re-rate your organization in the future.

How long does it take?

• A Level-1 security audit itself typically takes between three and six hours for a single-site operation.  The verbal and written report is usually available within a couple of business days – sometimes the same day.  A Level-1 audit can be appropriate for moderately large businesses, even those with multiple servers or a mainframe.
• Level-2 audits are employed where the client has multiple sites, very complex operations, or large networks.

What does it cost?

• The investment for the Level-1 audit, electronic HIPAA Security Scorecard, written and verbal reports is one thousand dollars ($1000).