HIPAA Compliance

recoveryIntrinium’s comprehensive HIPAA Audit, Risk Assessment and Gap Analysis strategy is based on the HIPAA Audit program set forth by the U.S. Department of Health & Human Services Office of Civil Rights and is based on NIST 800-30. The OCR HIPAA Audit program analyzes processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit mandate. OCR established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits. The entire audit protocol is organized around modules, representing separate elements of privacy, security, and breach notification. Our in-depth risk assessment strategy includes:

  • Development of a risk profile, with reasonable and foreseeable threats
  • Determination of controls currently in place to mitigate those threats
  • An evaluation of control design, to identify any gaps in the design
  • A residual risk analysis, to determine if additional controls should be implemented
  • In-depth control testing to determine if implemented controls are effective

The United States Department of Health and Human Services has stated that the NIST 800-30 guidance is an acceptable risk assessment strategy, and thus Intrinium performs our assessments according to this methodology. The 9 steps of this methodology that will be followed by Intrinium are:

  • System Characterization
  • Threat Identification
  • Vulnerability Identification
  • Control Analysis
  • Likelihood Determination
  • Impact Analysis
  • Risk Determination
  • Control Recommendations
  • Results Documentation

At completion of any engagement, a detailed report listing the compliance gaps for all administrative, physical, and technological safeguards will be provided, along with detailed recommendations for remediation of such issues.

Pin It on Pinterest