HIPAA Audit

HIPAA is the acronym for the federal Health Insurance Portability and Accountability Act of 1996. A HIPAA audit is an audit to assure that an organization is complying with the requirements of HIPAA, especially with regard to the privacy of patient or employee health records.

According to the U.S. Department of Health and Human Services, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) include national standards for the privacy of protected health information, the security of electronic protected health information and regarding how consumers must be notified in case of breach of privacy. These laws also require HHS to perform audits of many businesses and other organizations to confirm compliance with the HIPAA Privacy, Security and Breach Notification Rules.

A HIPAA audit involves a certified auditor auditing processes, policies, facilities and hosting solutions against the latest OCR HIPAA Audit Protocol. The OCR HIPAA Audit Protocol is designed to confirm compliance with the HIPAA Security Rule, Privacy Rule and Breach Notification Rule. The Office for Civil Rights is responsible for enforcing HIPAA regulations, and violation can include substantial fines.

Idera has long been ahead of the curve in assisting database administrators with easy to install and use regulatory compliance solutions. SQL Secure, Idera’s award-winning security analysis solution, includes policy templates for reporting on SQL Server permissions and security policy data as required by the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), FERPA and more than a dozen other regulatory standards.