Sunday, March 24, 2013

Auditing Your Outside HIPAA Auditors

When an outside auditor needs access to your applications it can be particularly useful to assign each auditor a unique identifier (and associated password).

This makes your existing audit logs an "excellent database that can be used to identify the number of audits, auditors, previous activity, etc", according to Frank Ruelas, Principal at HIPAA College.
"We have built a very collegial relationship with many of those entities that are "frequent fliers" when it comes to auditing activity." - Frank Ruelas, Principal at HIPAA College
For example he has been able to "educate" the auditors' management on how their own auditors "may or may not have been able to make some of the conclusions they make in their final reports based on their access".

Veriphyr identity and access intelligence service makes it easy to compile reports on the auditors activity across all your applications. In a single report you can see what applications they accessed, what they did in the application, and which customers/patients and employees they looked at.

For more about this see:
Frank Ruelas posting on the Healthcare Compliance Associations (HCCA) bulletin board
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Frank Ruelas posting on the Healthcare Compliance Associations (HCCA) bulletin board - HCCANet - March 24, 2013

No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.