The Saturn Partners, Inc. believes that healthcare organizations must be proactive in identifying, managing, and controlling existing and future regulatory risks. To ensure each audit delivers value, The Saturn Partners begins each engagement by working with the client to develop an audit plan that includes:
- The expectations or goal of the audit
- Assessing external events, such as new regulations and how they impact the organization
- Analytics that assist with benchmarking and metrics for quality improvement
- Documentation of strengths, weaknesses, opportunities, and threats
- Ensure that audit coverage will provide early warning of risk indicators
- Capture and share knowledge and best practices for use throughout the organization
- Address the need for continual learning and training elements to improve business judgment, and perspective
- Provide balance, independence, objectivity, and value
A HIPAA audit identifies all relevant privacy and security risks the organization faces, details the risks within each area, and categorizes them by priority. With such an assessment, management can make informed decisions regarding risk mitigation and allocations of risk management resources. In a typical audit, areas of assessment include, privacy and security policies and procedures, business operations/compliance process, management, staff and volunteer interviews, review of all business units, technology/security side operations, examination of business associate and subcontractor agreements, business operations/compliance PHI usage and training and awareness programs.
Additionally, our audits can include the following:
- Privacy and security audit report and opinion letter Attesting that HIPAA controls are suitably designed and operational
- HIPAA/HITECH business associate audit that provides assurances to their healthcare customers that they meet or exceed HIPAA requirements.
- Audit of Protected Health Information (PHI), providing organization wide inventory of PHI, business process and risk assessment
- Audit of Data Breach Plan management and effectiveness
- Required periodic HIPAA security evaluation
- Review of the HIPAA Contingency Plan, including, Data Backup Plan, Disaster Recovery Plan, Emergency Mode Operations Plan, Testing and Revision Procedure and Applications and Data Criticality Analysis.