SOC 2 HIPAA Readiness Assessments
SOC 2 HIPAA Readiness Assessments for Healthcare Organizations
NDB is North America’s leading provider of SOC 2 HIPAA readiness assessments for healthcare organizations seeking to become compliant with the well-known Health Insurance Portability and Accountability Act (HIPAA) that was signed into law in 1996. While there have been numerous enhancements to HIPAA over the years – notably, the changes put forward with the Final Omnibus Ruling of January, 2013 – the core framework is still in place.
Major healthcare exchanges and providers are now requiring many of their subservice organizations and related third-party providers to become HIPAA compliant, and ultimately, SOC 2 HIPAA compliant. If your organization is new to the demands and rigors of SOC 2 HIPAA, then it’s best to begin with a SOC 2 HIPAA readiness assessment.
- SOC 1 SSAE 18 Readiness Assessments
- SOC 1 SSAE 18 Remediation
- SOC 1 SSAE 18 Audits
- SOC 1 SSAE 18 Type 1 Assessments
- SOC 1 SSAE 18 Type 2 Assessments
- SOC 2 Readiness Assessments
- SOC 2 Remediation
- SOC 2 Type 1 audits
- SOC 2 Type 2 audits
- SOC 2 Audits for AWS
- SOC 2 Audits for Microsoft Azure
- SOC 2 Audits for Google GCP
- SOC 2 HIPAA Readiness Assessments
- SOC 2 HIPAA Audits
- SOC 2 HITRUST Audits
- SOC 2 HITRUST Audits (2)
SOC 2 HIPAA Readiness Assessments – Fixed Fees
NDB’s SOC 2 HIPAA readiness assessments cover all the essential subject matter your organization needs to be aware of for ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA) is ultimately met.
That means the following
defining scope, such as what exactly is your organization seeking to comply with regarding HIPAA; the Security Rule, Privacy Rule, HITECH Act, all the above? Second, what deficiencies exist within your control environment in terms of documentation, technical controls, and more. For example, are your systems configured correctly, is your HIPAA documentation in order, do you have adequate provisioning and hardening processes in place for systems that store and transmit Personally Identifiable Information (PII)?
These are just a few of the literally dozens of questions/topics to cover during a SOC 2 HIPAA readiness assessment from NDB. The more you know in terms of your control environment and what gaps and issues exist, the greater your chances of completing a SOC 2 HIPAA report on time and within budget. Nobody wants to end up with the dreaded scope creep for HIPAA reporting, and it won’t happen if your organization performs a scoping & readiness assessment.
From a scoping perspective, NDB’s SOC 2 HIPAA readiness assessments cover the following areas for the HIPAA Security Rule
- HIPAA 164.308: Administrative Safeguards
- HIPAA 164.310 Physical Safeguards
- HIPAA 164.312 Technical Safeguards
- HIPAA 164.314 Organizational Requirements
- HIPAA 164.316: Policies and Procedures
Additionally, from a scoping perspective, NDB’s SOC 2 HIPAA readiness assessments cover the following areas for the HIPAA Privacy Rule
- 164.500 Applicability
- 164.501 Definitions
- 164.502 Uses and disclosures of protected health information: General rules
- 164.504 Uses and disclosures: Organizational requirements
- 164.506 Uses and disclosures to carry out treatment, payment, or health care operations
- 164.508 Uses and disclosures for which an authorization is required
- 164.510 Uses and disclosures requiring an opportunity for the individual to agree or to object
- 164.512 Uses and disclosures for which an authorization or opportunity to agree or object is not required
- 164.514 Other requirements relating to uses and disclosures of protected health information
- 164.520 Notice of privacy practices for protected health information
- 164.522 Rights to request privacy protection for protected health information
- 164.524 Access of individuals to protected health information
- 164.526 Amendment of protected health information
- 164.528 Accounting of disclosures of protected health information
- 164.530 Administrative requirements
- 164.532 Transition provisions
- 164.534 Compliance dates for initial implementation of the privacy standards