The Privacy Rule protects most individually identifiable health information held or transmitted by a covered entity or its business associate in any form or media, whether electronic, paper or oral.

If you have recently completed a Type I SOC report, congratulations! It is no small task to prepare and complete a SOC examination. However, for most companies, a Type I SOC report is just a step in the process of eventually completing a Type II SOC report, as that is what most user entities expect […]

During my time as an auditor, I have had the privilege of working with many clients of all shapes and sizes. As clients prepare for an audit, especially a first-time audit, I often get asked for recommendations on how to help ensure a successful audit outcome. One of the most crucial areas related to security […]

When we engage with clients who are just starting their HITRUST adoption and certification journey, one of the first steps is a readiness assessment. In this article, we will cover the following topics: The various forms of readiness assessments and their characteristics. Challenges organizations face when they are performing a readiness assessment. Success factors which […]

Today’s information age mandates organizations take appropriate action to ensure effective security and privacy practices are embedded throughout the entire organization. The effectiveness of privacy and security practices should continually be assessed to ensure they remain adequate and sufficient to support the organization’s ever-changing risk profile. It’s imperative that organizations not only assess their own […]

Any organization that has completed a HITRUST assessment knows they represent a significant amount of effort and a significant commitment to compliance and certification. While many HITRUST levels of certification are only good for one year, HITRUST’s r2 certification is good for two years, but…the HITRUST r2 certification requires an ‘interim’ assessment every other year […]

Auditors performing financial statement audits are already aware of the Public Company Accounting Oversight Board (PCAOB) auditing standard AS 3101, The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion effective for audits of fiscal years ending on or after December 15, 2017. Within this standard are the requirements […]

Disaster recovery plans and business continuity plans are unique to each and every company. In this article, we will walk through the purpose of these documents, their similarities and differences, the relevant controls, and common scenarios for disaster recovery. What Is the Purpose of a DRP? How Is It Different Than a BCP, BIA, & […]

Our firm has been a HITRUST External Assessor Organization since 2017, and in that time we have successfully helped dozens of organizations obtain and maintain HITRUST certifications. We have identified common pitfalls and other barriers to success and we’ve also learned some keys to success. In this article, I’ll break down some of the most […]

Although Artificial Intelligence (AI) has been around since the late 1950s, it has been out of the public’s attention. It wasn’t until late 2022 when Open AI released ChatGPT for public use that AI captured the public’s attention and renewed interest in the technology. Bloomberg predicts the AI market to explode from a $40 billion […]