ePHI Archives | Linford & Company LLP

SOC 2 vs. HIPAA: What’s the Difference Between a SOC 2 Report & a HIPAA Report?

By Megan Kovash (Partner, CPA) on August 18, 2020August 18, 2020

Linford & Company offers two types of reports that address security, the SOC 2 Security report and the AT 601 HIPAA Security report.

De-Identification of Personal Information: What is It & What You Should Know

By Olivia Refile (Manager, CISSP, CISA) on June 30, 2020July 1, 2020

Many organizations may be retaining personal data and it is important for this information to be properly protected and or anonymized. One method to ensure personal information is appropriately anonymized is through de-identification. This article will explain what de-identification is, how to go about de-identifying personal data, and why it is important. To start, a […]

What is the Scope of HIPAA Compliance?

By L&Co Staff Auditors on November 20, 2019February 6, 2020

The first step in conducting a HIPAA security compliance audit is to “take inventory” of the electronic protected health information (ePHI) environment.

2019 HIPAA Wall of Shame: Recent Security Breaches & Examples for Companies to Learn From

By L&Co Staff Auditors on July 31, 2019February 6, 2020

If you’re already following HIPAA compliance-related news, you’re probably already familiar with the “Wall of Shame.” If you’re just getting started, read on. The HIPAA Breach Notification Rule requires Covered Entities and Business Associates to report breaches of protected health information (PHI) to the U. S. Department of Health and Human Services (HHS).

HIPAA Record Retention Requirements: How Long Should We Retain ePHI Data?

By Rob Pierce, Partner | CISSP, CISA on August 2, 2017July 26, 2018

One of the areas we are required to evaluate on every HIPAA audit or compliance assessment is whether our client is compliant with HIPAA’s record retention requirements.

The Security Risk Analysis and HIPAA Compliance

By L&Co Staff Auditors on June 15, 2016October 11, 2017

The HIPAA Security Rule places a great deal of emphasis on the importance of the security risk analysis—so much so that it was positioned front-and-center as an implementation specification under first standard in the first section of HIPAA. The requirement to complete a security risk analysis is under the Security Management Process standard in the […]

The HIPAA Contingency Plan

By L&Co Staff Auditors on February 3, 2016August 23, 2018

One of the areas we review on all audits and assessments of the HIPAA Security Rule is HIPAA’s requirements concerning contingency plans.

SaaS HIPAA Compliance Considerations & Certification Clarifications

By Rob Pierce, Partner | CISSP, CISA on February 18, 2015August 23, 2018

With the use of cloud technology trending upward, many cloud companies are touting themselves as “HIPAA certified.” In fact, there is no such thing as a HIPAA certification.