How FairWarning Fulfills on HIPAA

April 12, 2019

In June 2011, KPMG was awarded the contract to conduct HIPAA audits and develop an audit protocol on behalf of Health and Human Services (HHS) Office for Civil Rights (OCR). During the initial test phase, from November 2011 through March 2012, 20 covered entities were audited. As a result of these initial audits, in June 2012, OCR published on its website the HIPAA Audit Protocol, which contains the requirements which will be assessed during the OCR HIPAA Audit program. The protocol covers the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule requirements, as well as audit procedures and what will be expected of covered entities.

User activity monitoring was found to be the #1 deficiency in the first 20 audits, accounting for nearly one-quarter of the issues identified for non-compliance with the HIPAA Security Rule. FairWarning's solution for patient privacy monitoring map directly to 13 key requirements of the recently announced OCR HIPAA Audit Protocol requirements and influence many others, which are focused on both the management process and audit controls for applications containing PHI. Many of the protocols are problematic if not impossible to address without FairWarning.

Previous Document
How FairWarning Maps to the NIST Cybersecurity Framework
How FairWarning Maps to the NIST Cybersecurity Framework

While it was originally designed specifically for use by critical U.S. infrastructure systems, many entitie...

Next Document
Full Lifecycle IAM with FairWarning and SailPoint
Full Lifecycle IAM with FairWarning and SailPoint

Who's handling your data? You need to know who all your users are -- and FairWarning with SailPoint helps c...