Look for KirkpatrickPrice at Booth #8500, Kiosk 18, in the HIMSS18 Cybersecurity Pavilion

Las Vegas, NV – KirkpatrickPrice brings its health IT readiness and audit services to the exhibit floor for the 2018 HIMSS Conference & Exhibition. From March 5-9, 2018, more than 45,000 healthcare industry professionals are expected at the conference, where they will gain expert insights during the exchange of innovative ideas and best practices in improving health through IT.

KirkpatrickPrice has been assisting clients in the healthcare space for over 12 years. As an exhibitor, KirkpatrickPrice’s Security Specialists will be educating attendees on how to remain up-to-date on industry trends and how to work towards HIPAA compliance through readiness audits. KirkpatrickPrice assists covered entities and business associates with compliance concerns with risk analysis, penetration testing, cybersecurity. HITRUST CSF, and HIPAA audits.

“The protection of personal healthcare information has taken centerstage recently because of the updates to the HHS HIPAA audit protocol and the enhanced enforcement activities. KirkpatrickPrice is pleased to participate in the HIMSS conference to bring our experience in risk analysis, penetration testing, cybersecurity, business associate management, and other healthcare-specific services to this year’s attendees,” said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice.

“At HIMSS18, exhibiting organizations will share their IT solutions and services focused on improving health through the best use of information and technology. We know this year will offer memorable, experiential, hands-on opportunities for our attendees and exhibitors. I am honored to welcome and thank our exhibitors for their participation at HIMSS18 and their continued collaborative efforts to improve the delivery, cost of, and access to quality healthcare through IT,” said Elli Riley, CEM, senior director, exhibits and meeting services, HIMSS North America.

  • To learn more about KirkpatrickPrice, visit Booth #8500, Kiosk 18 in the Cybersecurity Pavilion during HIMSS18
  • Join us at the Cybersecurity Pavilion on March 6th at 11:30 AM to hear from Joseph Kirkpatrick at Session CS04, The Power of a Cybersecurity Community.
  • Go to kirkpatrickprice.com for more information or find us on Twitter, LinkedIn, and Facebook.
  • Learn more about HIMSS18 and use #HIMSS18 when tweeting about the conference.

CompuMail Receives SOC 1 Type II and SOC 2 Type II Attestations, Meets Payment Card Industry Data Security Standards, and Receives HIPAA Security Rule Compliance Report

Concord, CA – CompuMail, a direct mail company, today announced that it has completed its SOC 1 Type II, SOC 2 Type II, PCI, and HIPAA audits. Compliance with these standards verifies that CompuMail has the proper internal controls and processes in place to deliver high quality services to its clients.

KirkpatrickPrice, a licensed CPA and PCI QSA firm, performed the audit and appropriate testing of CompuMail’s controls. SOC 1 Type I is a reporting on the controls at a service organization that was established by the American Institute of Certified Public Accountants (AICPA). This report is in compliance with the SSAE 18 auditing standards and focuses on the controls of a service organization that are relevant to an audit of a user entity’s financial statements. The standard demonstrates that an organization has adequate controls and processes in place. The SOC 1 Type I audit report includes CompuMail’s description of controls as well as the detailed testing of its controls at a specific point in time.

SOC 2 engagements are based on the AICPA’s Trust Services Criteria. SOC 2 service auditor reports focus on a Service Organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. KirkpatrickPrice’s service auditor report verifies the suitability of the design and operating effectiveness of CompuMail’s controls to meet the standards for these criteria.

The PCI Data Security Standard is a complex security standard that focuses on security management, policies, procedures, network architecture, software design, and other critical protective procedures.  These security standards are relevant to any merchant or service provider that uses, stores or transmits information from a payment card. In accordance with the PCI Security Standards Council, KirkpatrickPrice’s Qualified Security Assessors tested CompuMail’s controls that are relevant to the storing and transmitting of information from credit, debit, or other payment cards and assisted CompuMail in becoming PCI compliant.

The Health Insurance Portability and Accountability (HIPAA) Security Rule is a national standard set for the protection of consumers’ Electronic Protected Health Information (ePHI). The ePHI that an organization manages must be protected from anticipate breaches by mandating a Risk Assessment and implementing appropriate Physical, Administrative, and Technical Safeguards. HIPAA laws are regulated by the Office for Civil Rights (OCR) and are meant to protect unauthorized use and disclosure of ePHI.

Christine Fribley, Chief Security Officer at CompuMail, stated, “Information Security is of utmost importance to CompuMail.  Having a robust security system is a critical part of our organization since our clients entrust us with protected health information(PHI), personally identifiable information(PII) and other protected information on a daily basis.  CompuMail invests heavily in security and compliance by annually undergoing audits with KirkpatrickPrice, which helps to ensure we are protecting the confidentiality, integrity and availability of our client’s information and our assets while adhering to the highest levels of security standards.”

“Many of CompuMail’s clients rely on them to protect sensitive consumer information” said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. “As a result, CompuMail has implemented best practice and industry-accepted controls demanded by their customers to address information security and compliance risks. Our third-party opinion validates these controls and the tests we perform provide assurance regarding the direct mail solutions and services provided by CompuMail.”

About CompuMail

CompuMail cultivates partnerships with our clients to ensure that they receive the best results, under the highest level of data security, at the most competitive price.  We provide mailing and communication services, with a real-time portal to meet your management and oversight needs.  Technology changes, business changes, but our commitment to service doesn’t.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 700 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, GDPR ISO 27001, FISMA, and CFPB frameworks. For more information, visit www.kirkpatrickprice.com, follow KirkpatrickPrice on Twitter (@KPAudit), or connect with KirkpatrickPrice on LinkedIn.

Independent Audit Verifies Notarize’s Internal Controls and Processes

Boston, MA – KirkpatrickPrice announced today that Notarize, the first online legal notary platform, has received their SOC 2 Type I attestation report. The completion of this engagement provides evidence that Notarize has a strong commitment to deliver high quality services to its clients by demonstrating they have the necessary internal controls and processes in place.

SOC 2 engagements are based on the AICPA’s Trust Services Principles. SOC 2 service auditor reports focus on a Service Organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. KirkpatrickPrice’s service auditor report verifies the suitability of the design and operating effectiveness of Notarize’s controls to meet the criteria for these principles.

“We believe life’s most important transactions require the most secure platform. That is why we are relentlessly focused on protecting our customer’s data,” said Russ Morton, Director of Product at Notarize. “We’re pleased to announce that we’ve completed our SOC 2 audit and have received our Type I attestation report from KirkpatrickPrice. This credential provides clear evidence that Notarize has a strong commitment to deliver high quality services for our customers and the most secure solution in the industry.”

“The SOC 2 audit is based on the Trust Services Principles and Criteria. Notarize has selected the security, availability, and confidentiality principles for the basis of their audit,” said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. “Notarize delivers trust based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on Notarize’s controls.”

About Notarize

Notarize is the first notary public platform allowing any person or business to get their documents legally notarized online. Notarize is also the first company to enable an entirely online mortgage closing process. Founded in 2015, Notarize has helped tens of thousands of individuals and businesses (on every continent, except Antarctica) get documents digitally notarized. For more information, visit www.notarize.com.

About KirkpatrickPrice, LLC

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, GDPR, ISO 27001, FISMA, and CFPB frameworks. For more information, visit www.kirkpatrickprice.com, follow KirkpatrickPrice on Twitter (@KPAudit), or connect with KirkpatrickPrice on LinkedIn.

Independent Audit Verifies Corodata’s Internal Controls and Processes

Poway, CA — Corodata, an Information Management Company, announced that it has completed the rigorous SSAE 18 (SOC 1) Type II Audit. Now more than ever, independent audits like SOC 1 Type II are imperative for protecting confidential information. This attestation verifies that Corodata has the proper internal controls and processes in place to deliver high-quality records management services to its clients. KirkpatrickPrice, a licensed CPA, and PCI QSA firm performed the audit and appropriate testing of Corodata’s controls that validates our process and security controls. In accordance with SSAE 18 (Statements on Standards for Attestation Engagements), the SOC 1 Type II audit report includes Corodata’s description of controls as well as the detailed testing of its controls over a minimum six-month period.

The Importance of Independent Audits

“Many of Corodata’s clients rely on them to protect consumer information,” said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. “As a result, Corodata has implemented best practice controls demanded by their customers to address information security and compliance risks. Our third-party opinion validates these controls and the tests we perform provide assurance regarding the managed solutions provided by Corodata.”

What Exactly is SOC 1 Type II?

SOC 1 Type II is a reporting on the controls at a service organization that was established by the American Institute of Certified Public Accountants (AICPA). This report is in compliance with the SSAE 18 auditing standards which focus on the controls of a service organization that are relevant to an audit of a user entity’s financial statements. The standard demonstrates that an organization has adequate controls and processes in place. Without these best practices, organizations can put the confidential and sensitive information of their clients at risk of identity theft, data breaches, and more. Federal regulations such as Sarbanes-Oxley, Gramm-Leach-Bliley and the Health Insurance Portability and Accountability Act (HIPAA) require corporations to audit the internal controls of their suppliers, including those that provide technology services.

What Does This Mean for Corodata?

As the largest independent records management company in California, Corodata strives for the highest levels of certification in compliance, meeting and exceeding legal requirements. Receiving this attestation puts Corodata in a position once again to exceed the industry standards expected of records management companies. Considering more than 10,000 California companies employ Corodata’s services, the SSAE 18 (SOC 1) Type II Audit goes a long way in securing the important information of California businesses.

About Corodata

For over 60 years, Corodata has been providing quality services to California businesses. Family-owned and operated since 1948, Corodata is the largest independent records management company in California. Corodata offers a full range of services including records storage, shredding, scanning, tape, and cloud data protection.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 550 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 11 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, ISO 27001, FISMA, and CFPB frameworks. For more information, visit kirpatrickprice.com follow KirkpatrickPrice on Twitter @KPAudit, or connect with KirkpatrickPrice on Linkedin.

Many business associates and covered entities are already overwhelmed with responsibilities, so it can be a struggle to find the staff and resources to dedicate to managing strict regulatory demands. In our highly data-driven world, ensuring the privacy of customer data, specifically protected health information (PHI) and patient data, is becoming a top priority of organizations worldwide. In the world of healthcare, the HIPAA Privacy Rule exists to aid business associates and covered entities in ensuring they are doing their due diligence to protect PHI.

What is the HIPAA Privacy Rule? Who needs HIPAA Privacy? What does a HIPAA Privacy Rule assessment include? So, how does the HIPAA Privacy Rule affect your practice? Read on to find out.

What is the HIPAA Privacy Rule?

The Privacy Rule is a national standard intended to protect patient’s protected health information (PHI). The HIPAA Privacy Rule requires healthcare organizations and their third parties to implement appropriate safeguards to protect the privacy of this information. It regulates things like appropriate use and disclosure of PHI, patient access to PHI, and patient rights. The HIPAA Privacy Rule is important because without it, healthcare organizations can disclose and distribute protected health information (PHI) without the consent of the individual. If this sensitive data were to end up in the wrong hands, it could negatively impact the individual.

Who Needs HIPAA Privacy?

According to the HIPAA Privacy Rule, healthcare organizations such as private practices, general hospitals, outpatient facilities, pharmacies, and health plans are subject to comply with the HIPAA Privacy Rule. If you are considered to be of these entities, it’s important to understand and ask yourself, how does the HIPAA Privacy Rule affect your practice? Non-compliance can result in OCR sanctions and hefty fines for these entities. As healthcare data continues to be a major target for cyber criminals, healthcare organizations must take steps that go above and beyond HIPAA Privacy Rule compliance through sophisticated information security and risk management practices.

What Does the HIPAA Privacy Rule Cover?

There are five main areas of the HIPAA Privacy Rule according to 45 CFR Part 160 and Subparts A and E of Part 164. A HIPAA Privacy Rule Assessment evaluates policy and procedure documentation relating to these areas, which include:

  1. Notice of Privacy Practices – This is the method for communicating patient rights to patients. This document should establish the basis for a patient’s understanding of what will happen with their PHI.
  2. Patient Rights – This refers to a patient’s rights with respect to PHI, including their right to authorize uses and disclosures.
  3. Minimum Necessary Standard – This states that organizations must make an effort to use, disclose, and request only the minimum amount of PHI needed for the intended purpose of the use and disclosure of the PHI.
  4. Administrative Requirements – A designated Privacy Officer should be responsible for developing and implementing policies and procedures. The Privacy Officer must have appropriate administrative, technical, and physical safeguards in place to protect the privacy of PHI.
  5. Uses and Disclosures – The HIPAA Privacy Rule requires that organization define the uses and disclosures of PHI for treatment, payment, and operational purposes, including an example for each purpose.

The HIPAA Privacy Rule exists so that patients know they have rights, what those rights are, and how those rights are respected. Is your organization is struggling to answer the question, how does the HIPAA Privacy Rule affect your practice? Contact us to learn more about how a HIPAA Privacy Rule Assessment can help ensure your compliance.