Blog

Road to HIPAA Compliance: Preparing for Phase 2 HIPAA Compliance

by KirkpatrickPrice / February 9, 2023

How Can You Prepare Your Organization for Phase 2 HIPAA Audits? This webinar covers an overview of what to expect as we shift to a new phase of proactive supervision and how to prepare for an onsite audit from the OCR. First, let’s look at the background of the OCR Period Audit Process and Enforcement Action: 2009: HITECH requires periodic audits of covered entities and business associates 2011/2012: Phase…

Lessons Learned: Major Security Vulnerabilities and Flaws Uncovered During Audit of HealthCare.gov

by Sarah Harvey / December 19, 2022

Last month, an audit of HealthCare.gov uncovered some basic flaws in the security of the government’s healthcare website. The Personally Identifiable Information (PII) of millions of health insurance customers was being stored in a database that, fortunately, was never compromised by way of cyberattack. Medical records are not stored in the system, however, names, Social Security numbers, birth dates, addresses, and phone numbers of customers were left vulnerable to attacks.…

Ask the Auditor: PCI Requirements 5 and 6

by Sarah Harvey / June 13, 2023

As a PCI Qualified Security Assessor (QSA), we receive a lot of questions and concerns from clients who are just stepping into their first PCI assessment, particularly around PCI Requirements 5 and 6; maintaining a vulnerability management program. We have recently sat down with one of our own QSA’s, Steve McEnroe, QSA, CISA, to answer some of the major questions we commonly hear. Here are the highlights from the interview:…

PCI Readiness Series: PCI Requirements 5 and 6

by KirkpatrickPrice / December 19, 2022

This session in our PCI Readiness Series highlights PCI Requirements 5 and 6, which work together to help organizations build and maintain a vulnerability management program. PCI Requirement 5 states, "Protect all systems against malware and regularly update anti-virus software or programs." PCI Requirement 6 states, "Develop and maintain secure systems and applications." What is Requirement 5? There are more people than you think looking to harm your environment.…

A Checklist to Prepare for Your SSAE 16 (SOC 1) Audit

by Sarah Harvey / December 19, 2022

If your customers rely on you to protect consumer information, chances are you may be asked to produce an SSAE 16 audit report. An SSAE 16 audit is a reporting on the controls at an organization that are relevant to, or may affect a client’s financial statements. This standard is designed to demonstrate that an organization has proper internal controls and processes in place to address information security and compliance…

Road to HIPAA Compliance: Preparing for Phase 2 HIPAA Compliance

Lessons Learned: Major Security Vulnerabilities and Flaws Uncovered During Audit of HealthCare.gov

Ask the Auditor: PCI Requirements 5 and 6

PCI Readiness Series: PCI Requirements 5 and 6

A Checklist to Prepare for Your SSAE 16 (SOC 1) Audit

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.