14.3 ENGAGEMENT OF THE AUDITOR


14.3 ENGAGEMENT OF THE AUDITOR

Given that the first part of this evaluation process is to perform a Risk Analysis of your firm, you may wish to hire a consultant to perform all or part of this evaluation. Companies can range from large national companies to small boutique firms. Request a copy of references and look for past experience in the medical industry. Due to the specialization of the Security Industry, the best security experts may advertise only by word of mouth and may not work for large national security or accounting firms. Discuss with them how they plan to perform the audit and what they intend to do during the audit. Many firms will require you to sign an engagement letter at the beginning of the audit that states the intended starting period of the audit, general procedures to be performed during the audit. The audit may be a flat fee engagement or may be an hourly billed engagement. Provide your security auditor with the necessary clearances for vulnerability testing and other procedures that may violate the policy manuals you have in place.

Ensure that your auditor fully understand the requirements of the audit. While a HIPAA audit can be more restrictive than a business security audit, it includes a review of your organization's threat vectors and security risks. It should also be an engagement where both the auditor and the audited see this as a review of internal and external systems, a review of policies and procedures, and a review of network and applications and should ensure that written documentation is in place to assure compliance with the required specifications.

An engagement letter detailing out the scope the audit should be prepared to ensure that the auditor and audited understand the process and procedures that will occur during this audit process. Those individuals or departments that will be receiving the final audit report should be identified in this document. As this audit may contain information on vulnerabilities of the system, its distribution should be closely monitored and restricted to those individuals who need this information.




HIPAA Security Implementation, Version 1.0
HIPAA Security Implementation, Version 1.0
ISBN: 974372722
EAN: N/A
Year: 2003
Pages: 181

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net