At OG电子官网 we adhere to AICPA standards of quality controls and independence. Unlike many other independent consultants, we can offer third party assurance as well as reporting options to fit specific needs. Our HIPAA engagement options and the assurance they provide include:
We perform procedures to evaluate the current state of compliance against a checklist or protocol/standard that identifies consistency and/or any gaps with the requirements. This is usually performed at a specific point in time as opposed to a period. These engagements are generally performed on a non-attest, or a no-assurance basis similar to hiring a consultant or third party expert. The advantage of having a CPA do this work is that it is often used to lay the groundwork for follow on attestation engagements.
HIPAA Compliance Agreed Upon Procedures Engagements
This report is issued under AICPA attestation standards, and is designed to allow a CPA firm to express an opinion on an organization’s compliance with the requirements of the HIPAA 安全, Privacy and/or Breach Notification Rules. Management may also use our service to perform internal testing and thus, these types of engagements can also be done on a non-attest basis, which usually includes our report of our procedures without an opinion and a detailed listing of our testing results.
SOC 2 engagements and reports adapted for HIPAA
SOC 2报告 allow for reporting on the internal controls related to a broad range of users that need to understand internal control at a service organization as it relates to security, 可用性, 处理完整性, 保密性和隐私. These reports are intended for use by stakeholders (e.g., 客户, 监管机构, 业务合作伙伴, 供应商, directors) of the service organization whereby the engagement will provide those stakeholders assurance in the form of a CPA signed report over management’s description of controls, and the operating effectiveness of controls. A SOC 2 report on 安全 and Privacy maps closely to HIPAA security and privacy rules and can be supplemented with incremental criteria to cover gaps as needed for the service organization entity. A significant advantage of the SOC 2 report is that it is based on the standards of the AICPA and is well understood with ever growing acceptance in the marketplace.
SSF’s 风险保障OG电子官网 Group can help you evaluate your needs and determine which HIPAA option will be the best choice for your business and 客户.