Healthcare Assessment

BARR Advisory helps covered entities and business associates safeguard electronic protected health information (ePHI) and navigate the healthcare compliance challenges and mandates. If your organization is in the healthcare space then we can help you with ePHI scope discovery, reduction, and security. By going beyond the compliance checklist, we help secure environments, reduce risk and drive business efficiency. Our services include:

HITRUST Certification

The Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) was developed in collaboration with healthcare and information security professionals to provide a prescriptive framework to simplify security requirements. It is the most widely-adopted security framework in the U.S. healthcare industry. HITRUST offers a self-assessment and a validated assessment against the CSF. A validated assessment is conducted by a HITRUST Certified External Assessor and is the only assessment that produces a validated certification report. With extensive experience in healthcare audit services, we’ll help your organization through the HITRUST CSF assessment process.

HIPAA Assessment

We provide independent assessments for our clients that need to demonstrate HIPAA compliance to customers and other external stakeholders. An attestation can come in various forms such as an examination or compliance attestation engagement. These reports can provide a competitive differentiator for those responsible for compliance against the HIPAA/HITECH security, privacy, breach notification rules.

How It Works

Phase I  Healthcare Readiness Assessment

Concerns about HIPAA and HITRUST compliance reporting drive organizations to seek help with review of their procedures before undergoing the audit. The purpose of a readiness review is to identify control weaknesses that need correction. Deliverables from the readiness assessment include:

  • Preliminary control discovery results that will assist in documenting process narratives and crafting the description of controls
  • Control gaps and areas of improvement
  • Prioritized observations and recommendations for remediation
  • The advantage of performing a readiness assessment prior to a HIPAA or HITRUST assessment is to give management an opportunity to address control gaps prior to an inaugural examination as well as help with required risk assessment activities.

Phase II Healthcare Examination Reporting

There are multiple options with HIPAA and HITRUST reporting. Please contact us to determine the most effective solutions. Below are common examples:

  • HIPAA – As a cloud service provider, a common approach is to leverage the SOC reporting framework as the basis for reporting. Other forms can include a compliance examination in accordance with AICPA standards. Both types of deliverables can be used to demonstrate compliance to external stakeholders.
  • HITRUST – The AICPA and HITRUST has coordinated a reporting structure using the SOC reporting framework for those that do not need to go through the HITRUST certification. BARR can also assist you to achieve the certification with the HITRUST organization.

Why BARR for Healthcare Compliance

  • From day one, BARR healthcare assessors provide a collaborative, hands-on approach tailored your company’s unique needs
  • Trusted advisor to some of the fastest growing cloud service providers (IaaS, PaaS, SaaS) in the country
  • Serving the most regulated industries including technology, financial services, healthcare and government
  • BARR provides an easy-to-use project management tool that integrates seamlessly into your infrastructure
  • 100% referral and satisfaction rate from clients
  • Competitive, fixed rates to accommodate growing enterprises
  • We put you and your business first, providing unparalleled communication and accessibility at all times

Recent Blog Posts

One tip to boost password authentication security is to use a password manager, rather than a Post-it note next to your laptop.

Password Authentication: What It Is and How to Get the Most Out of It

| Cyber Hygiene, Data Privacy, Multifactor Authentication | No Comments

Password authentication and management—it’s something we can all agree is important, but it’s also something most of us find difficult to do. That’s why many of us create easy-to-remember passwords…

Webinar: Information Governance and Auditing in the Cloud. Logos: Kansas City chapter of the Institute of Internal Auditors, ISACA, Information Governance Group, and BARR Advisory

BARR Founder and President Co-presented Recent Webinar, Information Governance and Auditing in the Cloud

| Cyber Hygiene, Security | No Comments

BARR Advisory teamed up with the Kansas City chapter of the Institute of Internal Auditors (IIA), the Kansas City chapter of the Information Systems Audit and Control Association (ISACA), and…

Person holding tablet with image of VPN button on screen

SOC 2 Trust Services Criteria: What They Are and How to Select the Right Ones

| Data Privacy, Risk Management, Security, SOC Reporting | No Comments

One of the first steps you’ll take when preparing for a SOC 2 audit is selecting which trust services criteria (TSC) may be included in the report. Every SOC 2…

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.