Resources for Health Insurance Portability and Accountability Act (HIPAA)

Changing a mindset: Audits are no longer one-off events

www.scmagazineus.com

Not long ago, audits were a sporadic occurrence for an IT department. While most regulatory mandates included sections that addressed IT controls, these portions of the regulations were not the initial focus of auditors, so they were largely ignored.



Therefore, even though validating IT security controls part of the law, soothe laws failed to provide any evidence that appropriate security measures had actually been implemented until years after the laws were initially enacted when auditors changed their enforcement focus.

This initial enforcement gap left executives with a false sense of confidence that, in some cases, provided the opportunity to manipulate financial and personal information. As regulatory audits began to shift their focus to an organization's IT controls, there was little advance preparation and almost no automated technology capable of providing appropriate validation of controls. This led to lengthy audit preparation, usually requiring tremendous manual efforts involving significant outsourcing.

View the Resource

Share or bookmarklet this web page at: