SOC 2 Type 2 Compliance Audits for HIPAA

The 2013 Omnibus rule is a game changer of HITECH Act, since the HIPAA Act in 1996. With the Breach listing on the WALL OF SHAME by HHS and penalties up to 1.5 million dollars for Covered Entities and Business Associates, HIPAA Compliance is on the top of the agenda for many organizations.

The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) called for the establishment of standards and requirements for transmitting certain health information to improve the efficiency and effectiveness of the health care system while protecting patient privacy.


HITECH Act and HIPAA also have a host of new regulations to safeguard the security and privacy of ePHI (electronic Protected Health Information). The regulations set standards for the security, the privacy of all medical records and all identifiable health information and the security of PHI/ ePHI.

To be compliant, a Covered Entity and Business Associate must implement policies, procedures, and controls to secure their PHI/ePHI records, and comply with the HIPAA Security Rule, HIPAA Privacy Rule, and the HIPAA Breach Notification Rule requirements.

Each entity must comply with the rights of patients else face fines, penalties and possible jail time for non-compliance.

Ecom Infotech

Assurance Services for HIPAA compliance:

  • Internal Audit & GAP Analysis of your current environment vs HIPAA requirements
  • AICPASOC 2 Type 2 Audit for HIPAA Privacy Compliance using Trust Services Criteria.These were formerly known as the Generally Accepted Privacy Principles(GAPP) by AICPA.
  • Privacy Governance and Privacy Maturity Model using COBIT
  • More on SOC Audit Services, ISO/IEC 27701 Audits for Privacy