Our HIPAA Security Gap Assessment Audit Report is an essential resource for healthcare organizations aiming to enhance their compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security Final Rule. This tool provides a detailed evaluation of an organization’s current security practices, identifying potential vulnerabilities in safeguarding electronic protected health information (EPHI). By engaging in systematic risk analysis and management processes, organizations can uncover critical areas for improvement that may otherwise expose them to significant compliance risks. This report highlights compliance gaps and outlines actionable recommendations tailored to mitigate these risks effectively.

Audit findings in this report include:

• User account provisioning policies/procedures have not been developed for systems containing EPHI and insufficiencies were noted in existing practices.
• Departures from the Computer Use and Information Technology Policy were noted in practice related to the use of external hard drives and removable media.
• Departures from the Computer Use and Information Technology Use Policy were noted in practice related to shared login credentials.
• While a formal procedure is established and implemented for resetting active directory passwords, the procedure and its associated requirements do not explicitly apply to application password resets and inconsistencies were noted in practice for various applications evaluated.