Administrative Safeguards Audit

Administrative Safeguards Audit
Assignment Directions
Under the Meaningful Use program, the federal government requires a level of cyber security and HIPAA compliance attestation. The Office of Civil Rights, the entity for HIPAA compliance that assists in managing breach notification, is conducting ongoing audits to ensure organizations meet privacy and security compliance through desk top audits.
This week you will begin drafting the first section of your privacy and security plan, which is the administrative safeguards audit. For this assignment, you will assume the role of a consultant, hired to assist with conducting audits and creating a security plan for a clinic. You will perform what is referred to as a desk audit of the clinic’s administrative safeguards focusing on the clinic’s polices, training, recovery plans, and workforce management. A desk audit entails reviewing documents and conducting interviews to assess a health care organization’s existing administrative processes and safeguards; however, it does not require an actual physical audit to observe the processes (unless the audit reveals significant discrepancies or issues). This audit is one of three audits you will be completing over the next three modules that will comprise your security plan. The audits for your security plan include the following:

1. Administrative Safeguards
2. Technical Safeguards
3. Physical Safeguards

The administrative safeguards audit focuses on policies, training, recovery plans, and workforce management. For the purposes of this assignment, you will use a case study that includes a transcript of an interview that you would normally conduct in order to obtain the information you need to complete the administrative safeguards audit. You will conduct your audit using the Security Risk Assessment (SRA) Tool, which was developed by the federal government to assist health care organizations in meeting privacy and security regulations. The audit tool you will be using for this assignment is a paper-based template for conducting a desk audit. There is a web-based tool; however, given the time constraints of this course, you will only use the paper-based, document version. All of the audit templates used in this course are based on the Meaningful Use criteria required by the federal government to ensure privacy and security as part of the Meaningful Use attestation process. For more information about these tools, review the HealthIT.gov website’s Security Risk Assessment page.
Follow the steps below to complete this assignment.

• Review the information provided in the Case Study, specifically the interview transcript.
• Complete the Administrative Safeguards Security Risk Assessment (SRA) Toolbased on the information from the Case Study.

Make sure you address all areas of the Administrative Safeguards SRA Tool accurately based on the information provided in the case study.
Please review the Scoring Rubric