Another major service we perform is facilitation of the Annual HIPAA risk assessment and other audits and risk assessments performed by vendor audit firms. The HIPPA risk assessment is a major initiative for the UMIT Security Audit. Not only it’s completion necessary for UM to comply with the HIPPA regulation but it also affords UMIT the unique opportunity assess security controls and compliance for all UM ePHI applications in one project. In the 2015 assessment, 85 UM ePHI applications were assessed in this one project. Although the risk assessment component of the HIPAA risk assessment is performed by third party we play a critical role in realization of benefits and risk management by working collaboratively with the UM Office of HIPPA Privacy and Security, the vendor and IT application owners and application business owners to:
For more information on how we choose audits to perform, audit focus areas, and the services we perform please see our approved Fiscal 2017 Audit Plan.