HIPAA Security Assessments & Reviews - Case Studies
- Client: XXXXXX
- Type of Service: HIPAA Security Review
The KLC Consulting Independent Verification and Validation (IV&V) Team was hired to perform a HIPAA security review for a client and a web application forensics analysis. The purpose for the HIPAA project was to evaluate the compliance of Federal HIPAA security regulation. The purpose for the web application forensics project was to gather all the available evidence, correlate the available activity logs, analyze the impacted application, operating system, and database, and then determine if any personally identifiable information was compromised.
Based on the HIPAA security regulation requirements, KLC developed a questionnaire tool that mapped directly to each HIPAA security-required clause within the regulation. This tool was used to capture the information security controls that the client had in place. The KLC Consulting Team then conducted interviews with the client’s IT staff and observed evidence documents to obtain the existing HIPAA security controls in detail. The team then performed a risk analysis on the client’s HIPAA administrative, technical, and physical information security controls against the HIPAA security requirements, and produced a comprehensive report. The report identified issues and gaps, and provided the client with a list of recommendations and strategies to achieve HIPAA security compliance that fit the client’s organization size and budget. KLC completed this IV&V project on time and on budget.
This HIPAA security review project reflects the quality that can be expected as KLC turned around the security review in a very short time frame. KLC exceeded the client’s expectations and identified numerous vulnerabilities. KLC’s recommendations and incident analysis proved invaluable and provided a detailed understanding of events. KLC also recommended mitigation strategies thus creating a safer environment in order to meet compliance requirements. Central to the outstanding success of the project was KLC’s staff whose expertise and proficiency allowed the project to be turned around so quickly. The client was truly impressed with the quick turn-around. The results helped the client to decide what direction to take with regards to its mission-critical business directives. The client will continue to use KLC in the future and refer KLC to new business due to their overwhelmingly positive experiences with the HIPAA security review.