Draft a certification letter for your client or organization

Assessment Description

It is essential as a cybersecurity professional to have a complete understanding of how a compliance audit is conducted and documented because organizational sustainability often depends on the adequate assessment of information security and privacy management. Using the GCU Virtualization Environment, build either a Windows or Linux server. Then, search the web for technical controls related to HIPAA. Break the technical controls down into technical requirements appropriate for your virtual server with Pass/Fail criteria. Audit the virtual server and report if compliant or not. Once compliance testing has been completed, draft a certification letter for your client or organization highlighting the applicable controls tested along with the compliance model used.

Don't use plagiarized sources. Get Your Custom Essay on
Draft a certification letter for your client or organization
Just from $13/Page
Order Essay

Refer to the “HIPAA Security Audit Certification Document,” located within the Topic Resources, as an example.

APA style is not required, but solid academic writing is expected.

Dear GCU hospital

 

This document serves as a basis for the recent HIPAA security review which occurred at MS Hospital. Cassandra Lalli analyzed the standards and development of the MS Hospital application between the dates of September 1, 2020 and September 2, 2020. Based on the data that was collected from the HIPAA security review, Cassandra Lalli has concluded that the MS Hospital application has implemented a satisfactory set of security controls to satisfy HIPAA requirements for success. Consequently, a user that accesses Dropbox in conjunction with MS Hospital and follows HIPAA procedures can sustain HIPAA compliance.

Cassandra authorizes that the statements made in this document provide accuracy of the assessment of MS Hospital current security as it relates to requirements determined by HIPAA standards. This professional evaluation does not include an evaluation of other technical security controls that, while considered industry best practice, are not explicitly defined in the HIPAA technical safeguard requirements. As the MS hospital application’s code base changes, and new features and functions are added, the MS Hospital application’s security posture will change. Such changes may affect the actual validity of this document. Therefore, the conclusion reached from our analysis only represents a piece of the present time being. Cassandra Lalli would like to thank MS Hospital for this opportunity to help the organization evaluate its current security posture and would like to inform them they will fail if there is any disregard of the rules in the future.

Sincerely,

Keisha Magee

Chief Information Officer,

KSMageecompliance@ksm.com

HIPAA Technical Safeguards
164.312(a)(1) Access Controls Technical policies and procedures for electronic information systems that

maintain EPHI to allow access only

to those persons or software programs that have been granted access rights as specified in

Sec. 164.308(a)(4).

164.312(a)(2)(i) Unique User Identification. Assignment of a unique name

164.312(a)(2)(i)

and/or number for identifying and

tracking user identity

Requirement satisfied. Each user is assigned a unique username (email address) and a password. This credential set is used for identifying and tracking user identity
164.312(a)(2)(ii) Emergency Access Procedure. Established (and implemented as needed) procedures for obtaining

necessary EPHI during and emergency

Requirement satisfied. An administration “dashboard” provides administrators a way for obtaining necessary EPHI in the event of an emergency
164.312(a)(2)(iii) Automatic Logoff Procedures that terminate an electronic session after a predetermined time of inactivity Requirement satisfied. All computer has timers once the work day is over, they will shut down or lock screen prompting for password if user is inactive for too long.
164.312(a)(2)(iv) Encryption and Decryption.

A mechanism to encrypt and decrypt EPHI

Requirement satisfied. Antelope allows encryption and decryption of electronic protected health information via its PC, Mac and iOS clients as well as via a web

browser interface

164.312(b) Audit Controls Hardware, software, and/or procedural mechanisms that record and examine activity in information

systems that contain or use EPHI

164.312(a)(2)(i) Unique User Identification. Assignment of a unique name and/or number for identifying and tracking user identity Requirement satisfied. All employs have a assigned number for identifying and tracking users udentity.
164.312(a)(2)(ii) Emergency Access Procedure. Established (and implemented as

needed) procedures for obtaining

necessary EPHI during and emergency

Requirement satisfied. An administration “dashboard” provides administrators a way for obtaining necessary EPHI in the event of an emergency
164.312(a)(2)(iii) Automatic Logoff Procedures that terminate an electronic session after a predetermined time of inactivity Requirement satisfied. All computer has timers once the work day is over, they will shut down or lock screen prompting for password if user is inactive for too long.
164.312(a)(2)(iv) Encryption and Decryption.

A mechanism to encrypt and decrypt EPHI

Requirement satisfied. Antelope allows encryption and decryption of electronic protected health information via its PC, Mac and iOS clients as well as via a web

browser interface

164.312(b) Audit Controls Hardware, software, and/or procedural mechanisms that record and examine activity in information

systems that contain or use EPHI

Not applicable This standard has no implementation specifications. Requirement satisfied. Antelope provides complete audit trails on all operations associated with encrypted files with a simple reporting tool
164.312(c)(1) Integrity Implement policies and procedures to protect EPHI from improper

alteration or destruction.

164.312(c)(2) Electronic mechanisms to corroborate that EPHI has not been altered or destroyed in an

unauthorized manner

Requirement satisfied. EPHI has not been altered or destroyed in an

unauthorized manner

164.312(d) Person or Entity Authentication procedures to verify that a person or entity seeking access EPHI is the one claimed Requirement satisfied. Entity Authentication procedures are in place to verify that a entity seeking access EPHI is the one claimed
164.312(e)(1) Transmission Security Technical security measures to guard against unauthorized access to EPHI that is being transmitted over an

electronic communications network

164.312(e)(2)(i) Security measures to ensure that electronically transmitted EPHI is not improperly modified without detection until disposed of Requirement satisfied. Security measures to ensure that electronically transmitted EPHI is not improperly modified without detection until disposed
164.312(e)(2)(ii) A mechanism to encrypt EPHI

whenever deemed appropriate

Place Order
Grab A 14% Discount on This Paper
Pages (550 words)
Approximate price: -
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Try it now!

Grab A 14% Discount on This Paper

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

AllEscort