SOX Monitoring

•          Financial statement and transaction assertions monitoring

•         Completeness

•         Accuracy

•         Valuation

•         Existence/Occurrence

•         Rights & Obligation (not transactional)

•         Presentation and Disclosure (not transactional)

•         Financial process controls

-Preventative and Detective

•         Control attributes and types of financial data

-account and materiality assessment

•         Auditing Readiness

-Records, logs, and history

•         Email Discovery and records

 

HIPAA Monitoring

•          Read and write access to patient records / Validate need to know, minimal access on every read

•         Read and write access to patient billing records / validate need to know, minimal access on every read

•         Validation of following HIPAA procedures

–        Access to patient records

–        Emergency access to patient records and document all use of the emergency access (each incident must be evaluated)

–        Patient rights and HIPAA regulations

–        Patient complaints

–        Business agreements with HIPAA terms

–        Potential or actual HIPAA violations by business associates

–        HIPAA training

•         Electronic transmission of patient information for billing must conform to HIPAA TCI format and procedures

•         Electronic transmission of patient data should be protected / VPN / encryption 

•         Patient records must be backup up and restorable

•         Disaster recovery to provide access to patient records