HIPAA privacy and security rules provide federal protections for personal health information and specifies a series of administrative, physical, and technical safeguards to use to assure the confidentiality, integrity, and availability of electronic protected health information. Internal
Audit reviewed compliance with HIPAA rules at Harborview Medical Center (HMC), University of Washington Medical Center (UWMC), University of Washington Physicians and UW Medicine Information Technology Services.
We recommended UW Medicine develops a comprehensive privacy continuous monitoring program, develops a process to identify and review Business Associate Agreements and centralize the release of information process at UWPN. We further recommended improvements in enterprise system inventory and risk assessments, enforcement of security policies, system owner and operator training, disaster recovery and business continuity planning, and system administrator account administration.