Internal Audit #180914

 

An internal audit will be conducted by Omega Forms on a routine basis. The results of this audit are made public to allow clients visibility in the operations and safeguards relating to the services they have with Omega Forms.

 

Security Review

1. Servers’ logs examined for intrusions and abnormal behavior.
– No breaches. No unexplained events.

2. Servers patched with latest updates.
– All patches reviewed and select patches applied.

3. Services tested to ensure services operational.
-All services functioning.

4. Infrastructure reviewed to ensure platform needs are met.
-All software, hardware, and network components are operating within established parameters.

5. Critical communication systems tested for emergency use.
-Twitter account used to post that an Internal Audit is underway.

HIPAA Compliance Reporting

1. Test last backup of client data and PHI on a computer that can serve as an emergency access point.
– Tested and passed.

2. Check for updates to the HIPAA Administrative Simplification Regulation Text.
– March 2013 revision remains current version.

3. Review Omega Forms’s Established Protocols.
– Reviewed.

4. Review any inquires about Omega Forms’s Established Protocols from any client.
– No inquires received.

Code of Conduct for Employees (HIPAA Sanction Policy):

1. Only perform work on authorized computing devices.
2. Do not expose any proprietary information or CD (client data, including client protected health information) to individuals not part of the Omega Forms workforce (including public and other clients).
3. Always favor test data: limit access to CD whenever possible.
4. Use RAM drives when working with CD.
5. Do not talk about, alter, write down, or make personal use of any CD.
6. Do not share or write down computer access points and codes.
7. Lock your computer when not in use.
8. Do not discuss details that identify previous employers with clients.

Any violations of the Code will result in a logged account of the details surrounding the violation. The logged accounts will be reviewed during this Internal Audit and any punitive measures deemed necessary will be taken. Gross offences may demand immediate punitive measure including termination of employment, civil penalties, or criminal penalties.