Mission Statement

The HCIIA Taskforce will address the unique responsibilities of internal auditors within health care environments who target information technology (IT) and information security (IS) efforts within their organizations.  In many cases, auditing the IT and IS efforts overlap and may be addressed simultaneously by the same given audit, though the distinction between IS and IT audits may very well be a discussion topic for the HCIIA. The deliverables from this group will include items such as a white paper that summarizes in appropriate detail the roles, responsibilities and tasks of this set of internal auditors based on several interactive discussion sessions among the participants.  The Taskforce will operate under the guidance (and participation) of the NCHICA Privacy and Security Officials Workgroup and through that group, will deliver appropriate materials for public consumption.  The HCIIA will also foster knowledge sharing among the participants in the expectations of strengthening the role of internal audit professionals within local organizations.

Charter

The charter of the group is to build a collaborative environment supporting the Task Force mission and promoting transparency in activities and accomplishments.  Participants with information security background and experience may have distinct insights for identifying audit targets within IS and IT Consistent with the tradition of NCHICA workgroups, the HCIIA members and participants will ensure the privacy of organizational circumstances in discussing the details of auditing IT and IS practices.

The HCIIA Taskforce will focus on the following initiatives:

Documenting the role(s) of an IS/IS Internal Auditor in the Health Care/Health Information arenas

• Public (Government) vs private health care
• Advocacy audit practices vs Adversarial practices
• Distinctions involving IS vs IT auditing
• Providing extra eyes and ears on IS/IT practices towards tightening data protection efforts.
• Reviewing IS/IT documentation for completeness and appropriateness
• Enhancing IS/IT strategic planning
• Tracking compliance with standards from health care as well as internal audit.

Distinguishing Internal Auditor practices from other types of Audits

• Internal vs External (Advocacy vs Adversarial)
• Health care vs non-healthcare
• Performance or compliance vs financial

 Identifying the Audit Steps for IS/IT auditing

• Planning the Audit
• Performing the Audit
• Presenting the Audit draft results
• Finalizing the Audit Report

Volunteers on the HCIIA Taskforce will discuss the outline and expand the outline for the best common set of practices.  We will also clarify terms, frames of reference, and steps or procedures for conducting an internal audit of IT and/or IS audits within the Health Care environment.

Participation in the HCIIA Taskforce

In order to provide valuable feedback to each organization and to build a consensus approach, we encourage participation from the following:

• Current Health Care Internal Auditors
• Information Security (IS) Professionals
• Information Technology (IT) Professionals
• IS or IT Managers/Directors
• Anyone with interest in understanding the processes of Internal Auditing in Health Care
• Anyone with interest in insuring the protection of Health Care information

Meeting Schedule

This workgroup meets on the 2nd Tuesday every other month beginning in February. Meetings are held from 1pm to 3pm in person and by teleconference. Participation in meetings for NCHICA members only, and registration is required. Click here to view upcoming meetings.

Resources

• HCIIA Taskforce Bulletin (March 2015)