II.
Workflow overview
Reference · liveworkflow:hipaa-compliance-audit
HIPAA Compliance Audit overview
Audits systems handling protected health information (PHI) against HIPAA Security Rule and Privacy Rule requirements -- assessing administrative, physical, and technical safeguards, reviewing access controls for ePHI, validating encryption at rest and in transit, auditing BAA coverage with third-party vendors, and generating the compliance evidence package for external assessors. Excludes remediation implementation.
Attributes
displayName
HIPAA Compliance Audit
workflowKind
governance
triggerType
scheduled
typicalCadence
annually
complexity
cross-team
description
Audits systems handling protected health information (PHI) against HIPAA
Security Rule and Privacy Rule requirements -- assessing administrative,
physical, and technical safeguards, reviewing access controls for ePHI,
validating encryption at rest and in transit, auditing BAA coverage with
third-party vendors, and generating the compliance evidence package for
external assessors. Excludes remediation implementation.
Outgoing edges
applies_to_domain2
- domain:security·DomainSecurity
- domain:cybersecurity·DomainCybersecurity
involves_role3
- role:security-reviewer·RoleSecurity Reviewer
- role:cloud-architect·Role
- role:engineering-manager·RoleEngineering Manager
performed_by_org_unit3
- org-unit:security-team·OrgUnitSecurity Team
- org-unit:application-security-team·OrgUnitApplication Security Team
- org-unit:engineering·OrgUnitEngineering
requires_skill_area2
- skill-area:identity-security·SkillAreaIdentity & Access Security
- skill-area:secrets-rotation·SkillAreaSecrets Rotation
triggers_responsibility2
- responsibility:security-review·ResponsibilitySecurity review
- responsibility:run-security-scans·ResponsibilityRun security scans
Incoming edges
follows_workflow1
- stack-profile:healthcare-hipaa-compliant·StackProfileHealthcare / HIPAA Compliant (Node.js + PostgreSQL + Vault + React)