Technical Testing and the HIPAA Security Rule

With no testing methodology or requirement specified and enforcement of this area of the HIPAA Security Rule by the Office for Civil Rights (OCR) inconsistent, many organizations are unsure as to what steps they need to take to comply. As a result, we find investments are often being made that don’t add significant value from either a compliance or a security standpoint.


In this paper, we review the role of technical testing in strong compliance and security programs and provide examples of what an appropriate technical testing program may look like for your organization.