Develop a 1- to 2page Audit Plan and Policy.

Audit Plan:

Audit Strategy:

Scope of Audit:

Depth of Audit:

Your company is a security service contractor that consults with businesses that are considered covered entities under HIPAA in the U.S. who require assistance in compliance with HIPAA. You advertise a proven track record in providing information program security management, information security governance programs, risk management programs, and regulatory and compliance recommendations. You identify vulnerabilities, threats, and risks for clients with the end goal of securing and protecting applications and systems within their organization. Your client is Health Coverage Associates, a health insurance exchange in California and a covered entity. Because of the Patient Protection and Affordable Care Act (ACA), the exchange enables individuals and small businesses to purchase health insurance at federally subsidized rates. In the past 6 months, they have experienced:

Vulnerability #1: A malware attack (i.e., SQL Injection) on a critical software application that processed and stored client Protected Health Information (PHI) allowing access to PHI stored within the database

Vulnerability #2: An internal mistake by an employee that allowed PHI to be emailed to the wrong recipient who was not authorized access to the PHI

Vulnerability #3: An unauthorized access to client accounts through the companys login website via the cracking of weak password