Risk of Violations Against HIPPA Facility Security Requirements Reduced Because of SVA

The Client

Nonprofit Organization

Measurable Result

Organization makes significant changes to protect their members’ private information reducing the risk of HIPPA violations and potential fines stemming from recommendations presented by SVA.

The Story

SVA's Audit and Assurance team routinely completes their work “in the field” visiting their clients at their place of business. While on-site to conduct an audit for a nonprofit’s multiple trust funds an SVA professional noted their members’ personal information was lying on an administrator’s desk in full view to anyone who walked in the office door.

The cause for concern was not only for the lack of privacy of the organization’s members but the contents of the visible information was pertaining to health and welfare. Having that information accessible in this manner is considered a HIPPA facility security violation, which if left uncorrected could lead to potential fines and penalties.

As with any SVA assurance engagement, a management letter is supplied to the client detailing the work completed, along with any recommendations observed. It was within the management letter SVA identified the possible risk associated with not having the necessary privacy controls in place with regards to their members'; personal information.

As a result of the SVA management letter, the nonprofit organization acted swiftly taking the necessary corrective actions. Not only did they change their process for handling member documentation, they did a full scale construction project to reconfigure their office space. They created an enclosure allowing them to do the necessary tasks involving members’ personal information in a private and secure space alleviating the risks for HIPPA violations.

**Due to the sensitivity and nature of this Assurance Measurable Results story, as well as for the security of our client, names are not disclosed for privacy protection.