HIPAA Privacy and Security Audits Are Here: Are You Ready?
Course Overview
Presenter: Carl Cadregari, CISA
Executive Vice President
The Bonadio Group
No one wants to go through the pain of an audit, so it’s critically important to understand why audits happen and how to be ready for the possibility, so your organization can respond quickly and appropriately if the need arises. In Part 1 of this course, Carl Cadregari presents an overview of HIPAA, Security, and HiTech rules as well as issues related to compliance with these regulations. In Part 2, he specifically addresses audits: why they occur and what you can do to be ready for them. The “Top Five Areas to Be Aware of” explains what to expect if you are audited and how best to respond. The “Top Ten Items to Do” section explains in detail how to be prepared for the possibility of an audit, and what action items your organization should check off its list to assure that you are in compliance with all security and privacy regulations in order to avoid security breaches and the ensuing fines.
Time to view Part 1 of the course is 27 minutes.
Time to view Part 2 of the course is 22 minutes.
Course Learning Objectives
After completing this course, the learner will be able to:
- Identify important elements of the top three compliance rules
- List safeguards to protect the security of private information
- Identify the top five areas to be aware of with respect to audits
- Understand the top ten items that need to be done to prepare for an audit
Time to complete the course is approximately 80 minutes.
Presenter: Carl Cadregari, CISA, Executive Vice President

Carl is an Executive Vice President and the Practice Lead of Bonadio’s IT/IS Enterprise Risk Management Team. Carl also serves as the Chief Information Security Director at one of the area’s largest insurance companies. Prior to joining Bonadio, Carl served as a Technical Marketing Manager with a $1 billion information technology supplier, a Business Development consultant with a national engineering and consulting firm, and a Systems Engineer with an international electronics distribution company.
Carl has more than 28 years of experience in Information Technology and Information Systems Security and Architecture, Deployment, Project Management, Security by Design, and Governance. His expertise in Technology Controls, Physical, Administrative, and Technical Security, System Development Life Cycling, Enterprise Risk Management, Business Impact Analysis, and Disaster Recovery Planning has been applied across companies with 10 to 17,000+ employees across almost all vertical markets. That, along with over 14 years in auditing and standards compliance experience in HIPAA, HITECH, Red Flag Rule, Sarbanes Oxley, SAS70/SSAE16, WebTrust, SysTrust, Graham-Leach Bliley, PCI DSS, ISO 27001/2, FERPA, FISMA controls, and the successful application of the best practices of ISACA, OWASP, CSA, GTAG, COBIT, COSO, OAG, OVAL, ITIL Foundation, and IIA/AICPA, creates a valuable and unique blend of talent.
He is a member of the Information Systems Audit and Control Association (ISACA), HIMSS, Healthcare Financial Management Association (HFMA), Systems Administration Networking and Security Institute (SANS), and the Association of Certified Fraud Examiners (ACFE). He is a certified HIPAA Privacy and Security Auditor, Certified Information Systems Auditor (CISA), and Certified GIAC PCI Auditor and holds a Master Certification in Computer Forensics from the IEEE. Carl is a member on the Healthcare Information Technology Standards Panel of the American National Standards Institute (ANSI). He has also published articles on: The CIA Triad: Confidentiality, Integrity and Availability – Ethical Hacking for Internal Risk Management – Document Retention: How to Avoid Six Figure Legal Fees and Cloud Computing Audit and Security Requirements.
Developing Organization: The Bonadio Group

Big Firm Capability. Small Firm Personality.
The Bonadio Group is comprised of a set of different companies, alliances and strategic partnerships that taken as a whole, delivers over fifty different services.
Complementing this structure is the diverse spectrum of law firms, banks, government officials and programs, regulators, insurers, venture capitalists, & MORE that we have built over the years into one of the area’s largest referral networks.
In effect, if you have a financial need, issue or problem—whether you’re a commercial company, a not-for-profit, or an individual—yes, we can help through our association, our affiliations, or through any one or combination of the Bonadio family of companies, described below.