SOC26101. "Trust Me, I’m an Auditor": SOC 2 Privacy Criteria and HIPAA Compliance Explained

**INCLUDED IN ALL-ACCESS PASS | IN PERSON ONLY | PRE-REGISTRATION IS REQUIRED**

This session starts with exploring the SOC 2 Privacy category and when to apply it, what controls matter, and how to audit effectively. The second part of the session will navigate HIPAA compliance for CPAs serving healthcare clients, with practical guidance on risk, rules, and remediation.

Learning Objectives:

• Recognize the AICPA Privacy Criteria , P1–P8, by translating each criterion into audit objectives, control expectations, and evidence requirements for a SOC examination.
• Distinguish privacy roles within an organization as a controller, processor, or joint party, and the resulting implications for scope, responsibilities, and testing.
• Identify privacy control design and operating effectiveness in what auditors test across notice, consent, collection, retention/disposal, access, disclosure, and incident response, and selecting defensible evidence.
• Identify the HIPAA Security Rule requirements and how they overlap with SOC 2 Common Criteria and the AICPA Privacy Criteria, and where additional HIPAA-specific controls or documentation are required beyond SOC reporting.