Skip Navigation Links
Products and Services
Partner Community

HIPAA Audits

Compliance 360 – Solutions for HIPAA Audits

The HHS Office for Civil Rights (OCR) is piloting a program to perform as many as 150 audits of covered entities to assess privacy and security compliance by the end of 2012 as mandated under the HITECH Act. The audits will be focused on assessing whether each covered entity: (1) has comprehensive policies and procedures that address critical requirements of the HIPAA Privacy and Security Rules; and (2) has implemented these policies and procedures through routine operations in a manner consistent with the Rules.

While the audit program for 2012 affects a small percentage of covered entities, there are indications that the audits will continue beyond 2012. There are incentives in the HITECH Act that allow OCR to retain any settlement amounts or penalties resulting from privacy and security enforcement. The continuation of this audit program may be a prime candidate for the allocation of such funds. OCR's initial statements regarding business associates and issue-focused audits suggest plans for future audits beyond 2012.

HIPAA Compliance Challenges

Demonstrating that you have a comprehensive and effective program for managing HIPAA compliance rules requires planning and preparation. While the focus of the initial audit program is to measure the state of compliance in general, the findings of the audits may lead to further investigations with the potential for formal enforcement actions. Given the potential impact, all covered entities should prepare to demonstrate evidence of compliance and maintain an "audit-ready" state. Suggested actions include:

  • Review all privacy and security policies and procedures to ensure they are up-to-date and reflect actual practice
  • Perform self-assessments to detect issues of non-compliance with the requirements and initiate corrective actions where necessary
  • Conduct knowledge assessments to demonstrate that employees have received appropriate HIPAA training
  • Review the current methods used for investigating reported HIPAA violations
  • Review business partner relationships to understand where PHI is used outside of your organization and ensure that appropriate Business Associate Agreements (BAAs) are in place
  • Review auditing and monitoring practices to ensure that you are proactively looking for areas of non-complianc

How can Compliance 360 help you with HIPAA Compliance Audits?

Compliance 360 provides a comprehensive set of integrated solutions to specifically support covered entities in preparing for these audits. These include: access to up-to-date HIPAA privacy and security rules with background analysis and best practices, pre-built risk assessment questionnaires for each requirement, as well as identification and facilitation of corrective actions, facilitation of auditing and monitoring, automated HIPAA knowledge assessments, automating the intake and response to reported privacy and security incidents including unauthorized disclosures of PHI, organization and management of relevant policies and procedures, business associate relationship management including BAAs, and support of a state of continual readiness for audits.

Additional HIPAA and HITECH Resources

Learn More

To learn how leading healthcare organizations are using Compliance 360 to minimize their compliance overhead and risks, and how you can be doing the same, contact us today.

grc community

Learn & NetworkSAI Global GRC Community

News, insights, opinions, events, and resources of value to compliance, legal, risk, ethics and audit professionals in healthcare.

Preparing for Proactive HIPAA Audits

On-Demand demonstration of Compliance 360Compliance 360 HIPAA Audits

Learn how Compliance 360 is used to manage Stark regulations and physician compliance.

Compliance Management for Healthcare

On-Demand demonstration of Compliance 360Compliance 360 Compliance Management for Healthcare

Learn how Compliance 360 is used to manage regulatory compliance requirements in healthcare provider organizations.

Protect Your Organization from HITECH Privacy Breach Sanctions

On-Demand demonstration of Compliance 360Compliance 360 HITECH

Learn how Compliance 360 is used to manage the HITECH Privacy Breach Compliance Requirements.

Compliance Management for Health Insurance

On-Demand demonstration of Compliance 360Compliance 360 Compliance Management for Health Insurance

Learn how Compliance 360 is used to manage regulatory compliance requirements in health insurance.


Complex and Evolving Privacy LawPrivacy Whitepaper

Rebecca Herold makes the case for global Privacy education and gives tips on how to do it right.

free trial

Privacy KnowledgebasePrivacy Database Free trial

Our online searchable Privacy database includes 70 country profiles and industry sector guidance for the US, UK and Australia.