Skip Navigation Links
Home
About
Products and Services
Solutions
Industries
Resources
Partner Community

HIPAA Audits

Compliance 360 – Solutions for HIPAA Audits

The HHS Office for Civil Rights (OCR) is piloting a program to perform as many as 150 audits of covered entities to assess privacy and security compliance by the end of 2012 as mandated under the HITECH Act. The audits will be focused on assessing whether each covered entity: (1) has comprehensive policies and procedures that address critical requirements of the HIPAA Privacy and Security Rules; and (2) has implemented these policies and procedures through routine operations in a manner consistent with the Rules.

While the audit program for 2012 affects a small percentage of covered entities, there are indications that the audits will continue beyond 2012. There are incentives in the HITECH Act that allow OCR to retain any settlement amounts or penalties resulting from privacy and security enforcement. The continuation of this audit program may be a prime candidate for the allocation of such funds. OCR's initial statements regarding business associates and issue-focused audits suggest plans for future audits beyond 2012.

HIPAA Compliance Challenges

Demonstrating that you have a comprehensive and effective program for managing HIPAA compliance rules requires planning and preparation. While the focus of the initial audit program is to measure the state of compliance in general, the findings of the audits may lead to further investigations with the potential for formal enforcement actions. Given the potential impact, all covered entities should prepare to demonstrate evidence of compliance and maintain an "audit-ready" state. Suggested actions include:

  • Review all privacy and security policies and procedures to ensure they are up-to-date and reflect actual practice
  • Perform self-assessments to detect issues of non-compliance with the requirements and initiate corrective actions where necessary
  • Conduct knowledge assessments to demonstrate that employees have received appropriate HIPAA training
  • Review the current methods used for investigating reported HIPAA violations
  • Review business partner relationships to understand where PHI is used outside of your organization and ensure that appropriate Business Associate Agreements (BAAs) are in place
  • Review auditing and monitoring practices to ensure that you are proactively looking for areas of non-compliance\

How can Compliance 360 help you with HIPAA Compliance Audits?

Compliance 360 provides a comprehensive set of integrated solutions to specifically support covered entities in preparing for these audits. These include: access to up-to-date HIPAA privacy and security rules with background analysis and best practices, pre-built risk assessment questionnaires for each requirement, as well as identification and facilitation of corrective actions, facilitation of auditing and monitoring, automated HIPAA knowledge assessments, automating the intake and response to reported privacy and security incidents including unauthorized disclosures of PHI, organization and management of relevant policies and procedures, business associate relationship management including BAAs, and support of a state of continual readiness for audits.

Additional HIPAA and HITECH Resources

Learn More

To learn how leading financial services organizations are using Compliance 360 to minimize their compliance overhead and risks, and how you can be doing the same, contact us today.

grc community

Learn & NetworkSAI Global GRC Community

News, insights, opinions, events, and resources of value to compliance, legal, risk, ethics and audit professionals in healthcare.

Compliance Management for Property and Casualty Insurance

On-Demand demonstration of Compliance 360Compliance 360 Compliance Management for Insurance

Learn how Compliance 360 is used to manage regulatory compliance requirements in property and casualty insurance.

Compliance Management for Health Insurance

On-Demand demonstration of Compliance 360Compliance 360 Compliance Management for Insurance

Learn how Compliance 360 is used to manage regulatory compliance requirements in health insurance.

Regulatory Change Management for Insurance Organizations

On-Demand demonstration of Compliance 360Compliance 360 Stark Compliance for Healthcare Providers

Learn how Compliance 360 is used to monitor and manage regulatory change affecting insurance organizations.

Complaint Management for Insurance Organizations

On-Demand demonstration of Compliance 360Compliance 360 Complaint Management for Insurance Organizations

Learn how Compliance 360 is used by insurance organizations to manage complaints.

CMS Managed Care Compliance Assessments in Compliance 360

On-Demand demonstration of Compliance 360Compliance 360 Complaint Management for Insurance Organizations

Learn how Compliance 360 is used to automate CMS Managed Care Compliance Assessments.

Managing Vendor Compliance and Third Party Risk

On-Demand demonstration of Compliance 360Compliance 360 Vendor Compliance and Third Party Risk

Learn how Compliance 360 is used to ensure vendor compliance and third party risk.