How to Prepare for a HIPAA Audit

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) will be enforcing HIPAA compliance with a second round of audits. 

The upcoming audits serve as a follow up to the pre-audit surveys that OCR sent out earlier this year, described here.  OCR will be conducting a full audit of 400 of the 1,200 organizations initially surveyed. 

This time, OCR will focus more heavily on “high risk” areas, including mobile devices.  It is expected to begin the audits later this summer.

As OCR continues to push forward with HIPAA audits, it is becoming increasingly important for all covered entities and business associates to know how to prepare for a potential audit.  Here are five recommendations: 

1. Privacy and Security Officials – These officials should know what is expected of them and be identified in your policies and procedures. 

2. Risk Assessments – Conduct regular risk assessments to determine where your policies and procedures could be enhanced. 

3. Policy and Procedure Reviews – Review your policies and procedures on a regular basis to ensure that they comply with the latest regulations.  

4. Training – Keep your staff up to date on your policies and procedures by holding regular trainings.  Be sure to keep records of who attends the trainings as well as a copy of the materials presented. 

5. Self-Audit – Hold yourself accountable to your own standards.  It is important to be able to show the work that your organization has done to maintain or enhance HIPAA compliance. 

By following the above suggestions, you can keep your compliance on track and reduce audit anxiety.