The HIPAA Security Rule requires organizations, at a minimum, to conduct periodic internal audits to evaluate processes and procedures intended to secure confidential or "protected health information" (PHI) (45 CFR 164.308(a)(8)). It is often advisable to seek an external review or audit but the provisions of the security rule do not specifically require this. In most cases, this will be determined by the size of the organization, line of business, and, sometimes, contract requirements (i.e., Medicare, Medicaid, etc.). The purpose behind the audit is to determine if an organization has properly documented administrative, physical and technical security practices, policies, and procedures and generally meets the requirements of the rule.

Objective of HIPAA Audit and Evaluation for Compliance

The objective of HIPAA Audit includes the following activities:

• Assess if all vulnerabilities have been addressed.
• Verify that all compliance requirements have been met.
• The objective of the Audit Control standard is to implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

List of documents for HIPAA Audit Template:

• HIPAA Comprehensive Audit Checklist
• HIPAA Privacy & Security Audit Report - Sample
• HIPAA Security Abbreviated Audit Checklist final
• HIPAA Security Audit Executive Presentation
• Information Security Audit Template

Total cost: $300 Buy Now (Opens in New Window)

All the templates come in Microsoft Word/excel files so you can add, change and delete content as required to complete your HIPAA Audit. If you have any questions, or if you wish to see samples from suite, please feel free to contact us at Bob@hipaacompliancesoftware.net or call on (515) 865-4591.