How to prepare for a HIPAA audit…before it’s too late.

The Office for Civil Rights is auditing providers of all sizes regarding HIPAA compliance, meaning all employers are at risk. With OCR fines ranging from $215,000.00 to millions of dollars, it’s important to be prepared. Many healthcare employers are overwhelmed by the idea of conducting a risk analysis, others are unsure if a risk analysis is necessary.

The OCR has stated very plainly, that staying in compliance through periodic risk analysis is the best way to prepare for an audit.

Breaches can happen to anyone, at anytime. Be prepared.

How do you know if your business is going to face an OCR audit? OCR is looking for breach patterns. OCR announced that it will start by performing around 200 desk audits, before beginning a wave of Business Associate audits. OCR is looking to audit providers across a wide geographical distribution.

The way employers can escape hefty fines is by having the proper systems in place to prevent breaches, and to deal with breaches after the fact. A risk analysis looks at the potential risks and vulnerabilities to the confidentiality, availability and integrity of protected health information.

Where to begin?

While performing a comprehensive risk analysis might sound overwhelming, it’s the best (and the only) place to start. OCR puts the burden on employers to show that proper systems were in place, and appropriate steps were taken to avoid or deal with breaches.

Risk analysis should be completed at least annually, and determine:

  1. Where physical and electronic protected health information is stored;
  2. The current and potential risks to confidentiality;
  3. The likelihood of each risk;
  4. The measures in place to address risks; and
  5. The measures that need to be put into place.

Once a complete risk analysis is done, you need to begin implementing the methods to remedy risks and vulnerabilities. A full analysis and implementation is the best way to prepare your business for the coming HIPAA audit.

In our next blog post, we will keep you informed of related issues.  To get this important information delivered directly to your mail box, 

Do you need help conducting your risk assessment, and implementing your HIPAA compliance program?  We can help. To contact us about your risk assessment, compliance plan or your other legal needs:  CLICK HERE.


Related Posts


Recent Posts

Is the FTC Banning Non-Competes?
January 31, 2023
Legal Documents for Your Graduating Senior
January 26, 2023
Can I Terminate My Physician Employment Agreement?
January 24, 2023
Do You Worry About Your Parents’ Health?
January 19, 2023
How Do I Escape My Non-Compete Clause?
January 17, 2023


Enter your email to subscribe now and receive your FREE HIPAA Risk Assessment book!

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment.


Get it now for FREE (an $8.99 value!)

One more step! Please check your email to confirm your subscription and receive your FREE book!