The HIPAA Security Rule requires organizations, at a minimum, to conduct periodic internal audits to evaluate processes and procedures intended to secure confidentially or “protected health information” (PHI) (45 CFR 164.308(a)(8)). It is often advisable to seek an external review or audit but the provisions of the security rule do not specifically require this. In most cases, this will be determined by the size of the organization, line of business, and, sometimes, contract requirements (i.e., Medicare, Medicaid, etc.). The purpose of the audit is to determine if an organization has properly documented administrative, physical, and technical security practices, policies, and procedures and generally meets the requirements of the rule.
Objective of HIPAA Audit and Evaluation for Compliance
- Assess if all vulnerabilities have been addressed.
- Verify that all compliance requirements have been met.
- The objective of the Audit Control standard is to implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
List of documents for HIPAA Audit Template:
- HIPAA Comprehensive Audit Checklist
- HIPAA Privacy & Security Audit Report – Sample
- HIPAA Security Abbreviated Audit Checklist final
- HIPAA Security Audit Executive Presentation
- Information Security Audit Template
Template Cost: $300.00
For multi-entity licenses or templates, contact Bob Mehta at (515) 865-4591 for discounted pricing.