Skip to main navigation

Three steps to prepare for a HIPAA audit - Whats the fix - Ernst & Young - Global

Three steps to prepare for a HIPAA audit

What's the fix?

  • Share

Organizations should have an effective HIPAA governance structure in place.

CEs should take the following immediate actions to prepare for the pending HIPAA audits:

1. Conduct a comprehensive risk assessment of the HIPAA program. Even CEs with HITRUST certifications will need to perform an assessment of their risk landscape.

2. Establish a HIPAA audit response team. The team should collect and organize all key documents related to executing the HIPAA program such as:

  • Letters of designation for privacy and security officers
  • A copy of the preemption analysis for determining the most stringent provisions between HIPAA and other federal, state and local health care laws
  • Privacy and security policies, procedures and relevant forms
  • A copy of HIPAA training records
  • A sample of the current Notice of Privacy Practices (NPP), supplemented by archived versions
  • A copy of most recent internal privacy and security risk assessments, supplemented by archived versions
  • An inventory of implemented physical, administrative, and technical security controls
  • Copies of HIPAA program governance reports submitted to executive management
  • A copy of the privacy compliance logs with supporting resolution plans
  • An inventory of business associates agreements (BAAs)

3. Develop a communications and engagement plan for initiating the pending HIPAA audit. A communication plan should set expectations for executive management, staff and OCR auditors. The plan should also include a rapid response plan for the PR department related to media inquiries or reports.

These recommendations assume that the organization already has an effective HIPAA governance structure in place to address the complexities of the regulations and the broad number of business stakeholders required to support the program.


<< Previous | Next >>

Inside

Answers to your questions, at a glance
5: insights for executives series asks five questions to get to the core of an issue — and answers them at a glance.

Related content


Download


Contact us

  • Glen E. Day
    Senior Manager
    Advisory Services
    +1 805 778 7030

  • Reza Chapman
     Senior Manager
    Advisory Services
    +1 602 369 4952

Feedback

Back to top