Reciprocity Labs zenGRC

Make Risk & Compliance Easy

Preparing for a HIPAA Audit:

A Step by Step Guide


Getting notified of an impending Health Information Portability and Accountability Act (HIPAA) audit can be a nerve-wracking experience.

You may not know precisely why you are being audited, and you probably will not have much time to prepare. The penalty for failure can be steep—findings of noncompliance by the U.S. Department of Health and Human Services Office for Civil Rights (OCR)—can incur fines of as much as $25,000 per single record compromised.

Most who pay these fines do so because they are not ready when the auditors knock on their door. Too often, health care providers and other processors of personal health information (PHI) delay preparing for an audit until the OCR’s letter of notification arrives—too little, too late.

Rarely has the word “proactive” held so much weight. If your enterprise collects, processes, or stores PHI, it will be audited at some point. When that time comes, will you be prepared?

Download this checklist to learn who to do to organize and prepare your company for a HIPAA audit.