Section 13411 of The HITECH Act requires the Secretary of HHS to “provide for periodic audits to ensure that covered entities and business associates that are subject to the requirements of this subtitle and subparts C and E of part 164 of title 45, Code of Federal Regulations, as such provisions are in effect as of the date of enactment of this Act, comply with such requirements.”  That means compliance with the HIPAA Privacy and Security FINAL Rules. Here’s today’s big tip — Get started!  …here’s how…

HIPAA audits are a reality | HIPAA Audit TipsSo, where do I begin to Prepare for HIPAA Audits?

HIPAA HITECH compliance is not easy.  The blogsosphere is “lit up” with thoughts, ideas, recommendations, interpretations, prognostications and tips on how to become compliant, who’s going to audited and how to prepare for upcoming HIPAA audits.

Over the past couple of months, it has become very apparent that HIPAA enforcement is in effect, on the upswing and the consequences are serious.  The June 2011 hiring by the Office of Civil Rights (OCR) of KPMG, however, means enforcement may soon ramp up even more.

Many organizations are struggling with how / where to start.  Our recommendations are simple and straight forward and immediately result in your ability to demonstrate good faith effort, show documentation as evidence of same and produce tangible, actionable plans.

Six (6) Action Steps to Undertake Now to Prepare for HIPAA Audits:

  1. Complete a HIPAA Security Final Rule Self-Assessment (45 CFR 164.308(a)(8) Evaluation)
  2. Complete a HIPAA Privacy Self-Assessment
  3. Complete HIPAA Security Risk Analysis  (45 CFR 164.308(a)(1))(ii)(A) Risk Analysis)
  4. Review and update Privacy and Security Policies & Procedures
  5. Build Security Incident Management & Data Breach Response Policies & Procedures
  6. Engage and Assess BAs and Subcontractors in a “BA-Sub Summit Meeting”

The single best way to get started is to form a team AND immediately take stock of where you by completing the first two Steps above.

Call Clearwater Compliance at 800-704-3394 if you need help on any of these “jump-start” steps.

Wanna be even more hip on HIPAA? Learn more…

The complete HIPAA Privacy, Security and Breach regulations are here.

If you’d like keep up to date on Risk Analysis or HIPAA-HITECH in general, please also consider (all optional!):


Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.