Preparing For a HIPAA Audit

What network auditing tool can help me prepare for a HIPAA audit?

Tool? You want a network auditing tool to prepare for a HIPAA audit?

Back up and learn what questions will you be asked in a HIPAA audit. It is mainly documentation you need to have ready. Documented policies, documented procedures, and training records. You’ll need documentation of tools installed to monitor systems and encrypt personally identifiable information.

See the Computerworld article The 42 Questions HHS May Ask. See the HIPAA Audit Checklist at CompliancesForum.

Keep staff informed

  • Review business processes and security policies with staff. Review any implementation plans. Staff should be aware of company policies and compliance plans.
  • Staff should be prepared to answer questions. Everyone should be providing the same answers.
  • Let staff know that an auditor will be making a visit.
  • Review with staff the questions the auditor will ask and what documentation the auditor will want to see. This includes data-handling and data-classification policies, data loss prevention technologies, risk assessments and security awareness training.

HIPAA policies, plans and procedures documentation

  • Have all information on hand. This includes documented security policies, risk assessments, data handling, disaster recovery, data loss prevention (DLP) technology andfuture security plans. Be prepared for a verbal summary, but expect it to be ignored in favor of written documents.

Be cooperative and stay calm

  • Work with the auditor. Cooperate. Provide as much material and information as they inquire about.
  • Expect the auditor to identify shortcomings in their review. Do not be defensive. Make sure the auditor’s findings are accurate; there can be errors.
  • If an auditor finds a problem, examine your processes and systems to correct the error and prevent future errors.
  • If an auditor misses a problem, take steps to correct it as well. Auditing is a test, and not your only continuous improvement review.

Comments are closed.