The HIPAA Security Rule requires organizations, at a minimum, to conduct periodic internal audits to evaluate processes and procedures intended to secure confidentially or “protected health information” (PHI) (45 CFR 164.308(a)(8)). It is often advisable to seek an external review or audit, but the provisions of the security rule do not specifically require this. In most cases, this will be determined by the size of the organization, line of business, and, sometimes, contract requirements (i.e., Medicare, Medicaid, etc.). The purpose of the audit is to determine if an organization has appropriately documented administrative, physical, and technical security practices, policies, and procedures and generally meets the requirements of the rule.
The objective of HIPAA Audit and Evaluation for Compliance
- Assess if all vulnerabilities have been addressed.
- Verify that all compliance requirements have been met.
- The objective of the Audit Control standard is to implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronically protected health information.
List of documents for HIPAA Audit Template:
- HIPAA Comprehensive Audit Checklist
- HIPAA Privacy & Security Audit Report – Sample
- HIPAA Security Abbreviated Audit Checklist final
- HIPAA Security Audit Executive Presentation
- Information Security Audit Template
Template Cost: $300.00
For multi-entity licenses or templates, contact Bob Mehta at (515) 865-4591 for discounted pricing.
USER RATING: HIPAA Audit Template Suite is rated 4.8 out of 5 by 1225 users.