Prepare for a Potential HIPAA Inspection

Posted by CFR Multimedia
CFR Multimedia
Keeping you up to date on the latest risk & insurance topics
User is currently offline
on Wednesday, 14 March 2012
in Benefits Buzz

In November 2011, the Office for Civil Rights began conducting HIPAA compliance audits. With fines for non-compliance often topping $1 million, it's vital that your company is prepared:

Ensure all your HIPAA-related policies and procedures are updated and compliant. Also think about other documentation an auditor may request, so that you can prepare it now.

  • If you haven't already, identify all vendors that handle protected health information and negotiate business associate agreements with each.
  • Covered entities are required to periodically conduct a formal risk analysis. If you haven't done one in the past year, do one now and document the entire process in case of an audit.
  • Covered entities are also required to formally evaluate their program to ensure HIPAA compliance and compliance with recent changes such as the HITECH Act. If you haven't done this type of evaluation, do so now, document the process, and make changes to your policies and procedures as necessary.
  • Make sure your employees are properly trained on HIPAA-related requirements and practices.
  • An auditor will ask which individuals in your company can speak to each aspect of HIPAA implementation. Identify these subject matter experts and ensure they are properly trained.
  • Explain the importance of timeliness to whoever may receive the initial audit communications—deadlines are generally short.
  • You may also consider consulting with an attorney to ensure your company is complying with all HIPAA provisions and not at risk of crippling fines for noncompliance.

If you need assistance with preparing for a compliance audit, we have many employee benefit tools available to help you.  Please contact us at to get started.

Kathy Mitchell is our resident HIPAA expert.  She has extensive experience in training employers and personnel responsible for privacy and security compliance.  Kathy will be presenting a breakout session on HIPAA at the upcoming 2012 Oklahoma Human Resources State Conference and Expo on April 26th in Tulsa, OK.  For more info:



Tags: Untagged


No comments made yet. Be the first to submit a comment

Leave your comment

Guest Sunday, 19 February 2017