An audit process employs common audit techniques. If selected for an audit, OCR will review and analyze information from reports. For example, Covered Entities may be required to compile a list of Business Entities. Results of an audit may indicate types of corrective actions that are recommended or mandatory. However, should an audit indicate a serious compliance issue, OCR may initiate a compliance review to further investigate.
This Audit Manual provides tools for both Covered Entities and Business Associates to improve compliance and have the materials in place if an audit should occur. We provide compliance frameworks and checklists for Security, Privacy and Breach Notification Rules as well as recommendations for Cloud, Social Media and Mobile Policies.
However, the primary rationale is that organizations can use this manual to self-audit; which is one of the Standards contained in the Security Rule. Finally, this manual consolidates many of our products into one. It was intended to have the most significant pieces of the puzzle consolidated into one document. Although we generally do not favor “paper” this is the one document that we suggest that you print. Why? Because it is visible demonstrable evidence that is intended to reflect your HIPAA Compliance Initiative. It is something that you can hand to an auditor, a new compliance officer, your CEO—and they will be able to tell that the organization has taken a comprehensive approach to HIPAA compliance.
Below is a sample of what is contained in this Audit Manual Offering.