What Do You Need To Know About HIPAA Internal Audit?

Greg Garner
January 31, 2012 — 1,264 views  
Become a Bronze Member for monthly eNewsletter, articles, and white papers.

The Health Insurance Portability and Accountability Act (HIPAA) was passed as a federal law in 1996 and this regulates how protected patient information can be stored and accessed. There are various organizations known as covered entities as per HIPAA that will need to follow all the rules and regulations for accessing, storing and transmitting the confidential information of patients.

The U.S Department of Health and Human Services is entrusted with the responsibility to check whether all the provisions of Health Insurance Portability and Accountability Act are fulfilled by the health care providers. This task of testing compliance is done by auditors who use a checklist to determine there has been any sort of violation of HIPAA.

What Are The Top 5 HIPAA Internal Audit Checks That You Need To Be Aware Of?


  1. All organizations that will be storing, accessing and transmitting protected medical information of patients will need to ensure that periodic risk assessment sessions are done to ensure compliance of the Health Insurance Portability and Accountability Act. These risk analysis will help in identifying the threats to the confidential information of patients.
  2. The audit checks will also need information about how the medical records of patients are transmitted electronically. When files are sent as emails, it is necessary that they are password protected. Apart from this they must also be sent from a secure platform and should be encrypted.
  3. Violations will also be included in the checklist. This will help in determining whether the violations were intentional or unintentional and what remedial measures have been taken after detection of the violations. There is usually a time limit for clearing the violation and this need to be followed. It is usually thirty days and can be extended at the request of the institution.
  4. Check to see whether physical access to the electronic storage facility is restricted only to authorized individuals. If the medical records are stored in physical form they would need to be kept in a secure place and its access should be restricted. The audit will also check about this aspect and this will help in determining the safety of the medical records in physical form.
  5. The HIPAA internal audit will also check whether anti-virus programs, firewalls and passwords have been installed and used to safeguard all confidential information of patients. Internet usage, encryption software and server configurations will also need to be checked.


There will also be checks to determine whether the health care providers have a contingency plan in case of an emergency or if there is any temporary disruption in the storage and transmission of information. It is very important that all covered entities should have a contingency plan in place.

Apart from all these checks the HIPAA internal audit will also determine whether the individuals who will be accessing and storing the vital information of patients have the necessary skills to undertake such an important task. It is the responsibility of the employer to ensure that all employees are adequately trained in the various provisions of the Health Insurance Portability and Accountability Act.



For more information, please visit our HIPAA Certification website.

Article Source: http://EzineArticles.com/?expert=Greg_Garner

Greg Garner