855-447-2210 [email protected]

OCR Audit readiness

Properly responding to an OCR or CMS HIPAA audit is critically important. A lack of preparation or improperly completed questionnaire can trigger a deeper audit or even penalties. Proper response begins long before the audit notice is received. Its essential to take a proactive approach to HIPAA compliance and HIPAA audit response. Random audits are rare but audits related to a breach or patient complaint are more common.
HIPAA audits are used by OCR and CMS to evaluate an organizations HIPAA compliance as it relates to health information privacy, security and breach notification activities. While random audits are still technically possible the OCR has not recently performed a significant number of these. What are more common are those performed by CMS under the promoting interoperability program or by OCR as a result of a breach or complaint.

Whatever the trigger, organizations need to prepare for an audit to ensure a proper response and hopefully minimize any potential findings. The key to surviving an audit is being able to accurately communicate your compliance program status to the auditor. Simply not having information available can lead to increased focus and in some cases severe financial penalties.

The high level steps for audit readiness are:
  1. Have a current Security Risk Assessment
  2. Know where your compliance documentation is stored
  3. Have all identified gaps documented
  4. Develop and maintain a remediation plan
  5. Maintain risk management records
  6. Train your workforce
  7. A communication plan

How we can help

Loricca’s audit readiness services and solutions can help you determine what’s addressable, required and not required under certain circumstances. Our team can evaluate your readiness, help develop your response plan, and assist during an audit. A poorly worded response can complicate the audit and trigger additional rigor from the audit team. Our long experience interfacing between organizations and auditors or legal authorities can help ensure the correct information is communicated.

Preparing before an audit will reduce the workload and ensure you can respond with confidence in the event of an audit. Services provided under our OCR Audit Readiness program include a Audit Preparation and Audit Support.

    •  Readiness Assessment – we will evaluate your organizations ability to properly respond to a HIPAA Audit
    • Audit Preparation – Loricca will work with your team to develop the response plan and ensure your organization is ready
    •  Audit Support – Loricca will work with your team to review audit requests and develop responses which demonstrate an accurate depiction of your compliance

More Security Options