What is a HIPAA Compliance Audit?

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

There are three ways to have the federal government, specifically the Office for Civil Rights, audit your organization’s HIPAA Compliance:

  1. Randomly: The OCR performs a HIPAA compliance audit for a few dozen organizations per year. In a large country like this, you probably don’t need to worry about a random HIPAA security audit.
  2. After a complaint: Patients are permitted to lodge complaints about the use of their PHI to HHS. In some cases, these complaints resulted in a HIPAA security audit.
  3. After a breach: If you have to report a breach of PHI to HHS, there is a very good chance you will be subject to a HIPAA compliance audit.


If your organization is audited, you must follow all HIPAA audit requirements in order to adhere to the HIPAA audit checklist.