How NOT to Fail a HIPAA Audit
IT Support in Seattle

HIPAA (Health Insurance Portability and Accountability Act) was passed in 1996 with two primary objectives: to ensure individuals maintain their health insurance between jobs and to ensure the confidentiality of patient information. During a recent webinar, Bob Grant, Co-Founder of the Compliancy Group, discussed how healthcare organizations and business associates can avoid failing an audit when it’s time to prove their compliance.

He expressed that many healthcare organizations and business associates believe they’re compliant if:

  • They’ve paid for an expensive risk assessment to review the technical side of their organization.
  • They’ve paid for training to keep all of their staff members up-to-date on the requirements for compliance.
  • They’ve paid for someone to create policies and procedures to help them maintain compliance.

Unfortunately, those healthcare organizations and business associates would fail an audit if they’re trusting that one or two of the tasks above are keeping them in compliance. Why? Because covered entities need all of the above, in order to create a proper compliance plan.

What Happens When You Experience a HIPAA Violation?

The cost of a HIPAA violation is hefty with penalties for noncompliance based on the level of negligence – ranging from $100 to $50,000 per violation/record with a maximum penalty of a staggering $1.5 million per year for violations that are identical to previous instances.

To make matters worse, hackers are targeting healthcare organizations as they carry sensitive data. Anthem, a health insurance company, experienced one of the largest data breaches in the last few years. Hackers broke into their servers and stole over 78.8 million records – leaving 1 in 4 individuals throughout the US impacted.

How Does Compliance Change the Perception of Covered Entities? 

When you’re HIPAA compliant, the public feels more comfortable trusting you with their protected health information (PHI). Fitbit Inc. is a great example, as when they announced in a press release that they’re compliant, they watched their stock price go up 23% rather quickly.

How Can You NOT Fail an Audit?

For covered entities looking to avoid failing an audit, it’s vital to make sure you’re in compliance with:

  • Privacy Rule: Set standards for when PHI may be used and/or disclosed.
  • Security Rule: Implement safeguards to prevent unauthorized access to ePHI.
  • Breach Notification Rule: Notify HHS when unsecured PHI is breached.

This allows you to ensure you’re adhering to regulations associated with HIPAA and HITECH.  As those operating in the healthcare industry tend to notice, everything evolves at a rapid rate – from new policies to new regulations to new employees, you must stay ahead of changes while showing due diligence that you’re adhering to regulations.

This proves to be more difficult than most covered entities would assume, as shown here:

  • 70% of covered entities aren’t compliant.
  • 79% of covered entities fail their meaningful use audit

You must work with an experienced IT services company to help you handle the technical side of compliance – conducting a thorough assessment of potential risks, implementing the right safeguards, and documenting each and every step of the way to help you avoid failing an audit.


Apex is here to help you stay prepared for when auditors come knocking. Call us at (800) 310-2739 or email us at to learn about our managed IT services for healthcare organizations in Central and Northern California.

Looking For A New IT Company?

Download Our Free Guide To Selecting A New IT Firm.