Are You Ready for a HIPAA Audit?

As any healthcare provider or collection agency for healthcare knows, HIPAA stands for the Health Insurance Portability and Accountability Act, which is a 1996 Federal law that restricts access to individuals' private medical information.

The HIPAA Privacy Rule provides the national regulations for the use and/or disclosure of an individual's health information. Essentially, the Privacy Rule defines how covered entities use individuals’ Personal Health Information (PHI). HIPAA has a large quantity of regulations that must be followed to ensure that patients’ health information is secure in all methods of transfer and storage, especially electronic, in order to limit the use of PHI and minimize the chance of its inappropriate disclosure.

Along with the rules come HIPAA audits. HIPAA strictly investigates compliance-related issues and holds violators accountable with civil or criminal penalties for violating the privacy of an individual's PHI. Any provider subject to HIPAA standards is also subject to a potential audit of their privacy, security and breach notification statuses. Therefore, it is wise for a healthcare provider or collection agency to be ready in case an audit happens.

While this article cannot cover all aspects or areas that a HIPAA audit might examine, it can look at areas that are of most interest. One of the easiest ways to put patients at ease and address the regulation issue before it even really becomes an issue is to have your core HIPAA program in place and active. While audits can seem complex, HIPAA focuses on a few core areas that you can use to ensure your practice or organization are ready to prepare for audits that might be coming. You will want to start by asking yourself a few key questions.

  • Do you have written policies and procedures in place that address HIPAA standards?
  • Are those policies and procedures accessible and have all the staff members been trained on them?
  • Have all your electronic data storage and transfer systems been audited to the most current HIPAA standards?
  • Do you perform regular risk assessments? Are those assessments documented?
  • Do you have an incident response plan in case there is a breach of PHI?
  • How are you addressing data security? Do you consider all aspects of data transfer; online, mobile devices and agent interaction?
  • Are your business associates fully HIPAA compliant?
  • Is your payment processing software/vendor fully HIPAA compliant?
  • Do you have a training program in place that properly informs new staff members and periodically refreshes existing workers on HIPAA compliance?


These questions barely scratch the surface of HIPAA regulations, but they are a good place to start. To learn more about the HIPAA requirements, visit the Health and Human Services Audit Protocols page.

BillingTree has completed the 2016 assessment in line with the Health Information Portability and Accountability Act (HIPAA) Security Rule. The HIPAA assessment certifies that BillingTree’s processes, procedures and controls have been formally evaluated and tested against guidelines laid out by the U.S Department of Health and Human Services. To view or download a copy of the Certificate of Validation for BillingTree’s PCI-DSS 3.1, HIPAA and SSAE-16, Click Here.

BillingTree has the latest technology and the best programs in order to help their clients grow their businesses easily, quickly and within full compliance. To learn more about how BillingTree can help you, contact BillingTree or call us at 877-424-5587.