Compliance

Top 10 Questions Most Organizations Fail During a HIPAA Audit

Last Updated: February 14, 2024

by Antonio Stroman Axis Cloud Sync

Forget about a full blown HIPAA audit with over 192 questions for covered entities (CE’s), most organizations fail and are considered out of compliance within the first 10 questions. HIPAA in the past few years has become the latest 5 letter bad word in the healthcare industry. With confusing terminology and enormous fines, non-compliance can be more than a financial setback, you could end up in prison. So how does your organization stack up? We’ve included 10 questions from the HIPAA Security Rule for you to perform a partial self-audit and see for yourself.

10 Questions from the HIPAA Security Rule

10 Questions from the HIPAA Security Rule
Section Key Activity Audit Procedures Implementation Your Answer
§164.308 Conduct Risk Assessment Inquire of management as to whether formal or informal policies or practices exist to conduct an accurate assessment of potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI. Required YES/NO
§164.308 Implement a Risk Management Program Inquire of management as to whether current security measures are sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with § 164.306(a). Required YES/NO
§164.308 Select a Security Official To Be Assigned Responsibility for HIPAA Security Inquire of management as to whether the organization has assigned responsibility for the HIPAA security to a Security Official to oversee the development, implementation, monitoring, and communication of security policies and procedures. Required YES/NO
§164.308 Develop and Implement Procedures to Respond to and Report Security Incidents Inquire of management as to whether there are formal or informal policies and/or procedures in place for identifying, responding to, reporting, and mitigating security incidents. Required YES/NO
§164.308 Develop Contingency Planning Policy Inquire of management as to whether a formal contingency plan with defined objectives exists. Required YES/NO
§164.308 Data Backup Plan and Disaster Recovery Plan Inquire of management as to whether disaster recovery and data backup plans exist to restore any lost data. Required YES/NO
§164.308 Encryption and Decryption Inquire of management as to whether an encryption mechanism is in place to protect ePHI. Addressable YES/NO
§164.308 Implement Methods for Final Disposal of ePHI Inquire of management as to how the disposal of hardware, software, and ePHI data is managed. Required YES/NO
§164.308 Develop and Implement an Emergency Mode Operation Plan Inquire of management as to whether policy and procedures exist to enable the continuation of critical business processes that protect the security of ePHI while operating in emergency mode. Required YES/NO
§164.308 Develop Recovery Strategy Inquire of management as to whether procedures exist for recovering documents from emergency or disastrous events. Required YES/NO

If you were able to answer yes to each one of these questions, congratulations you’re well on your way to being compliant with the latest changes in the HIPAA laws but if you answered no to just one of these questions, then your organization is considered out of compliance and could possibly face fines of up to $1.5 million and possible jail time. If you noticed, each one of the questions by the auditors is addressed to management and it’s critical that HIPAA compliance becomes a top priority within your organization.

We don’t want you to take our word for it, take a look at some of the latest enforcement actions that have been levied on those for non-compliance.

Explore our web site to see a Demo and learn more about how we can help lower your over-all mileage reimbursement.

Thumbnail
The CompanyMileage Team

Written by The CompanyMileage Team

Marketing

CompanyMileage helps hundreds of organizations across multiple industries effectively manage the cost of reimbursing employee mileage expenses through it's mileage and expense management software solutions.

Share this blog

What Should Your Mileage Rate Actually Be?

Determine an estimated mileage rate based on gas prices in your area.

$
Hero Background Image

Calculate How Much You Can Save with Our Mileage Reimbursement Software

Ready to see what CompanyMileage can do for your bottom line? Learn how using an accurate, efficient, and simple mileage reimbursement software can translate to over $1,000 in annual savings per mobile employee!

Why Do So Many Organizations Choose CompanyMileage?

There’s a reason why hundreds of organizations prefer using CompanyMileage to track over 500 million miles a year, submit expenses, and process reimbursements. Discover how easy the process can be with the right tools.

Request A Quote For Your Business Today

On average, our clients experience a tenfold return on investment with CompanyMileage. Don't miss out on these savings – reach out to us today and see how much you could save!

Calculate Your Savings

Watch a Demo

Get a Quote