The Security and Compliance Experts
Sales: 855-623-8329

HIPAA Compliance Audit

The HIPAA Compliance Audit Program is Ramping Up. Are You Prepared?

The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) gave HIPAA more bite by increasing penalties for non-compliance, establishing security breach notification requirements, directly applying compliance requirements to covered entities' "business associates", and granting new enforcement authority to state Attorneys General. HITECH also required the Department of Health & Human Services (HHS) to implement a HIPAA compliance audit program to ensure that covered entities and business associates comply with HIPAA privacy and security requirements as well as the new security breach reporting requirements.

HHS's implementation of the HIPAA compliance audit program ramped up in 2012. HIPAA covered entities and business associates (such as healthcare SaaS providers) need to be prepared for a HIPAA compliance audit.

The HIPAA Compliance Audit Program

The HHS Office of Civil Rights (OCR), the agency responsible for HIPAA enforcement, completed its pilot HIPAA compliance audit program in 2012. The OCR and its contractors audited more than 100 covered entities (healthcare providers, insurers, and clearinghouses) to verify their HIPAA HITECH compliance. With the pilot phase completed, the HIPAA compliance audit program will continue in 2013 and beyond, with an expectation of expansion to include audits of covered entities' business associates.

For an audited organization, the HIPAA compliance audit process includes several stages including notification, a requirement for submission of compliance-related documentation, an on-site visit of between three and ten days, and production of an audit report. If an audit report indicates a serious non-compliance issue, OCR may initiate a full compliance review and investigation.

The HIPAA Compliance Audit Protocol

OCR in 2012 published a HIPAA compliance audit protocol. The protocol, which is expected to evolve as OCR continues to conduct more audits, details more than 160 distinct audit criteria associated with HIPAA privacy, security, and breach notification requirements. Nearly half of the criteria have to do with HIPAA security requirements for IT infrastructures, as mandated by the HIPAA Security Rule. The Security Rule for IT HIPAA compliance requires administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic personal health data.

Layered Tech HIPAA Hosting: The Guaranteed Way to Pass the HIPAA Compliance Audit

The criteria for a HIPAA compliance audit are rigorous, complex, and evolving. The fastest, surest, and most economical way to ensure your organization's compliance to HIPAA requirements is to have your healthcare IT workloads hosted by Layered Tech, the compliant hosting experts. At Layered Tech we specialize in hosting platforms and applications that have strict security and regulatory requirements such as those imposed by HIPAA, PCI-DSS (credit card data), and FISMA (federal agency IT systems). We offer a range of managed HIPAA compliance solutions including dedicated servers, cloud platforms, and hybrid environments. Our compliant hosting service features a 100% Compliance Guarantee.

Learn more about how Layered Tech can help your organization ace your HIPAA compliance audit.

Need Help Narrowing the Choices?

Talk to a HIPAA Compliance Expert

I need:
  • HIPAA Cloud
  • Dedicated HIPAA Servers
  • HIPAA Managed Services
  • Not sure, help me choose
*
*
 
We respect your privacy No spam
You'll hear from us within 1 business day
Live Chat Contact Us

Get a Free Call with a HIPAA Compliance Expert

I need:
  • HIPAA Cloud
  • Dedicated HIPAA Servers
  • HIPAA Managed Services
  • Not sure, help me choose
No spam We respect your privacy
You'll hear from us within 1 business day
* Required

HIPAA Compliant Managed Services

Layer 4 managed services can be applied to any system or network device. Additionally, Layered Tech offers enterprise-level management of your database software (MS SQL, MySQL, Oracle) as an add-on to our system management services.


Monitoring is included when you purchase Layer 4 managed services for a system or network device.

Monitoring Layer 1 Layer 2 Layer 3 Layer 4
Site monitoring and system monitoring services for one hosted site/IP address on your server included included included included
24/7 monitoring and "first-responder" issue escalation included included included included
Issue troubleshooting and remediation   included included included
Customized escalation and remediation procedures     included included
Detailed performance statistics via client portal     included included
Synthetic transactions available for deployment to interrogate system health     included included
File integrity monitoring and remediation services       included