In most cases, healthcare organizations have a window of about ten days to prepare for a HIPAA audit. However, a “Phase 3” on-site audit means auditors can show up without prior warning or preparation time to see if all policies and practices are under compliance.

Even organizations that aren’t randomly selected for an audit may face stiff penalties if they are found to be non-compliant. Hence, it pays to be proactive so that when and if the time does come for an audit, the organization is ready.

There are several issues a HIPAA auditor will look out for and certain violations will carry hefty fines. For example, third-party patient health information (PHI) disclosure, improper PHI disposal, lax training, breaches of a database, and a lack of portable device PHI encryption are all violations that may come up during an audit, and these are considered the one with the largest fines. There are other violations that may arise, such as disclosing more than the minimum necessary PHI. Outpatient facilities, pharmacies, and general hospitals are among the organizations that commonly run into some of these aforementioned violations.

Risk assessments, identification of high-risk assets, and PHI monitoring are some of the ways to be proactive and ready in the event of a future HIPAA audit.

To read more, visit

This update is by Medical Accounts Systems, a full-service healthcare revenue cycle management company providing a number of services including insurance follow up and managed care disputes, physician reimbursement, extended business office services, and more. For additional information on our services or for any questions you may have on topics such as medical revenue cycle consulting, please call 877-759-6315.