HIPAA Audit & Compliance FAQs
How much does a HIPAA audit cost?
Pricing for a HIPAA audit depends on scoping factors, including what type of audit you need, physical locations, third parties, and if the audit is combined with any others. Pricing will also vary with the inclusion of a gap analysis or additional remediation time.
How long does a HIPAA audit take to complete?
The average HIPAA audit, using KirkpatrickPrice’s process, is completed in 12 weeks. The engagement begins with scoping procedures, then moves into an onsite visit, evidence review, report writing, and concludes with the report delivery. This timeline is extended when a gap analysis must be performed or when remediation takes longer than expected.
What do I receive when my HIPAA audit is complete?
A HIPAA audit culminates in a HIPAA report. The components and formatting of HIPAA reports delivered by KirkpatrickPrice are written by our in-house Professional Writing team and written based off of CERT/CC, the SANS Institute, and NIST standards. Organizations can provide their HIPAA report to outside parties to show independent third-party verification regarding the fairness and suitability of their information security management, controls, and practices that protect PHI.
How long is a HIPAA audit report valid?
The opinion stated in a HIPAA audit report is valid for twelve months following the date that the report was issued.
How often does a HIPAA audit need to be performed?
Industry standard is to schedule a HIPAA audit to be performed annually or when significant changes are made that will impact the control environment. Any frequency less than that will demonstrate a lack of commitment to compliance, plus it may cause distrust in the service organization’s systems.