Get started on your path towards HIPAA compliance

Studio portrait of a handsome mature male doctor holding medical records while standing against a dark background

HIPAA Compliance Audit

HIPAA Compliance Audit

Solutions for covered entities and business associates 

Get A Comprehensive HIPAA Audit

Meet your HIPAA deadlines and close the gaps in your patient data security with a thorough HIPAA assessment from our experienced auditors.


HIPAA (The Health Information Portability and Accountability Act) is a federal mandate that, among other things, requires organizations to keep patient data secure.

Compliance requires a myriad of privacy and security actions outlined in the mandate’s specific rules, such as password policy creation, patient data protection, and employee training.

The HHS expects healthcare providers to actively work on their HIPAA compliance and tests them through organizational audits. An entity could be chosen for a HIPAA compliance audit at random or because of a reported breach by an employee or customer.

The best way to prepare for a HIPAA audit is by having an aggressive and fully functional HIPAA compliance program already in place. You can perform a ‘mock’ audit by enlisting an experienced and knowledgeable third party to follow the HHS audit protocol.

If you are found in violation of HIPAA, both the HHS and state attorney generals can levy fines against you. In fact, the HHS assesses fees of up to $50,000 per day per violation.

If noncompliance leads to a breach, you are required by law to notify the HHS, your patients, and, if more than 500 records are involved, the media. This could severely damage brand equity and publicly embarrass your organization.

Here are a few data breach costs, fines, and penalties you may not have considered:

  • HHS fines: up to $1.5 million/violation/year
  • FTC fines: $16,000/violation
  • Class action lawsuits: $1,000/record
  • State attorneys general: $150,000 – $6.8 million
  • Patient loss: 40%
  • Free credit monitoring for affected individuals: $10-$30/record
  • ID theft monitoring: $10-$30/record
  • Lawyer fees: $2,000+
  • Breach notification costs: $1,000+
  • Business associate changes: $5,000+
  • Technology repairs: $2,000+

Contact the HHS immediately following discovery of the breach, and they’ll tell you what to do next. You can report a breach here

SecurityMetrics helps healthcare entities achieve lasting HIPAA compliance.

We offer a guided HIPAA Risk Analysis (the first and most important step toward compliance), HIPAA compliance, HIPAA audits, HIPAA policy templates, HIPAA training, and other security services.


Onsite HIPAA Risk Assessment

A thorough HIPAA security risk analysis is a critical component of HIPAA compliance, whether you are a covered entity or business associate. Our experienced auditors guide you through a comprehensive risk analysis to identify potential security gaps that put your patients' data and organization at risk. By conducting a HIPAA risk analysis you are also completing Meaningful Use requirements.

Risk Management Plan To Secure Patient Data

Building on the results of the risk analysis, our auditors create a custom risk management plan that details the actions necessary from covered entities and business associates to close the gaps in your security and compliance efforts. You’ll enjoy a clear point of contact as you work to meet HIPAA requirements, and with a team of audit experts all centrally located in Utah, it never takes long to get an answer to your questions.

Work With Your Business Associates

Helping your business associates with HIPAA compliance and protecting your patient data is a crucial step in your HIPAA compliance and data security plan. We have tools and solutions for business associates to work towards HIPAA compliance and increase their security posture.

Feel Confident In Your Assessment’s Accuracy

Feel confident in your HIPAA assessment knowing that we have several years of audit experience as well as a team of qualified Healthcare Information Security and Privacy Practitioners (HCISPP). Our auditors are also security and risk minded, meaning they’re not just focused on checking off HIPAA requirements—They’re serious about creating a more secure data environment at your organization.

Top Reasons To Use SecurityMetrics For HIPAA Audits

Satisfaction That Will Make You Return Year After Year

SecurityMetrics assessors are accurate, experienced, easy to work with, and responsive to your needs. Conducting a Risk Analysis and working through HIPAA requirements are not one-time events. Clients enjoy working with SecurityMetrics assessors so much that the majority of customers return for security assessments the following year.

A Partner In Compliance

SecurityMetrics assessors offer a unique blend of compliance, security, and workflow experience to efficiently drive results. Where other assessors act as a bottleneck, our assessors work with you as a team to reduce friction on your path towards HIPAA compliance.

Conduct An Accurate Risk Assessment

Conducting a risk assessment is required as part of HIPAA compliance for covered entities and business associates. SecurityMetrics assessors are able to perform a National Institute of Standards and Technology (NIST) 800-30 Risk Assessment, one of the suggested frame works in the HIPAA standard.

Complete HIPAA Audit Solution

A thorough and accurate HIPAA audit consists of many individual components and activities. When these individual pieces aren't designed to work together, deadlines are missed and vulnerabilities are overlooked. Our risk analysis process, gap analysis, penetration tests, and other tools are designed to work together to reduce friction on your path towards HIPAA and Meaningful Use compliance.

Meaningful Use Attestation

Conducting a HIPAA security risk analysis not only gets you a step closer to HIPAA compliance, but also completes a Meaningful Use objective. Our compliance assessors can also assist in completing attestation of Meaningful Use objectives to ensure deadlines are met and incentive payments are received.

Our HIPAA Risk Assessment Improves Security And Reduces Costs

By analyzing your unique workflows and data paths, SecurityMetrics assessors help to establish more efficient arrangements for your data environment to improve PHI security and remove costly, unnecessary steps from the process.

Straightforward Pricing 

SecurityMetrics pricing is simple–your scope is evaluated based on your needs, giving you a custom quote and avoiding unnecessary add-on charges.

Related Links

  • Guide SecurityMetrics Guide to HIPAA Compliance

    We intend our guide to be a “deskside” reference for the day-to-day and recurring demands of HIPAA compliance. It’s meant to strike a balance between generally informative and specifically practical. Those who use our guide report that it is “thorough and detailed-oriented. Very helpful.”

  • Webinar How To Prepare For A HIPAA Audit

    A HIPAA compliance audit is one way to fill holes that lead hackers to your patient data. In this webinar, we'll discuss the steps to prepare for a HIPAA audit.

  • Resource Center Threat Intelligence Center Feed

    SecurityMetrics Threat Intelligence Center analysts monitor current cybercriminal trends to give you weekly news reports and trending threat insights straight to your inbox, including: bi-monthly cybersecurity video-podcast, current data breaches, cybersecurity news, and technical advice to keep your system hacker-free.

  • Academy SecurityMetrics Academy

    Academy contains videos, quizzes, and external resources on topics like security policies and encryption. Our intent is to help SMBs like franchisees, small merchants, and healthcare practices address specific cybersecurity risks businesses may face.

  • Podcast SecurityMetrics Podcast

    This podcast is intended to help businesses of all sizes as well as individuals–whether security professionals or not. We want to break security concepts down well enough that anyone can understand the top cybersecurity threats and how to deal with them.

  • Guide SecurityMetrics Guide to PCI DSS Compliance

    The SecurityMetrics Guide to PCI DSS Compliance will help you understand current PCI requirements and trends, so that you can better protect data from inevitable future attacks.

Request A Quote For A HIPAA Audit