Lumiform Mobile audits & inspections
Get App Get App

HIPAA Audit Report Template

HIPAA (Health Insurance Portability and Accountability Act) is one of the most important healthcare regulations today. It protects the privacy of patients by requiring all organizations that participate in health care to take steps to protect their personal information. Use this HIPAA audit checklist as a base for your annual HIPAA audit report. Check, if all compliance requirements have been met and documents are available.

Downloaded 131 times
HIPAA Audit Report Checklist
General Information
Name of Health Care Component
Name of Privacy Official
Name of University Privacy Officer (if different from above)
HIPAA Audit Checklist
1. Results of audits and/or gap analysis performed
2. Topics of issues raised in regular consultation with the Office of General Counsel
3. Results of annual review and report on privacy and security safeguards by the appropriate Computer Services personnel
4. Compliance efforts for this reporting period
a. Revision to policies, procedures, and practices required by HIPAA privacy regulations, or changes in practices:
b. Actions taken to ensure that there are no prohibited uses or disclosures of Protected Health Information (PHI) to non-designated Health Care Component workforces, or outside entities (as noted in Section 7. f. below)
c. Complaints received and their resolution, if any (clarify between those that are open vs. closed)
d. Employee violations (specify level) and their resolution. Include sanctions, if any, and actions taken to reduce or eliminate likelihood violations will be repeated
5. List and explain outreach and training efforts to increase awareness and compliance:
6. Describe plans for future improvements in enforcement and compliance efforts:
7. Attach one copy of each of the following documents to your Annual HIPAA Report:
a. Notice of Privacy Practices.
b. Policies and Procedures developed or updated for HIPAA compliance
c. Copies of updated templates, forms and documents used in compliance with HIPAA
d. Attestation of training for the HIPAA workforce:
e. List of departments and personnel outside your Health Care Component that performs functions for your Health Care Component
f. List of current Business Associates, include a copy of the Business Agreement
I declare that the information I am submitting in this HIPAA Report is true and accurate to the best of my knowledge and belief.
Submit this report with attachments to:
Office of the President
Submit a copy of this report with attachments to:
Privacy Officer
Office of the General Counsel
Share this template:

Patient’s privacy at first with a HIPAA audit checklist

It is essential for your team to have a clear understanding of HIPAA’s requirements. This can be difficult if you don’t have access to up-to-date resources or aren’t familiar with the complex regulatory language. That’s where a HIPAA audit checklist comes in handy.

A HIPAA compliance audit checklist allows you to quickly and easily identify any risks or vulnerabilities related to your organization’s compliance with HIPAA. By doing this, you reduce the risk of being audited by federal regulators or insurance companies, which could result in costly fines or penalties.

Utilizing a HIPAA compliance audit checklist is essential for any business that handles the personal health information (PHI) of its customers. If your organization is not compliant, you could face serious legal consequences. HIPAA applies to all organizations with patients in the United States, regardless of size or type of business. That means it’s important to understand and comply with the entire scope of HIPAA before starting any related projects.

Here are some key elements of the HIPAA audit checklist:

  • Establish a comprehensive data protection program (DPP) that includes accurate risk assessment and proper implementation measures
  • Designate a responsible person who will be responsible for ensuring DPPs are implemented correctly and complied with at all times
  • Ensure that PHI is securely transferred from source to destination, using secure methods such as encryption rather than unsecured methods like faxing or mailing
  • Implement appropriate contractual obligations when obtaining consent from individuals about their PHI
  • Please note that this checklist template is a hypothetical appuses-hero example and provides only standard information. The template does not aim to replace, among other things, workplace, health and safety advice, medical advice, diagnosis or treatment, or any other applicable law. You should seek your professional advice to determine whether the use of such a checklist is appropriate in your workplace or jurisdiction.
    This site is registered on as a development site. Switch to a production site key to remove this banner.