Compliance Solutions HIPAA Privacy Audit

HIPAA Privacy Audit

HIPAA’s Privacy provisions became effective 04/14/2003 and 04/14/2004 for Large Plans and Small Plans respectively.  For these purposes, the same definitions as those used by the SBA apply. The Privacy provisions, when integrated with HIPAA’s Security provisions, require operational, document and educational performance. Adherence to Best Practice generally minimizes the possible considerable personal exposure of clients’ employees.


KRAA Security provides HIPAA specialists that are experienced former Privacy Officers who are process and compliance professionals to perform the best in third-party assessments. We work with each client to improve compliance on an ongoing basis accompanied by annual maintenance assessments.

Our HIPAA Privacy assessment includes but is not limited to:

  • Benefit plan compliance
  • HR compliance relative to Protected Information
  • Compliant Business Associates Agreements content and application
  • Compliant Chain of Trust Agreements, when required
  • Compliant Policy and Procedures
  • Compliant physical environment
  • Insurance coverage assessment
  • Protected Information-related process improvement
  • Learning system – five levels of involvement with Protected Information

How the Process Works

KRAA Security specialists initiate the assessment process by reviewing each client’s responses to an Audit Target questionnaire and associated attachments. This is followed by on-site audits by KRAA Security staff at each agreed-upon business location. From these initial data sets, a Compliance Baseline is documented. A Gap Analysis which delineates the differences between the Baseline and Best Practice is presented. This is followed by a Risk Assessment commonly known as a risk vs. reward analysis. We work with clients to meet or exceed Best Practice requirements on all agreed-upon Audit Targets