Loading images...

Compliance Audit & Assessment

Why Conduct a HIPAA Privacy & Security Compliance Audit

Apgar & Associates uses the OCR Audit Protocol as our guide to doing the compliance assessment. Our general HIPAA Privacy and Security Audit acts as your compliance insurance policy. The federal Office of Civil Rights (OCR) not only actively enforces HIPAA privacy and security laws, but OCR managers are making it clear that the agency will aggressively enforce the rules. The OCR says that covered entities and business associates should have robust HIPAA Privacy and Security compliance programs.

What makes up a robust compliance program?

Your compliance program, according to OCR, should include:

  • Employee training
  • Vigilant implementation of policies and procedures
  • Regular internal audits
  • Prompt incidence response action plan

General Privacy & Security Audit Risk Assessment Activities

Our full-scope HIPAA Compliance Audit Risk Assessment includes:

  • Management overview meeting
  • Physical walk-through of your facility
  • Review of facility controls
  • IT review
  • Security and privacy compliance review
  • Technical safeguards
  • Policy, procedure and document management

The resulting risk assessment report reviews and recommends risk mitigation activities in all areas that require HIPAA compliance. After management review, your final report provides you with a roadmap to full compliance.

The Cost of Non-Compliance

Consequences are serious if you don’t follow federal guidance. In addition to potential public embarrassment, you can also be fined or penalized. Consider the following costly results of being found non-compliant:

  • In February 2011, a medical group was fined $4.3 million by the federal Office of Civil Rights (OCR) for violating the HIPAA Privacy rule, and for failing to cooperate with OCR when the agency investigated.
  • Also in February 2011, a hospital and its physician organization settled with OCR for $1 million and agreed to implement a corrective action plan after an employee mistakenly left patient information on a train.

For more information about Apgar & Associates, LLC’s HIPAA compliance audit and assessment services, contact us via email or in our Portland, Oregon office at 503-384-2538.


"Chris has been a consistent and visionary leader of the WEDi Regional Affiliates group as it brings together healthcare leaders from across the US to discuss common challenges and highlight solutions that can be adopted in a consensus approach to meeting compliance and efficiency challenges."

Holt Anderson

Mailing & Office Address

Apgar and Associates, LLC
P.O. Box 80278
Portland, OR 97280
p 503-384-2538
p 877-376-1981




7100 SW Hampton St.
Suite 137
Tigard, OR 97223