Business Associate Audit
A Business Associate audit will determine the exact level of compliance of a Business Associate without disrupting either the CE or BA operations. Under the new rules BAs and CEs are “joined at the hip” regarding HIPAA compliance. Lack of compliance by a BA can negatively affect both the BA and any CE that is utilizing the BA for services or products, including fines, audits, and civil liability.
A “Verification audit” will determine whether an organization has implemented all legally required controls, including an analysis of the existence of all mandated Privacy and Security controls and identifying any required controls that may be missing.