{"id":1747,"date":"2012-01-27T00:00:00","date_gmt":"2012-01-27T00:00:00","guid":{"rendered":"http:\/\/otava.test\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/"},"modified":"2012-01-27T00:00:00","modified_gmt":"2012-01-27T00:00:00","slug":"five-questions-to-ask-your-business-associate-question-2-hipaa-audits","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/","title":{"rendered":"Five Questions to Ask Your Business Associate: Question #2 HIPAA Audits"},"content":{"rendered":"<div>\n<p>Following up from last week&#8217;s question #1, the second most important question to ask a Business Associate is:<\/p>\n<p><strong><em>Who performed your independent HIPAA audit and do you provide copies of the audit report?<\/em><\/strong><\/p>\n<\/div>\n<div>\n<p>This single question quickly reveals Business Associates who take <a href=\"https:\/\/otavawebsite.wpengine.com\/compliance-security\/hipaa-compliant-cloud\/\">HIPAA compliance<\/a> seriously.<\/p>\n<p>Business Associates who have invested in an independent HIPAA audit benefit from:<\/p>\n<ul>\n<li>objective feedback from a HIPAA expert,<\/li>\n<li>guided improvement of security processes and procedures,<\/li>\n<li>training all of their employees about HIPAA security,<\/li>\n<li>better preparation in the event of a PHI breach.<\/li>\n<\/ul>\n<p>When you see what <a href=\"https:\/\/www.onlinetech.com\/resources\/e-tips\/hipaa-compliance\/ocr-audit-requirements-following-a-self-reported-hipaa-breach?utm_source=Online+Tech+Mailing+List&amp;utm_campaign=1abf93a92b-HIMSS_eMail_Question_1_1_17_2012&amp;utm_medium=email\">HHS requests after a PHI breach<\/a>, you\u2019ll see there\u2019s no way that the requested documentation can be prepared in 10 days. 10 weeks or 10 months would be more appropriate.<\/p>\n<p>Some will argue that the cost of getting an independent HIPAA audit is prohibitive, but compared to the costs of a PHI breach, it\u2019s truly trivial. Consider this: current class action lawsuits seek $1000\/patient record breached. When a laptop was stolen from the Massachusetts eHealth Collaborative, 13,687 patient records were taken. There are 2 pending class action lawsuits.<\/p>\n<p><strong>2 lawsuits * 13,687 patient records * $1000\/patient record = $27,374,000<\/strong><\/p>\n<p>Still think investing in an independent HIPAA audit is too expensive or overwhelming? Make sure you outsource health care IT services to Business Associates who are <a href=\"https:\/\/otavawebsite.wpengine.com\/compliance-security\/hipaa-compliant-cloud\/\">independently HIPAA audited<\/a> and will share a copy of the audit report with you.<\/p>\n<p>Next week we discuss policies and technologies used to protect health care applications and PHI data.<\/p>\n<p>References:<\/p>\n<p><a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/business-associates-why-invest-in-a-hipaa-audit\/?utm_source=Online+Tech+Mailing+List&amp;utm_campaign=1abf93a92b-HIMSS_eMail_Question_1_1_17_2012&amp;utm_medium=email\">Why Business Associates Should Invest in a HIPAA Audit<\/a><br \/>\n<a href=\"https:\/\/www.nytimes.com\/2011\/12\/19\/technology\/as-patient-records-are-digitized-data-breaches-are-on-the-rise.html?utm_source=Online+Tech+Mailing+List&amp;utm_campaign=1abf93a92b-HIMSS_eMail_Question_1_1_17_2012&amp;utm_medium=email\">NY Times Article: Digital Data on Patients Raises Risk of Breaches<\/a><\/p>\n<p><strong>Related resources:<\/strong><\/p>\n<p><a href=\"https:\/\/www.onlinetech.com\/resources\/events\/webinars\/hipaa-a-hitech-a-baas-and-the-law-concerns-and-best-practices?utm_source=Online+Tech+Mailing+List&amp;utm_campaign=1abf93a92b-HIMSS_eMail_Question_1_1_17_2012&amp;utm_medium=email\">HIPAA, HITECH, BAAs and the Law: Concerns &amp; Best Practices<\/a><br \/>\n<a href=\"https:\/\/www.onlinetech.com\/resources\/events\/webinars\/webinar-series-a-to-z-to-achieving-hipaa-compliance\/cost-effective-protection-against-hipaa-enforcement?utm_source=Online+Tech+Mailing+List&amp;utm_campaign=1abf93a92b-HIMSS_eMail_Question_1_1_17_2012&amp;utm_medium=email\">Cost Effective Protection Against HIPAA Enforcement<\/a><br \/>\n<a href=\"https:\/\/www.onlinetech.com\/resources\/e-tips\/hipaa-compliance\/ocr-audit-requirements-following-a-self-reported-hipaa-breach?utm_source=Online+Tech+Mailing+List&amp;utm_campaign=1abf93a92b-HIMSS_eMail_Question_1_1_17_2012&amp;utm_medium=email\">OCR Audit Requirements Following a Self-Reported HIPAA Breach<\/a><br \/>\n<a href=\"https:\/\/www.onlinetech.com\/secure-hosting\/hipaa-compliant-hosting\/who-needs-to-be-hipaa-compliant?utm_source=Online+Tech+Mailing+List&amp;utm_campaign=1abf93a92b-HIMSS_eMail_Question_1_1_17_2012&amp;utm_medium=email\">Who Needs to be HIPAA Compliant?<\/a><br \/>\n<a href=\"https:\/\/www.onlinetech.com\/secure-hosting\/hipaa-compliant-hosting\/hipaa-resources-policies-procedures-and-training-materials?utm_source=Online+Tech+Mailing+List&amp;utm_campaign=1abf93a92b-HIMSS_eMail_Question_1_1_17_2012&amp;utm_medium=email\">HIPAA Resources: Policies, Procedures &amp; Training Materials<\/a><br \/>\n<a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/what%e2%80%99s-in-a-business-associate-agreement\/?utm_source=Online+Tech+Mailing+List&amp;utm_campaign=1abf93a92b-HIMSS_eMail_Question_1_1_17_2012&amp;utm_medium=email\">What&#8217;s in a Business Associate Agreement?<\/a><br \/>\n<a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/hipaa-compliant-it-security-and-best-practices\/?utm_source=Online+Tech+Mailing+List&amp;utm_campaign=1abf93a92b-HIMSS_eMail_Question_1_1_17_2012&amp;utm_medium=email\">HIPAA Compliant IT Security and Best Practices<\/a><\/p>\n<p>For\u00a0<a href=\"https:\/\/www.onlinetech.com\/secure-hosting\/hipaa-compliant-hosting?utm_source=Online+Tech+Mailing+List&amp;utm_campaign=1abf93a92b-HIMSS_eMail_Question_1_1_17_2012&amp;utm_medium=email\">HIPAA Compliant hosting<\/a>, call 877.740.5028 or email\u00a0<a href=\"mailto:contactus@onlinetech.com\">contactus@onlinetech.com<\/a>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Following up from last week&#8217;s question #1, the second most important question to ask a Business Associate is: Who performed your independent HIPAA audit and do you provide copies of the audit report? This single question quickly reveals Business Associates who take HIPAA compliance seriously. Business Associates who have invested in an independent HIPAA audit benefit from: objective feedback from a HIPAA expert, guided improvement of security processes and procedures, training all of their employees about HIPAA security, better preparation in the event of a PHI breach. When you see what HHS requests after a PHI breach, you\u2019ll see there\u2019s no way that the requested documentation can be prepared in 10 days. 10 weeks or 10 months would be more appropriate. Some will argue that the cost of getting an independent HIPAA audit is prohibitive, but compared to the costs of a PHI breach, it\u2019s truly trivial. Consider this: current class action lawsuits seek $1000\/patient record breached. When a laptop was stolen from the Massachusetts eHealth Collaborative, 13,687 patient records were taken. There are 2 pending class action lawsuits. 2 lawsuits * 13,687 patient records * $1000\/patient record = $27,374,000 Still think investing in an independent HIPAA audit is too&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-1747","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Five Questions to Ask Your Business Associate: Question #2 HIPAA Audits | OTAVA<\/title>\n<meta name=\"description\" content=\"The second most important question to ask a Business Associate: Who performed your independent HIPAA audit and do you provide copies of the audit report?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Five Questions to Ask Your Business Associate: Question #2 HIPAA Audits\" \/>\n<meta property=\"og:description\" content=\"The second most important question to ask a Business Associate: Who performed your independent HIPAA audit and do you provide copies of the audit report?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2012-01-27T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Five Questions to Ask Your Business Associate: Question #2 HIPAA Audits\",\"datePublished\":\"2012-01-27T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/\"},\"wordCount\":332,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/\",\"url\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/\",\"name\":\"Five Questions to Ask Your Business Associate: Question #2 HIPAA Audits | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2012-01-27T00:00:00+00:00\",\"description\":\"The second most important question to ask a Business Associate: Who performed your independent HIPAA audit and do you provide copies of the audit report?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Five Questions to Ask Your Business Associate: Question #2 HIPAA Audits\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Five Questions to Ask Your Business Associate: Question #2 HIPAA Audits | OTAVA","description":"The second most important question to ask a Business Associate: Who performed your independent HIPAA audit and do you provide copies of the audit report?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/","og_locale":"en_US","og_type":"article","og_title":"Five Questions to Ask Your Business Associate: Question #2 HIPAA Audits","og_description":"The second most important question to ask a Business Associate: Who performed your independent HIPAA audit and do you provide copies of the audit report?","og_url":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/","og_site_name":"OTAVA","article_published_time":"2012-01-27T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Five Questions to Ask Your Business Associate: Question #2 HIPAA Audits","datePublished":"2012-01-27T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/"},"wordCount":332,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/","url":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/","name":"Five Questions to Ask Your Business Associate: Question #2 HIPAA Audits | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2012-01-27T00:00:00+00:00","description":"The second most important question to ask a Business Associate: Who performed your independent HIPAA audit and do you provide copies of the audit report?","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/five-questions-to-ask-your-business-associate-question-2-hipaa-audits\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Five Questions to Ask Your Business Associate: Question #2 HIPAA Audits"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1747","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=1747"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1747\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=1747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=1747"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=1747"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=1747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}