This is a real world list of questions actually asked during HIPAA audits.

This is not all of the questions, also not the exact questions you may be asked


If you can answer these questions without breaking out in a cold sweat you will be on solid ground.

  • Please provide a list of systems administrators, backup operators and users.
  • Please include a list of anti virus servers, installed, including their versions.
  • Please provide a list of software used to manage and control access to the Internet.
  • Please provide the antivirus software used for desktop and other devices, including their versions.
  • Please provide a list of authentication approaches used to verify a person has been authorized for specific access privileges to information and information systems.
  • Show us your disaster recover plan.
  • Show us your emergency mode of operations plan.
  • Show us your rmployee violations (sanctions) policy.
  • What is your policy on electronically transmitting ePHI?

To get the full list these questions & our Simple Self Assessment sent straight to your inbox, fill in your email address below.