When most organizations think about HIPAA audits, they envision cost and inconvenience. Often, these audits are considered just another task that needs to be completed on a long list of IT priorities, or another box to be checked by the organization's compliance officer. 

It doesn't have to be this way-in fact, given the relentless deluge of headlines about prolific data breaches in recent years, it shouldn't be this way.

Some smaller organizations with low risk profiles may decide that a simple check-box audit sufficiently meets their business requirements. However, for hospitals and many other organizations that handle patient data, compliance is only half the story. Having a security strategy is just as important, and HIPAA audits provide a great opportunity to assess your organization's risk and readiness.