Do Healthcare Companies Need SOC Audits?
posted Aug 30, 2018 by Henry A. Silva, CPA, CGMA, MBA in the Business Blog
Has your organization undergone a SOC audit recently? SOC audits can aid a healthcare company with their medical billing, claims processing, and internal control management.
What’s a SOC audit?
A Service Organization Control, or SOC audit is a report on the internal controls at a service organization (business who provides services to other entities).
As a refresher, there are three types:
SOC 1- This report focuses solely on a service organization’s relevant internal controls over financial reporting.
SOC 2- This report addresses controls at the service organization related to operations and compliance.
SOC 3- This is a condensed version of SOC2, intended for free public distribution
Are SOC audits required for healthcare companies?
Any service organization that needs an independent validation of controls relevant to how it transmits, processes, or stores client data may require a SOC report. Companies that may need a SOC report include service organizations that perform a financial reporting function or handle sensitive information on behalf of their customers (very prevalent in the healthcare industry).
How do healthcare companies benefit from SOC audits?
The SOC report that you gain from the SOC audit helps healthcare companies…
- Provide additional assurance to customers that you have efficient medical billing services.
- Validate your internal processes and controls.
- Realize any holes that exist in your processes.
- Show customers and clients that your organization manages information with care.
Let’s say you are under the impression that you have all the policies and procedures in place to make sure that you’re tracking receivables consistently (i.e. amounts owed to your business). A SOC audit determines that with the process in place, any receivable that was 180 days past due just dropped off the radar. Essentially, the SOC audit finds that you weren’t chasing after money when you should have been. So, without a SOC audit, you wouldn’t have realized that you needed a change in your processes, hence more money lost for your company.
How do you get started with a SOC audit?
- Define your objectives. What do you want to learn from the report?
- Determine the scope of the audit. Do you need both a SOC 1 and SOC 2 or one or the other?
- Address regulatory compliance concerns. Healthcare companies, are you HIPAA and HITECH compliant?
- Write out policies and procedures. Your written rules and policies can help guide the auditor performing the audit.
- Conduct a ‘readiness assessment’. Are you prepared for a SOC audit?
- Contact a CPA at a trusted firm. When you are ready for a SOC audit, your CPA will help ease the process for you.
A SOC audit can help your organization reach maximum potential with respect to your operational, financial and clinical success. We can help you get started with a SOC Audit. Contact us today.