The HIPAA examination is an elective review of an organization's controls by a third-party audit firm to ensure that the organization is complying with the Health Insurance Portability and Accountability Act (HIPAA) regarding the protection of Protected Health Information (PHI) and Electronic Protected Health Information (ePHI).

If an organization stores, processes, transmits, or otherwise handles PHI or ePHI, it must be HIPAA compliant.