The only thing I can think of that will affect you is to make sure a business associate agreement has been put in place. If your organization is otherwise authorized to obtain these records, then you should fall under the business associate umbrella and will have to comply via a business associate agreement(s) as any other auditing organization would. You should definitely confirm this with your legal counsel.
For more information on this topic, visit these other SearchSecurity.com resources:
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.