Documentation requirements for compliance audit

After preparing employees for the HIPAA compliance audit, the next step is having all that information ready and on hand. You should be able to present documentation on your corporation’s current security policies, future security plans, risk assessments, data handling, disaster recovery and DLP technology.

Telling an auditor about your compliance efforts and showing an auditor your compliance efforts are two very different things; he/she most likely prefers the latter.  

Source :
http://searchsecurity.techtarget.com/tutorial/HIPAA-compliance-manual-Training-audit-and-requirement-checklist