A method and system for permitting a government agency or a medical research Institution to retain an independent Audit Agency to periodically audit a clinical trial testing the effect of experimental drugs on patients, being conducted by the Institution, to insure the audit conducted is in compliance with the privacy requirements of HIPAA. Prior to the audit, the Institution assembles individual electronic patient records relative to the clinical trial into an XML file in a discrete database, wherein each patient record has all personal information deleted, and such record is identified by a unique number or code assigned by the Institution. In turn, remote from the Institution, the Audit Agency transforms an appropriate search and indexing engine by adding to it libraries of text names, and synonyms, and constructs application programs containing the associated Protocol requirements and rules. The Audit Agency sends the transformed Search Engine to the Institution via the Internet or on CD's. The Institution runs the Search Engine against their database to produce a Compliance Report detailing all discrepancies found relative the Protocol course of medical treatment for each patient in the clinical trial, and sends the report to the Audit Agency. The Audit Agency processes the report to provide an Audit Report to Institution requesting comments, and if necessary, a corrective action plan.