KPMG to Assist HHS with HIPAA Audits

June 25, 2013
The Department of Health and Human Services has awarded a $9.2 million contract to consulting firm KPMG to assist its Office for Civil Rights (OCR) in creating a protocol for conducting HIPAA privacy and security audits. The contract also calls for KPMG to conduct up to 150 audits by Dec. 31, 2012.

The Department of Health and Human Services has awarded a $9.2 million contract to consulting firm KPMG to assist its Office for Civil Rights (OCR) in creating a protocol for conducting HIPAA privacy and security audits. The contract also calls for KPMG to conduct up to 150 audits by Dec. 31, 2012.

Audits will include site visits, including interviews with leadership (CIO, privacy officer, legal counsel, health information management director); examination of physical features and operations; consistency of process to policy, and observation of compliance with regulatory requirements.

OCR has taken on a much higher profile in recent years. That’s in part because in 2009 HHS transferred authority for the enforcement of HIPAA security provisions to OCR from the Centers for Medicare and Medicaid Services. Another new wrinkle under the Health Information Technology for Economic and Clinical Health (HITECH) Act is that state attorneys general can file civil lawsuits for HIPAA violations. In fact, health insurance company WellPoint Inc. just settled a data breach lawsuit brought by Indiana attorney general Greg Zoeller. WellPoint agreed to pay Indiana a $100,000 settlement over a data breach where the personal information of thousands of WellPoint customers was potentially accessible via the Internet.

The August print issue of Healthcare Informatics will include more in-depth coverage on what some leading healthcare organizations are doing to prepare for the possibility of an OCR audit.

For the August article, Susan McAndrew, deputy director for health information privacy, HHS Office for Civil Rights, talked about the ramped-up enforcement regime. “It is HHS’ expectation that covered entities and their business associates take these requirements seriously,” she said. “HHS will continue to investigate and take action against those organizations that knowingly disregard their obligations under these rules.”

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?