KPMG to Assist HHS with HIPAA Audits

June 25, 2013
The Department of Health and Human Services has awarded a $9.2 million contract to consulting firm KPMG to assist its Office for Civil Rights (OCR) in creating a protocol for conducting HIPAA privacy and security audits. The contract also calls for KPMG to conduct up to 150 audits by Dec. 31, 2012.

The Department of Health and Human Services has awarded a $9.2 million contract to consulting firm KPMG to assist its Office for Civil Rights (OCR) in creating a protocol for conducting HIPAA privacy and security audits. The contract also calls for KPMG to conduct up to 150 audits by Dec. 31, 2012.

Audits will include site visits, including interviews with leadership (CIO, privacy officer, legal counsel, health information management director); examination of physical features and operations; consistency of process to policy, and observation of compliance with regulatory requirements.

OCR has taken on a much higher profile in recent years. That’s in part because in 2009 HHS transferred authority for the enforcement of HIPAA security provisions to OCR from the Centers for Medicare and Medicaid Services. Another new wrinkle under the Health Information Technology for Economic and Clinical Health (HITECH) Act is that state attorneys general can file civil lawsuits for HIPAA violations. In fact, health insurance company WellPoint Inc. just settled a data breach lawsuit brought by Indiana attorney general Greg Zoeller. WellPoint agreed to pay Indiana a $100,000 settlement over a data breach where the personal information of thousands of WellPoint customers was potentially accessible via the Internet.

The August print issue of Healthcare Informatics will include more in-depth coverage on what some leading healthcare organizations are doing to prepare for the possibility of an OCR audit.

For the August article, Susan McAndrew, deputy director for health information privacy, HHS Office for Civil Rights, talked about the ramped-up enforcement regime. “It is HHS’ expectation that covered entities and their business associates take these requirements seriously,” she said. “HHS will continue to investigate and take action against those organizations that knowingly disregard their obligations under these rules.”

Sponsored Recommendations

AI-Driven Healthcare: Empowering Nurses, Clinicians, and Care Teams for Smarter, More Efficient Care

Explore how AI-first ThinkAndor® is transforming nursing workflows and patient care at Sentara, improving outcomes, reducing readmissions, and enhancing care transitions in this...

The Future of Storage: The Complexities and Implications in Healthcare

Join us on January 23rd to explore the future of data storage in healthcare and learn how strategic IT decisions today can shape agility and competitiveness for tomorrow.

IT Healthcare Report: Technology Insights for a Transformative Future

Explore the latest healthcare IT trends, challenges, and opportunities in AI, patient care, and security. Gain actionable insights to navigate the industry's transformation.

How to Build Trust in AI: The Data Leaders’ Playbook

This eBook strives to provide data leaders like you with a comprehensive understanding of the urgent need to deliver high-quality data to your business. It also reviews key strategies...