On November 8th, the Office of Civil Rights made public, on a dedicated webpage, details of its HIPAA Audit Program. Section 13411 of the HITECH Act mandated that HHS implement periodic audits to ensure that covered entities are complying with the HIPAA Privacy and Security rules. Earlier this year, HHS made public the fact that KPMG had been selected by HHS to create and implement an Audit Protocol. An initial batch of 20 audits (of the eventual 150 to be completed by December 2012) will begin this month. The audits will cover both HIPAA privacy and HIPAA security compliance.
The announced protocol calls for audits of a wide range of covered entities, but does not identify any specific entities (or specific entity types) that will be identified for audit. As OCR explains...
Please see full publication below for more information.