On November 8, 2011, the U.S. Department of Health and Human Services (“HHS”) officially posted on its website details about its new Health Insurance Portability and Accountability Act (“HIPAA”) Audit Program. HHS has engaged the accounting firm KPMG LLP to conduct the audits, which are slated to begin this month. Through the audits, HHS will be playing a more proactive role in enforcing HIPAA than it has in the past.
I. Background
The Office for Civil Rights (“OCR”) within HHS is responsible for administering and enforcing the HIPAA Privacy and Security Rules. Generally, HHS has enforced the Privacy and Security Rules by investigating complaints and performing education and outreach to foster compliance with the Rules’ requirements. It has conducted only a limited number of “compliance reviews” to date, and some have criticized the agency for not pursuing more aggressive enforcement efforts. This past May, for example, the HHS Office of the Inspector General released a report indicating that HHS’s oversight and enforcement actions were not sufficient to ensure that covered entities effectively implemented the Security Rule.
Please see full publication below for more information.