And the New HIPAA Cop Is … HHS Appoints Contractor to Conduct HIPAA Privacy and Security Audits

Davis Wright Tremaine LLP

On June 10, 2011, the Department of Health and Human Services (HHS) awarded to KPMG a $9.2 million contract to create an audit protocol and then audit covered entities’ and business associates’ compliance with the privacy and security requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The contract calls for as many as 150 audits of entities varying in size and scope before Dec. 31, 2012.

In light of the large numbers of HIPAA covered entities and business associates, the likelihood of being audited will be small. Nevertheless, now is a good time for covered entities and business associates to review their HIPAA privacy and security programs, ensure that their documentation is up to date, and assess whether their programs are effectively protecting protected health information.

The HITECH Act’s audit program

HHS, through the Office for Civil Rights (OCR), historically has investigated potential violations of the Privacy Rule (and more recently the Security Rule) based on the receipt of complaints. OCR also has initiated some “compliance reviews,” proactively initiating investigations of covered entities (often in response to media reports indicating noncompliance).

Section 13411 of the Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009, requires HHS to, additionally, conduct periodic audits to ensure that HIPAA covered entities and business associates are complying with the Privacy and Security Rules.

HHS contracted with Booz Allen Hamilton in March 2010 to conduct a study of different audit methodologies. Booz Allen completed the contract in Aug. 2010, but HHS has not made the resulting report public.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Written by:

Davis Wright Tremaine LLP

Davis Wright Tremaine LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.