The Department of Health and Human Services (HHS), through its Office of Civil Rights (OCR), has awarded a $9-million contract to KPMG to help audit 150 covered entities and business associates for adherence to HIPAA security and privacy standards.

According to language in the contract, "Site visits conducted as part of every audit would include interviews with leadership (e.g., CIO, Privacy Officer, legal counsel, health information management/medical records director); examination of physical features and operations; consistency of process to policy, observation of compliance with regulatory requirements."

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established privacy and security standards for entities that handle personal health information (PHI). The American Reinvestment and Recovery Act (ARRA) of 2009 strengthened those standards and tightened accountability. Now the audits will test compliance.

KPMG hopes to conclude the process by the end of 2012.