The first 20 HIPAA (Health Insurance Portability and Accountability Act) security audits have been completed by auditing firm KPMG and will be used to fine-tune the remaining audits this year, announced Leon Rodriquez, director of the Office for Civil Rights (OCR) for the Department of Health and Human Services (HHS). He also announced that, given his office's budget and the capabilities of the auditing firm, it's unlikely that the hoped-for 150 audits will be completed this year, though the number will be "something close to that."

Rodriquez made his comments while attending the Healthcare Systems Information and Management Systems Conference in Las Vegas.

As for initial findings, Rodriquez said: "You really still do have significant security vulnerabilities out there. And sometimes those issues are as fundamental as no evidence of a risk analysis, no policies and procedures and no adequate technical safeguards for data."

Rodriquez said there is "a reasonable likelihood" that the audits will be continued in 2013.

On a related topic, he revealed that the omnibus package of final HIPAA regulations announced for March will be delayed once again. The omnibus package includes the final HIPAA breach notification rule, HIPAA modifications, and the privacy provisions under the Genetic Information Nondiscrimination Act (GINA).