HHS to Audit 150 Firms for HIPAA Privacy and Security Standards Under ARRA

The Department of Health and Human Services (HHS), through its Office of Civil Rights (OCR), has awarded a $9-million contract to KPMG to help audit 150 covered entities and business associates for adherence to HIPAA security and privacy standards.

According to language in the contract, "Site visits conducted as part of every audit would include interviews with leadership (e.g., CIO, Privacy Officer, legal counsel, health information management/medical records director); examination of physical features and operations; consistency of process to policy, observation of compliance with regulatory requirements."

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established privacy and security standards for entities that handle personal health information (PHI). The American Reinvestment and Recovery Act (ARRA) of 2009 strengthened those standards and tightened accountability. Now the audits will test compliance.

KPMG hopes to conclude the process by the end of 2012.


NOTE: The details in this blog are provided for informational purposes only. All answers are general in nature and do not constitute legal advice. If legal advice or other expert assistance is required, the services of a competent professional should be sought. The author specifically disclaims any and all liability arising directly or indirectly from the reliance on or use of this blog.
You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Comments (required)*