In June 2011, the United States Department of Health & Human Services (HHS) Office of Civil Rights (OCR) awarded KPMG, LLP a $9.2 million contract to administer random audits of hospitals, physician practices and other healthcare entities. This is yet another indication that HIPAA enforcement is up.
Audits will be random to an extent, though small healthcare providers will be less likely to be audited in the initial period. An audit is more likely to occur in a situation where a breach has occurred or a complaint has been filed. It is expected that 150 health entities will be audited through December 2012. Non-compliant providers may be subject to heavy fines or negative publicity. Yes, HIPAA has teeth now - instead of just taking remedial actions, HIPAA is levying fines and announcing settlements of HIPAA issues.
According to new information, the audits can expect to cover general privacy and security compliance, to last 3-5 days, and may lead to enforcement if violations are found. Additional details on the audits can be found here.
Absolute Software has been providing healthcare organizations with solutions for HIPAA compliance for many years - learn more here.