Last week the Department of Health and Human Services (HHS) announced that they have awarded a $9.2 million contract to the consulting firm KPMG. KPMG will develop the process and perform the HIPAA audits. There will be an estimated 150 onsite audits by the end of 2012.
“Site visits conducted as part of every audit would include interviews with leadership (e.g., CIO, privacy officer, legal counsel, health information management/medical records director); examination of physical features and operations; consistency of process to policy; and observation of compliance with regulatory requirements.”
Although 150 audits does not sound like very many that is substantially more audits than have been done in the past. It will be interesting to see which type of organizations the audits focus in on. Will they go after large or small covered entities? Will they target business associates as well? One strategy could be to make examples out of smaller organizations and business associates and try to scare other organizations into compliance.
Either way the time to start thinking about HIPAA compliance is now!
What are your thoughts on the upcoming HIPAA audits? Who do you think they will target?