CMS hires contractor to conduct HIPAA security audits
HIPAA Weekly Advisor, December 10, 2007
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
CMS has established a year-long contract with PricewaterhouseCoopers (PwC) to conduct security audits of covered entities. Karen Trudel, deputy director of CMS' Office of Electronic Standards and Services, confirms that CMS has contracted with PwC to conduct security audits. PwC will target covered entities against which CMS has already received a complaint.
The confirmation comes on the heels of the Office of Inpector General (OIG) security audit of Atlanta-based Piedmont Hospital, which began in March 2007. Although there has not been further information publicly available regarding the Piedmont audit, the OIG plans to conduct at least two more audits, says John C. Parmigiani, who contributed to the development of the privacy and security rules and is now president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD.
"Even if nothing substantive comes out of the Piedmont audit, it's had a ripple effect-hospitals are concerned," he says. One of the OIG's future audits will reportedly occur at Los Angeles-based Cedars-Sinai Medical Center, he adds.
PwC may evaluate for overall security preparedness or for the implementation of corrective action plans in response to a complaint. According to the most recent information on CMS' Web site, the agency has received 370 security-related complaints. Of those, 230 are closed; 140 are still the subject of ongoing investigations. The most common security complaints, in descending order, relate to:
- Information access management
- Security awareness and training
- Access control
- Workstation use
- Device and media controls
The agency also hopes to put more information on its Web site regarding security rule enforcement, including situational vignettes similar to those that OCR put on its Web site in April 2007. (See www.hhs.gov/ocr/privacy/enforcement for more information.)
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- HIPAA Q&A: Flu shot requirement for hospital employees
- Running an effective peer review committee meeting
- HealthDataInsights posts new issues for medical necessity claims
- Sneak Peek: Effort underway to establish caseload benchmarks
- Q/A: Coding for telescopic intraocular lens
- New FAQ posted on storing laryngoscope blades
- Tip: Perform your own internal investigation prior to government audit
- HIPAA 5010 deadline extended, but threat remains, says AMA
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- E-mailed
-
- Running an effective peer review committee meeting
- HIPAA Q&A: Flu shot requirement for hospital employees
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- Q/A: Coding for telescopic intraocular lens
- Q/A: Correct use of modifier -PT
- Tip: Correctly code bilateral pain management procedures
- "Wall fountains" may be spreading Legionnaires to patients, visitors
- 2012 CPT code changes for ASCs: Shoulder and knee scopes and pain management
- COT basics to best
- Searched