• E-mail
• Print
• RSS

Topic: CMS hires contractor to conduct HIPAA security audits

HIM Connection, December 11, 2007

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

CMS has established a year-long contract with PricewaterhouseCoopers (PwC) to conduct security audits of covered entities. Karen Trudel, deputy director of CMS' Office of Electronic Standards and Services, confirms that CMS has contracted with PwC to conduct security audits. PwC will target covered entities against which CMS has already received a complaint.

The confirmation comes on the heels of the OIG's security audit of Atlanta-based Piedmont Hospital, which began in March 2007. Although there has not been further information publicly available regarding the Piedmont audit, the OIG plans to conduct at least two more audits, says John C. Parmigiani, who contributed to the development of the privacy and security rules and is now president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD.

"Even if nothing substantive comes out of the Piedmont audit, it's had a ripple effect-hospitals are concerned," he says. One of the OIG's future audits will reportedly occur at Los Angeles-based Cedars-Sinai Medical Center, he adds.

PwC may evaluate for overall security preparedness or for the implementation of corrective action plans in response to a complaint. According to the most recent information on CMS' Web site, the agency has received 370 security-related complaints. Of those, 230 are closed; 140 are still the subject of ongoing investigations. The most common security complaints, in descending order, relate to:

• Information access management
• Security awareness and training
• Access control
• Workstation use
• Device and media controls

The agency also hopes to put more information on its Web site regarding security rule enforcement, including situational vignettes similar to those that OCR put on its Web site in April 2007. (See www.hhs.gov/ocr/privacy/enforcement/ for more information.)

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

• E-mail to a Colleague
• Print
• RSS
• Archive