Topic: CMS hires contractor to conduct HIPAA security audits
HIM Connection, December 11, 2007
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
CMS has established a year-long contract with PricewaterhouseCoopers (PwC) to conduct security audits of covered entities. Karen Trudel, deputy director of CMS' Office of Electronic Standards and Services, confirms that CMS has contracted with PwC to conduct security audits. PwC will target covered entities against which CMS has already received a complaint.
The confirmation comes on the heels of the OIG's security audit of Atlanta-based Piedmont Hospital, which began in March 2007. Although there has not been further information publicly available regarding the Piedmont audit, the OIG plans to conduct at least two more audits, says John C. Parmigiani, who contributed to the development of the privacy and security rules and is now president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD.
"Even if nothing substantive comes out of the Piedmont audit, it's had a ripple effect-hospitals are concerned," he says. One of the OIG's future audits will reportedly occur at Los Angeles-based Cedars-Sinai Medical Center, he adds.
PwC may evaluate for overall security preparedness or for the implementation of corrective action plans in response to a complaint. According to the most recent information on CMS' Web site, the agency has received 370 security-related complaints. Of those, 230 are closed; 140 are still the subject of ongoing investigations. The most common security complaints, in descending order, relate to:
- Information access management
- Security awareness and training
- Access control
- Workstation use
- Device and media controls
The agency also hopes to put more information on its Web site regarding security rule enforcement, including situational vignettes similar to those that OCR put on its Web site in April 2007. (See www.hhs.gov/ocr/privacy/enforcement/ for more information.)
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Related Products
Most Popular
- Articles
-
- HIPAA Q&A: Flu shot requirement for hospital employees
- HealthDataInsights posts new issues for medical necessity claims
- Running an effective peer review committee meeting
- Q&A: Incidental disclosures and patient privacy
- New FAQ posted on storing laryngoscope blades
- Sneak Peek: Effort underway to establish caseload benchmarks
- Tip: Perform your own internal investigation prior to government audit
- What does case-mix index mean to you?
- HIPAA 5010 deadline extended, but threat remains, says AMA
- HHS task force: Consider privacy, security with text messages
- E-mailed
-
- Running an effective peer review committee meeting
- HIPAA Q&A: Flu shot requirement for hospital employees
- What does case-mix index mean to you?
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HHS task force: Consider privacy, security with text messages
- Tip: Correctly code bilateral pain management procedures
- 2012 CPT code changes for ASCs: Shoulder and knee scopes and pain management
- COT basics to best
- Documentation and coding for toxic metabolic encephalopathy
- Guidance and tact key to compliant, effective physician queries
- Searched