Topic: CMS hires contractor to conduct HIPAA security audits
HIM Connection, December 11, 2007
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
CMS has established a year-long contract with PricewaterhouseCoopers (PwC) to conduct security audits of covered entities. Karen Trudel, deputy director of CMS' Office of Electronic Standards and Services, confirms that CMS has contracted with PwC to conduct security audits. PwC will target covered entities against which CMS has already received a complaint.
The confirmation comes on the heels of the OIG's security audit of Atlanta-based Piedmont Hospital, which began in March 2007. Although there has not been further information publicly available regarding the Piedmont audit, the OIG plans to conduct at least two more audits, says John C. Parmigiani, who contributed to the development of the privacy and security rules and is now president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD.
"Even if nothing substantive comes out of the Piedmont audit, it's had a ripple effect-hospitals are concerned," he says. One of the OIG's future audits will reportedly occur at Los Angeles-based Cedars-Sinai Medical Center, he adds.
PwC may evaluate for overall security preparedness or for the implementation of corrective action plans in response to a complaint. According to the most recent information on CMS' Web site, the agency has received 370 security-related complaints. Of those, 230 are closed; 140 are still the subject of ongoing investigations. The most common security complaints, in descending order, relate to:
- Information access management
- Security awareness and training
- Access control
- Workstation use
- Device and media controls
The agency also hopes to put more information on its Web site regarding security rule enforcement, including situational vignettes similar to those that OCR put on its Web site in April 2007. (See www.hhs.gov/ocr/privacy/enforcement/ for more information.)
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Related Products
-
Briefings on APCs
Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...
-
Medical Records Briefing
Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...
-
Briefings on Coding Compliance Strategies
Submitting improper Medicare documentaion can lead to denial of fees, payback, fines, and increased diligence from payers...
-
Briefings on HIPAA
How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...
-
APC Answer Letter
Get this informative 8-page newsletter filled with answers to readers' questions!
Most Popular
- Articles
-
- Q/A: May we bill an E/M code for a wound care first visit
- Peer Review Monthly: Do you know what I know?
- Omnicare to pay $98 million to settle kickback charges
- Eliminate missed charges, errors to reduce lost revenue
- 2010 ICD-9 code updates now available online
- Study: Action can be taken to reduce dementia risk
- New, more deadly strain of MRSA found
- Understand the H1N1 Flu and how to code it
- Texas Hospital group pays U.S. $27.5 million in false claims settlement
- Consulting & Training
- E-mailed
-
- Q/A: May we bill an E/M code for a wound care first visit
- Omnicare to pay $98 million to settle kickback charges
- Peer Review Monthly: Do you know what I know?
- Eliminate missed charges, errors to reduce lost revenue
- IDTF rules for physician offices nixed for 2009
- Medicare patients suffer from a medical error every 1.7 minutes
- New, more deadly strain of MRSA found
- QA:Coding multiple initial infusions
- Study: Action can be taken to reduce dementia risk
- First board certification for hospitalists announced -- with caution
- Searched