Corporate Compliance

OCR begins HIPAA compliance audits

Compliance Monitor, May 2, 2012

Mac McMillan, CISSM, has an insider’s look at what it’s like to undergo a HIPAA compliance audit.

A hospital randomly selected by OCR for its initial audit phase consulted with McMillan to assist with the audit process. The hospital underwent an audit by KPMG, LLP, the company that OCR hired to conduct the audits. OCR selected the hospital as one of its initial 20 audits.

McMillan, CEO of CynergisTek in Austin, Texas, shared what he learned during “2012 OCR Audits and Enforcement: A View from the Front Lines,” a recent webcast sponsored by ZixCorp. Upon completion of pilot testing, OCR will evaluate the process, and KPMG audit teams will conduct up to 130 additional random audits of healthcare organizations before the end of 2012. The audits are scheduled to begin in May.

The HITECH Act mandated the audits, which will measure healthcare organizations’ compliance with the HIPAA Privacy and Security Rules and breach notification rules.

This article is adapted from an article which originally appeared in the April Briefings on HIPAA published by HCPro, Inc.


Most Popular