Health Information Management

Topic: CMS hires contractor to conduct HIPAA security audits

HIM-HIPAA Insider, December 11, 2007

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

CMS has established a year-long contract with PricewaterhouseCoopers (PwC) to conduct security audits of covered entities. Karen Trudel, deputy director of CMS' Office of Electronic Standards and Services, confirms that CMS has contracted with PwC to conduct security audits. PwC will target covered entities against which CMS has already received a complaint.

The confirmation comes on the heels of the OIG's security audit of Atlanta-based Piedmont Hospital, which began in March 2007. Although there has not been further information publicly available regarding the Piedmont audit, the OIG plans to conduct at least two more audits, says John C. Parmigiani, who contributed to the development of the privacy and security rules and is now president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD.

"Even if nothing substantive comes out of the Piedmont audit, it's had a ripple effect-hospitals are concerned," he says. One of the OIG's future audits will reportedly occur at Los Angeles-based Cedars-Sinai Medical Center, he adds.

PwC may evaluate for overall security preparedness or for the implementation of corrective action plans in response to a complaint. According to the most recent information on CMS' Web site, the agency has received 370 security-related complaints. Of those, 230 are closed; 140 are still the subject of ongoing investigations. The most common security complaints, in descending order, relate to:

  • Information access management
  • Security awareness and training
  • Access control
  • Workstation use
  • Device and media controls

The agency also hopes to put more information on its Web site regarding security rule enforcement, including situational vignettes similar to those that OCR put on its Web site in April 2007. (See for more information.)

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular