On July 15, 2011, Deputy Director Susan McAndrew, Esq., from the HHS Office for Civil Rights went on record in an interview with HealthCareInfoSecurity.com to comment on the upcoming agency audits.
As McAndrew said, “This is just another opportunity for covered entities to take a moment from their busy, busy days to do a self assessment. We think that this will help them down the road in terms of building their own capacity for a robust compliance program.”
McAndrew was talking about the “20 or so” audits that her HHS Office will be conducting beginning late 2011 or early 2012, using protocols to be developed with KPMG at the not-so-small contract price of $9.2M. The first round of audits will be followed by “up to 150” on-site audits through the end of 2012.
McAndrew did not rule out HIPAA – HITECH enforcement proceedings by her HHS Office as a result of the audits.
Clearly, ignorance will not be a defense if you are selected for a HIPAA – HITECH audit by HHS. HIPAA was passed in 1996, and the Privacy Rule that is the foundation for the audits was passed in 2000. The prevailing philosophy is likely to be that 10-12 years is a sufficient amount of time for self-regulation to have become effective.
Clearwater Compliance is already a trusted partner in HIPAA – HITECH compliance. We partner with our clients to help them become and remain HIPAA – HITECH compliant. The Clearwater HIPAA Security Assessment provides precisely the kind of preparation that organizations will need to prepare for the upcoming site audits.
More HIPAA HITECH Resources:
The complete HIPAA Privacy, Security and Breach regulations are here.