On July 15, 2011, Deputy Director Susan McAndrew, Esq., from the HHS Office for Civil Rights went on record in an interview with HealthCareInfoSecurity.com to comment on the upcoming agency audits.

As McAndrew said, “This is just another opportunity for covered entities to take a moment from their busy, busy days to do a self assessment.  We think that this will help them down the road in terms of building their own capacity for a robust compliance program.”

McAndrew was talking about the “20 or so” audits that her HHS Office will be conducting beginning late 2011 or early 2012, using protocols to be developed with KPMG at the not-so-small contract price of $9.2M.  The first round of audits will be followed by “up to 150” on-site audits through the end of 2012.

McAndrew did not rule out HIPAA – HITECH enforcement proceedings by her HHS Office as a result of the audits.

Clearly, ignorance will not be a defense if you are selected for a HIPAA – HITECH audit by HHS.  HIPAA was passed in 1996, and the Privacy Rule that is the foundation for the audits was passed in 2000.  The prevailing philosophy is likely to be that 10-12 years is a sufficient amount of time for self-regulation to have become effective.

Clearwater Compliance is already a trusted partner in HIPAA – HITECH compliance.  We partner with our clients to help them become and remain HIPAA – HITECH compliant.  The Clearwater HIPAA Security Assessment provides precisely the kind of preparation that organizations will need to prepare for the upcoming site audits.

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.