HHS HIPAA Audits

The Department of Health & Human Services (HHS), Office for Civil Rights (OCR) has announced it is beginning Health Insurance Portability and Accountability Act (HIPAA) audits to assess covered entities’ (nursing and some assisted living facilities) compliance with the privacy, security and breach notification rules.  Under a $9 million contract announced this last summer, KPMG has developed protocols and begun auditing.  The audits are required by the American Recovery and Reinvestment Act of 2009 (ARRA).  There are not a lot of audit details to date, but we understand that the audits will include site visits, interviews with leadership, documentation, an examination of operations and an assessment of the facility’s consistency with its written policy.  Each audit will generate a report, which will at least address compliance efforts and what corrective actions if any have been taken by the facility.  Providers should note that this contract will increase both the frequency and depth of government audits for HIPAA and HITECH compliance over the upcoming year. To obtain more information go to the HIPPA website.