On December 6, 2007 HealthLeaders News reported that the Federal government has established a one year contract with PriceWaterhouseCoopers to conduct security audits on covered entities to verify compliance with the HIPAA security rule.
Indications are that PriceWaterhouseCoopers will target only those covered entities against whom CMS has already received a complaint. However, given the random security audit of an Atlanta hospital in March of 2007, it appears as if all covered entities may be at increased risk of a future audit. According to the HHS website, over 31,000 HIPAA complaints were received between April 14, 2003 and November 30, 2007. Of those, approximately 6,700 remain open. Given the volume of complaints received and the indications that federal regulators will be increasing enforcement of the HIPAA security regulations, the importance of compliance with HIPAA is obvious. The United States Department of Health and Human Services Office for Civil Rights website, available at http://www.hhs.gov/ocr, and private consultants are valuable resources to assist covered entities in complying with HIPAA’s privacy and security requirements.