Following some test sites this spring, consulting/services firm KPMG in June 2012 is starting the 150 random HIPAA privacy/security audits that will be conducted during the rest of the year.

At the Healthcare Financial Management Association’s National Institute, June 24-27 in Las Vegas, two KPMG officials will walk through the process. It covers the full range of health care organizations, from mom and pop practices to large delivery systems, says Mark Higdon, a co-presenter and a partner in KPMG’s healthcare advisory unit.

The initial 150 audits will provide the HHS Office for Civil Rights, which enforces the privacy and security rules, with information on common gaps in the security of protected health information.

Higdon and Michael Ebert, another KMPG partner, will explain and remind audience members of the components of HIPAA and changes made under the HITECH Act. They’ll then look at major gaps in protection and how providers can rectify them--starting with an annual risk assessment. This involves, among other activities, determining lines of business affected by HIPAA, then determining the map and flow of PHI to see where it is going inside and outside of the organization, Higdon says. They’ll also talk about specific safeguards that should be established.

Every provider needs to initiate an internal risk assessment now, Higdon advises. If they wind up being audited, “That will go a long way toward smoothing the audit,” he adds.

The presentation, “New HIPAA Provider Audit Program for CMS,” is scheduled at 10 a.m. on June 26.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access