The dice were rolled and, surprise, you got a letter in the mail from the OCR. You were selected for a HIPAA compliance audit-one of 150 the OCR will conduct in 2012 via its contractor KPMG, LLP.
HIPAA privacy and security officers often spend a lot of time and effort protecting their healthcare organization from the threat posed to its PHI by outsiders. Most organizations do a pretty good job of recognizing the threats to critical assets from outside their own perimeter. However, they must also not ignore the threat that comes from those inside the organization, said Randall F. Trzeciak, who spoke at the Fifth HIPAA Summit West in September in San Francisco.
Breaches are expensive and can be directly related to sending PHI unencrypted over the Internet. There are a number of vendors who offer secure messaging tools but not all are equal. Protected Trust is more than just a secure messaging solution. Protected Trust's application also includes tools to assist with broader security control implementation and compliance with HIPAA and HITECH.
Briefings on HIPAA has obtained a copy of the $9.2 million contract with KPMG, LLP, the company OCR hired to conduct HIPAA compliance audits. The contract reveals some details about what healthcare organizations can expect when the audits begin.