The Department of Health and Human Services recently awarded a $9.2 million contract to the consulting firm KPMG to launch a HIPAA compliance audit program as mandated by the HITECH act (Health Information Technology for Economic and Clinical Health). The OCR will work with KPMG to roll out this program performing up to 150 audits of covered entities to assess privacy and security compliance. A covered entity is any organization that routinely handles protected health information in any capacity. The pilot phase of this program begins this month with 20 audits scheduled between November 2011 and April 2012. The remaining audits are scheduled to conclude by December 2012.
Each audit will include a document production and onsite visit resulting in an audit report. If your company is selected, you will be notified in writing and documentation of your privacy and security compliance efforts will be requested. You will be given 10 days to comply and then you will be notified between 30 and 90 days prior to the onsite visit. Onsite visits may take between three and 10 business days and you will be provided with a draft final report. You may then review and provide written comments back to the auditor. Significantly, the OCR will not post a listing of audited entities or the findings of an individual audit that clearly identifies the audited entity.
Is this audit program long overdue? According to new statistics released this month by the OCR, in the past two years there were 116 data breaches affecting 1.9 million patient records. Many of these data breaches occurred because a mobile device was lost or stolen. Are Doctors and Nurses texting?
The average person leaving college today checks their email infrequently - but they text often. In 2005, cell phone users in the US sent a total of about seven billion texts per month. Last year they sent 173 billion text messages per month. It makes sense that texting in hospitals is more efficient than phone calls, emails or pagers.
If your company is chosen as part of this audit program, be sure that you have HIPAA compliant solutions in all aspects of your business. For those who currently use Transcription Plus, LLC services, you know that we are completely HIPAA compliant. Our staff is comprised of medical transcriptionists who consistently maintain the highest standards of privacy and confidentiality. Look for this high level of security with all your vendors and applications.
for a description of the OCR pilot program.
Thanks so much for being a part of the Transcription Plus, LLC community.