Firm Contracted to Conduct HIPAA Security Audits
Pricewaterhouse Coopers (PWC) has been contracted by the Centers for Medicare and Medicaid Services (CMS) to conduct security audits of covered entities that have been accused of violating the HIPAA security rule. Most physician practices are covered entities under HIPAA.
Previously, the Office of Civil Rights, which is responsible for enforcing the HIPAA privacy rule, coordinated investigations of complaints involving the security rule with CMS. Contracting with PWC will increase CMS’s ability to respond to complaints.
For physicians, this change could signal more aggressive investigation of complaints and the start of random security audits, such as the March 2007 audit of Atlanta’s Piedmont Hospital.
Physician practices should re-examine their compliance with the HIPAA security rule, including disaster and emergency operations plans and policies and procedures that address HIPAA security requirements.
The Pennsylvania Medical Society’s HIPAA Security Toolkit can help practices achieve compliance.
Last Updated: 5/2/2008