Augist 25, 2011

The Office for Civil Rights ("OCR") - the arm of HHS responsible for enforcing HIPAA compliance - has historically taken a passive role on its mandate, which is why the news that KPMG - global audit giant - has been retained to begin auditing "covered entities" is noteworthy. The contract KPMG has entered into is to looks to begin small - providing for the audit of 150 "covered entities". Similar to the Medicare program, this contract with KPMG smells like a test-case scenario to see how positive the results are for OCR prior to rolling out a national program to systematically audit "covered entities". See OCR Enforcement Page here. 

It is difficult to conceive of KPMG's findings not reaping beneficial results for OCR. OCR has the authority to levy huge fines against entities in noncompliance, as well as seek criminal penalties. A recent OCR investigation was discussed on the listserv only a few weeks ago where a Hospital settled with OCR for approximately $865k - Click here to view.

To make matters worse, complying with HIPAA and Security policy requirements became more difficult by the passage of the HITECH Act (passed in 2009); "covered entities" are now required to have updated and modified HIPAA policies with breach notification language, as well as detailed policies in place governing the treatment of all electronic data. And, having the policies in place is half the battle - KPMG in its audits intend on interviewing staff to ensure that written policies have actually been implemented and are used/followed by the staff.

For those of you unsure of whether you qualify as a "covered entity", a "covered entity" includes in its definition any healthcare provider that transmits certain information in an electronic form. For further clarification visit the OCR website here.

Our office will continue to monitor OCR's activity. Should you decide its time to update your HIPAA documents or require assistance adopting a security policy, do not hesitate to contact me directly.

Also, as our firm is committed to transparency in our billing practices, our policies are listed online at (All prices include time spent with you or a designee of your practice customizing and explaining the policies.)


Copyright © 2011 by Kirschenbaum & Kirschenbaum, P.C.

All Rights Reserved. This email is provided for news and information purposes only and does not constitute legal advice or an invitation to an attorney-client relationship. While every effort has been made to ensure the accuracy of the information contained herein, Kirschenbaum & Kirschenbaum PC does not guarantee such accuracy and cannot be held liable for any errors in, any reliance upon this, or losses caused by the information. Under New York’s Code of Professional Responsibility, this material may constitute attorney advertising. Prior results do not guarantee a similar outcome.