The CMS has hired consulting firm PricewaterhouseCoopers to perform a series of compliance reviews of hospitals regarding adherence to the security rule under the administrative-simplification section of the Health Insurance Portability and Accountability Act of 1996.
The CMS was given the authority to enforce the security rule, which applies to HIPAA covered entities, i.e., plans, providers and claims clearinghouses. The compliance deadline for most covered entities was April 20, 2005. Since then, the CMS has received more than 200 complaints about possible violations.
Pricewaterhouse could be assigned between 10 and 20 organizations against which security complaints have been lodged, according to Karen Trudel, deputy director of electronic health standards and services at the CMS. Were not calling them audits, were calling them compliance reviews, Trudel said. The reviews also will have an educational component, she said.
The one-year $897,503.00 contract was awarded Sept. 30, 2007.
The contract comes at a time when security breaches are rampant in healthcare and other industries and when HHS' inspector general's office is looking into how the CMS handles its enforcement duties regarding the HIPAA security rule. -- by Joseph Conn
What do you think? Post a comment on this article and share your opinion with other readers. Submit your letter to Modern Healthcare Online at [email protected]. Please be sure to include your hometown and state, along with your organization and title.