Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • My Account
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Data/Lists
    • Rankings/Lists
    • Interactive Databases
    • Data Points
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Custom Media Event: ESG Summit
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Transformation Summit
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain Revenue Cycle
    • - Hospital at Home
    • - Workplace of the Future
    • - Virtual Health
    • - Future of Healthcare Staffing
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • MORE +
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Information Technology
January 07, 2008 12:00 AM

CMS' HIPAA watchdog presents potential conflict

Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    Hughes

    The CMS has hired New York-based consulting and auditing firm PricewaterhouseCoopers to perform compliance reviews at healthcare organizations, looking to see how well they meet their obligations to protect healthcare information under the Health Insurance Portability and Accountability Act of 1996.

    The move creates the potential for a conflict of interest for Pricewaterhouse, which may find itself reviewing a healthcare organization that also is a client. Pricewaterhouse clients, meanwhile, may wonder if the company is also its CMS-anointed compliance reviewer.

    Under terms of the one-year, $897,503 contract, Pricewaterhouse will be assigned to look at the security programs at 10 to 20 organizations, according to Karen Trudel, deputy director of electronic health standards and services at the CMS. The CMS has the authority to enforce the so-called HIPAA security rule, which became effective for most "covered entities," such as health plans, providers and claims clearinghouses, on April 21, 2005.

    The CMS has received 378 complaints from individuals alleging security violations, according to an agency spokesman. Thus far, no healthcare organization has been fined for a HIPAA security violation.

    Healthcare organizations targeted under the contract with Pricewaterhouse will be chosen from the complaints list, Trudel said. "We're not calling them audits; we're calling them compliance reviews," Trudel said. The reviews also will have an educational component, she said. While the final reports from those reviews will not identify individual organizations, they will be made public in a "de-identified" form as a learning tool for others, according to Trudel.

    The CMS-Pricewaterhouse compliance program "is still in its infancy," Trudel said. No Pricewaterhouse review team has visited a healthcare organization yet, she said. The contract runs from Sept. 30, 2007, through Sept. 29, 2008.

    Pricewaterhouse declined comment through a spokeswoman.

    The contract comes as the Office of Inspector General at HHS has already embarked on a compliance audit of its own, focusing on how well the CMS is overseeing enforcement of HIPAA security provisions. According to inspector general spokesman Donald White, the final report of an initial audit conducted last year at an unnamed hospital has yet to be completed. Even when the report is done, while the inspector general will turn it over to the CMS, it will not be made public because it will contain "sensitive, proprietary information," White said.

    According to published reports, 447-bed Piedmont Hospital in Atlanta was ground zero for the first inspector general audit effort. The inspector general's scope of work for fiscal 2008 suggests it will be doing more audits. It says the independent watchdog agency "will review CMS' oversight, implementation and enforcement" of the HIPAA security rule specifically to "determine whether the CMS has implemented controls to reasonably ensure that the HIPAA security rule achieves its intended results."

    A Piedmont spokeswoman declined to comment about the inspector general's probe.

    Lawrence Hughes, associate Washington counsel for the American Hospital Association, said the original inspector general effort at Piedmont "was very much focused on an attempt to see how CMS was serving as an enforcement authority." When word of the inspector general's audit surfaced last summer, the AHA urged members to take a second look at their security procedures, Hughes said.

    One issue with the CMS contract is that Pricewaterhouse has a significant presence in auditing and management consulting in the healthcare industry. Given that there are penalty provisions for HIPAA security rule violations, how will the CMS handle organizations that are Pricewaterhouse clients?

    "First of all, they're not making decisions," Trudel said. "They're doing only the groundwork and fact-finding. I would say, from the perspective of PWC, they would recuse themselves if there was an organization they do business with. We'd have to find another way to get the work done."

    Lisa Gallagher, director of privacy and security for the Healthcare Information and Management Systems Society, said that, increasingly, security is on healthcare leaders’ radar.

    "They're all very tuned in to the risk and are working very hard keeping up with all the things they need to do," she said.

    This story initially appeared in this week's edition of Modern Healthcare magazine.

    What do you think? Write us with your comments at [email protected]. Please include your name, title and hometown.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Cerner_fullsize_AP_i.jpg
    Cerner to pay $1.8M to resolve racial discrimination allegations
    Allscripts logo_i copy_i.png
    Allscripts new CEO looking for payer, life sciences acquisitions
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2022. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Data/Lists
      • Rankings/Lists
      • Interactive Databases
      • Data Points
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Transformation Summit
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain Revenue Cycle
        • - Hospital at Home
        • - Workplace of the Future
        • - Virtual Health
        • - Future of Healthcare Staffing
      • Custom Media Event: ESG Summit
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • MORE +
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing