In what is sure to be bad news for some covered entities, the government has begun its long-promised on-site audit program. The initial group of 150 contains only covered entities selected for audit. Future audits will also be conducted at the offices of business associates.
The compliance audits will be conducted by KPMG, the consulting firm hired by the Department of Health and Human Services’ Office for Civil Rights (“OCR”). The first 20 providers, comprising eight health plans, two claims clearinghouses, three hospitals, three physician offices, a lab, a dental office, a nursing facility and a pharmacy, will be visited beginning this month, with the next 130 planned for later months this year.
The audit program, mandated in the HITECH Act portion of ARRA, has a stated objective of finding opportunities for improving compliance. According to OCR, selection of audit candidates is based on these factors, among others:
· Whether the entity is public or private
· Size of the entity (OCR appears to want a cross-section of sizes)
· Affiliation with other healthcare organizations
· Type of entity and relationship to patient care
· Past and present interaction with OCR concerning HIPAA enforcement and breach notification
· Geographic factors
A summary of the audit program can be found on OCR’s website under “What’s New.”
NOTE: If you are a HealthPort customer or partner, please let us know if you've been selected for an audit.