Is anyone overly surprised when big multinational auditing firms and big bureaucratic government agencies get together the public they are charged with protecting end up worse off?
The Federal Department Health and Human Services (HHS) and the Office for Civil Rights (OCR) is apparently responsible for implementing and policing a couple of Congressional monstrosities know has HIPAA (Health Insurance Portability & Accountability Act) and HITECH (The Health Information Technology for Economic & Clinical Health Act).
Just that last sentence is enough to let you know there is “no good” afoot!
But in any event, these new laws have been put in place to hold health care providers and those who handle personal health information accountable to protecting client data. We all agree that protecting this data is important. However, only time will tell if this new bureaucracy will succeed in protecting patients – I for one have my doubts.
With that in mind, the auditing firm KPMG has won the “OCR’s $9.2 million contract for HITECH-required HIPAA audits in June 2011…”
KPMG is assisting the government to implement the statutory requirement to audit covered entity and business associate compliance with the HIPAA privacy and security standards as amended by HITECH.
KPMG will end up auditing 150 entities varying in size by December 31, 2012. HITECH requires “periodic audits” of covered entities and business associates to ensure HIPAA compliance.
Unfortunately, it has come out that KPMG has is itself under investigation for a potential breach that may have affected “3,630 patients at Saint Barnabas Medical Center in Livingston NJ, and 956 patients at Newark Beth Israel Medical Center in Neward, NJ…”
Here’s the whole article if you’re interested: http://www.healthleadersmedia.com/page-1/PHY-269480/HIPAA-Auditor-Involved-in-Own-Data-Breach
Not to worry… I’m sure it will all work out for the best. After all, the government is in charge of this!
Until Next Time… Keep Totally Secure,
Head Shredding Guy