I've always believed that compliance is a threat to business [hence why I help businesses take the pain out of compliance by addressing their actual information security issues] and this new bit from HHS's Office of Civil Rights is no different.
Apparently the HIPAA audits are coming...KPMG - an audit firm that has already proven they have trouble implementing the basic security controls they audit others against - scored a $9 million contract to perform up to 150 audits over the next year. Audits that'll prove that covered entities and business associates alike still don't take HIPAA seriously. A simple visit to your local hospital or physician's practice will show this, but I guess it needs to be formalized.
Who knows, maybe in a generation or two, physicians (the bigger problem) and business associates (not quite as much) will wise up to the fact that minimal investments can go a long way towards fixing their low-hanging fruit and implementing basic security controls - really all that's needed for HIPAA compliance in most situations.
Wednesday 9 November 2011
Wooo...HIPAA audits are coming & the irony of KPMG's involvement
Posted on 08:54 by Unknown
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment