Elizabeth H. Johnson, Esq., has been keeping an ear close to the ground with respect to ongoing OCR HIPAA audits.
Healthcare organizations might be surprised by what auditors are requesting and focusing on, says Johnson, a partner at Poyner Spruill, LLP, a North Carolina law firm.
Johnson, whose practice in Raleigh focuses on privacy, information security, and records management law, listens closely to what those in the know are saying about the audit process. Her work with the KPMG audit team on a recent project offered additional insight into the process. KPMG is the company hired by OCR to conduct the HIPAA audits required by the HITECH Act.
KPMG has completed 20 initial trial audits and expects to conduct at least 95 more audits aimed at measuring HIPAA compliance at randomly selected healthcare organizations by the end of 2012. In a second wave of audits since the initial trial, HHS has sent another 25 notification letters to healthcare organizations.
Read more in the July issue of Briefings on HIPAA .