I’ve always believed that compliance is a threat to business [hence why I help businesses take the pain out of compliance by addressing their actual information security issues] and this new bit from HHS’s Office of Civil Rights is no different.
Apparently the HIPAA audits are coming…KPMG – an audit firm that has already proven they have trouble implementing the basic security controls they audit others against – scored a $9 million contract to perform up to 150 audits over the next year. Audits that’ll prove that covered entities and business associates alike still don’t take HIPAA seriously. A simple visit to your local hospital or physician’s practice will show this, but I guess it needs to be formalized.
Who knows, maybe in a generation or two, physicians (the bigger problem) and business associates (not quite as much) will wise up to the fact that minimal investments can go a long way towards fixing their low-hanging fruit and implementing basic security controls – really all that’s needed for HIPAA compliance in most situations.