(PRWEB) June 05, 2012
Today, Clearwater Compliance announced that attendees of its Clearwater HIPAA Audit Prep BootCamp™ being held on June 25th in Chicago will get the opportunity to review and discuss with HIPAA-HITECH experts the OCR Random Audit Documentation Request List used by KPMG to conduct HIPAA audits and receive copies of Data Requests issued by OCR at the start of an investigation following a breach.
HHS, through the Office for Civil Rights (OCR), named KPMG as the recipient of a $9.2 million contract to develop a HIPAA auditing protocol and conduct the first 150 mandated compliance audits of covered entities on their behalf during 2012. This number has subsequently been revised down to 115 audits in 2012. The documentation list, released for the first time in late April, was sent to selected covered entities as part of the written notification that they had been selected for an audit. Requested documents are due back to KPMG within 10 days of their request, followed by an onsite visit within 30-90 days. The mandated audits are one matter. OCR investigations are another – there are more of them, they’re more rigorous, require more documentation and are generally more serious since they typically follow a breach or a complaint.
“There were no big surprises in the OCR Random Audit Documentation Request List, and it is fairly comprehensive. Having the appropriate documentation in place and ready to pull together in case an organization is selected is a solid first step in audit or investigation preparation,” said CEO and founder of Clearwater Compliance, Bob Chaput. “It is fortunate that OCR has released this list to provide some specificity to the focus of audits and investigations. Attendees at our BootCamp will also learn why we think it wise not to look at this list as a totally sufficient audit preparation guide.”
Site visits conducted as part of every audit include interviews with leadership (e.g., CIO, Privacy Officer, legal counsel, health information management/medical records director); examination of physical and administrative features and operations; consistency of actual process to policy, and observation of compliance with regulatory requirements.
“The Privacy, Security and Breach Notification Rules consist of 99 pages, 72 standards and over 120 implementation specifications. They are comprised almost entirely of “what” organizations must do, but are silent or vague on the “how”,” Bob added. “Our Audit Prep BootCamp distills the complexity and provides insights to best practices used by others to comply with the rules and prepare for these audits and ongoing investigations. In addition, attendees will complete practical hands-on exercises designed to meet specific requirements, such as the Security Assessment and Risk Analysis.”
“A successful compliance audit, whether by KPMG or any business partner in the health information ‘chain of trust’, not only positions an organization to have confidence in their ability to undergo a successful audit but also to gain a competitive advantage through the strengthening of their reputational brand,” Mr. Chaput concluded.
Clearwater Compliance has helped many health care covered entities and business associates complete their security assessment and risk analysis and solidify their compliance and security programs through the provision of HIPAA and HITECH education, software, solutions and services.
About Clearwater Compliance: http://clearwatercompliance.com
Clearwater Compliance helps Covered Entities, Business Associates and their Subcontractors assess their HIPAA-HITECH compliance programs, identify gaps and prioritize remediation efforts to ensure the greatest return on capital and resource investments. It delivers that return on compliance investment through education, tools and software, risk management solutions and professional services and consulting. Clearwater Compliance is the Co-Sponsor of the American National Standards Institute Publication of the Report on “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security”. For more information, visit: http://ANSI.org/PHI.
# # #
About the Clearwater Audit Prep BootCamp™: http://clearwatercompliance.com/bootcamps
Designed for busy executives, the Clearwater HIPAA Audit Prep BootCamp™ distils into one action-packed day, critical information organizations need to know about the HIPAA Privacy and Security Final Rules and the HITECH Breach Notification Rule. This course is specifically designed to equip any organization to become and remain compliant with the regulations and prepare for the upcoming OCR/KPMG audits or, in the case of business associates, audits by their covered entity customers. Attendees receive an intensive education on HIPAA-HITECH 101–Privacy, Security, and Breach Notification rules and requirements; essential knowledge of the OCR audit program; critical understanding of the enforcement and penalties; best practices and tools to prepare for the OCR audits— especially prepared and presented by a faculty comprised of leading experts on the regulations… and in business. BootCamps are scheduled periodically throughout 2012.