CMS hires PwC to review hospitals' HIPAA compliance

Working with consulting firm PricewaterhouseCoopers, CMS has begun a series of "compliance reviews" of hospitals to see whether they're meeting the standards set by the security rule specified in the administrative-simplification section of HIPAA. To date, CMS has received about 200 complaints about possible violations of this rule. Now, it's asking PwC to review 10 to 20 organizations that face complaints.

While it's understandable that CMS would want to follow up on the complaints, it's not doing so just to make nice--CMS is itself facing an HHS Inspector General's office review as to how it handles HIPAA security enforcement. To date, CMS hasn't been particularly aggressive in investigating HIPAA violations, statistics suggest.

To learn more about the pending reviews:
- read this Modern Healthcare article (reg. req.)

Related Articles:
HIPAA standards move forward. Report
Providers, states still struggle with HIPAA. Report
HIPAA compliance nears adolescence. Report
Over-applying and misapplying HIPAA is common. Report