You can't secure what you don't acknowledge.SM

Wednesday, November 9, 2011

Wooo...HIPAA audits are coming & the irony of KPMG's involvement

I've always believed that compliance is a threat to business [hence why I help businesses take the pain out of compliance by addressing their actual information security issues] and this new bit from HHS's Office of Civil Rights is no different.

Apparently the HIPAA audits are coming...KPMG - an audit firm that has already proven they have trouble implementing the basic security controls they audit others against - scored a $9 million contract to perform up to 150 audits over the next year. Audits that'll prove that covered entities and business associates alike still don't take HIPAA seriously. A simple visit to your local hospital or physician's practice will show this, but I guess it needs to be formalized.

Who knows, maybe in a generation or two, physicians (the bigger problem) and business associates (not quite as much) will wise up to the fact that minimal investments can go a long way towards fixing their low-hanging fruit and implementing basic security controls - really all that's needed for HIPAA compliance in most situations.

No comments:

Post a Comment