This just in, HIPAA is now being enforced to some extent. On the heels of the audit of a major healthcare organizations by DHHS' Office of the Inspector General (Piedmont Hospital, reported here), CMS has announced their intention to conduct their own reviews of 10-20 healthcare organizations, to determine their compliance to the HIPAA Security and Privacy regulations. CMS has hired PriceWaterhouseCoopers to conduct the reviews. CMS will post on their website a checklist of items that they will be reviewing for.

After years of zero enforcement (enforcement and penalties were initially conceived of as being complaint-based), healthcare organizations now have two groups of regulators to worry about. The CMS reviews will be aimed at organizations which CMS calls "filed against entities", which are organizations that have experienced complaints.

For healthcare IT folks, this means taking compliance with HIPAA a little more seriously than has generally been the case.

This is what a news item looks like. You can edit or delete this by visiting the control panel and clicking on "Manage News". Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Quisque mattis nisl vel nunc. Aenean scelerisque pharetra orci. Proin dolor erat, sollicitudin sed, tempus sed, pellentesque quis, tortor. In tincidunt lorem consequat mauris.