HHS Audits the 1% … and the Rest: First HIPAA Privacy and Security Audits Begin – Davis Wright Tremaine

As the original twitterer ( @NickGenes ) said, “…because there wasn’t enough bureaucracy & expense in healthcare yet”.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has begun the process of notifying covered entities that they are among the unlucky few who have been selected for the first Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security audits under the Health Information Technology for Economic and Clinical Health (HITECH) Act. …

While the first twenty covered entities have been selected, approximately another 130 remain in this audit round. HHS has indicated that it hopes to continue with proactive audits in the future and expects to become more aggressive in its enforcement of complaints.

via HHS Audits the 1% … and the Rest: First HIPAA Privacy and Security Audits Begin – Davis Wright Tremaine.

Yes, this is HITECH, the Son of HIPAA, but it all started with HIPAA.

Is it worth pointing out that HIPAA exempted itself from the unfunded mandate and paperwork reduction rules when it was enacted? I pointed out then that their assertion that it wouldn’t cause an increase in paperwork, nor was it an unfunded mandate was really unlikely.

How many Millions of dollars and man-hours are we pouring down these regulatory holes?



  1. I can’t count the number of times I’ve been told in lecture that the US spends more money with less return than most other developed countries. I wonder how much of that is attributed to money wasted on overbearing government oversight, or if that has yet to be factored in. Implementing the government’s rules costs the physician money, which in turn has to be passed to the customer/patient in some way or another. Thanks big brother.