Sunday, January 10, 2010

Should HIPAA compliance be outsourced?

CynergisTek, a computing and security consultant, reported on its blog recently that HIPAA compliance audits will be increased this year, thanks to a contract the government signed with PriceWaterhouseCoopers.

I admit that the significance of this went right by me at first. Then I went, “whaah?”

The government’s enforcement process has just been privatized.

Admittedly there is a huge backlog of audits. CynergisTek reports that the government has a list of over 100 active complaints concerning lax HIPAA compliance, which have to be checked out before anyone knocks on your door.

According to iHealthBeat, PWC is going to review 10-20 organizations under the one-year contract, so unless someone has an outstanding complaint against you you’re probably safe.

But the knock will come, CynergisTek promises. Oh, they work in that area and will be glad to hear from you.

Perhaps you think nothing of this. Nothing gets done on law enforcement until the government hires some private firm to do it. The assumption is the private firm will do it efficiently.

But I know how much a good PWC auditor costs, and I know how much the average civil service auditor makes. I guarantee the latter costs less, unless PWC itself is outsourcing this work to India or someplace.

And would it be too much to ask for the public, or at least the industry, to get a gander at that contract? On what basis is PWC being paid? What is their incentive? Is it a fixed price per audit, is it hourly, or is it based on the fines they collect?zdnet

No comments:

Post a Comment