Computerworld recently reported that Piedmont Hospital in Atlanta, Georgia became the subject of a HIPAA audit by the U.S. Department of Health and Human Services (HHS). This audit is the first of its kind. Since the advent of HIPAA security rules in April 2005, no healthcare organization has been subjected to such an intensive audit of its security procedures.
Exacerbating the matter is the seemingly heavy-handed approach being taken by the HHS. The Piedmont audit is being conducted by HHS' Office of the Inspector General at a time when HIPAA security oversight is owned by the Centers for Medicare and Medicaid Services. The reason for this change in audit procedures is unclear, and HHS does not comment on ongoing investigations.