There is nothing as annoying as a series of acronyms for the uninitiated, and one of my goals with this blog is to avoid them.

But in the area of U.S. health care policy and regulation that is a hard, maybe even Sisyphean task.  The following may provide a glimpse as to why:

The U.S. Office of Civil Rights (OCR) announced last year that KPGM would commence audits of covered entities (hospitals and physicians and others who handle Protected Health Information (PHI)).  These audits, called Health Information Portability and Protection Act (HIPAA) audits, have just started.  KPGM already has conducted 20 of these audits, and many more are on the way.  “Covered entities” are well versed in the HIPAA Privacy Rule’s requirements, but as a result of a new law from 2009, the HITECH Act  outside companies that work with covered entities (such as computer storage firms),”business associates,” now also must comply with these rules, and are subject to the same liability as hospitals and physicians for improper disclosure of PHI.  Let’s see what these audits reveal.