HIPAA Auditor Involved in Own Data Breach
“KPMG believes that it is possible that the patient data was deleted from the flash drive prior to the time when it was lost,” according to the healthcare system’s report. “KPMG has also concluded that there is no reason to believe that the information on the flash drive was actually accessed by any unauthorized person. … KPMG has told us the company is implementing measures to avoid similar incidents in the future, including additional training and the use of improved encryption for its flash drives.”
Reached August 5 via e-mail, Pete Settles of KPMG external communications confirmed the incident with Saint Barnabas but said that “for reasons of confidentiality, we do not comment on client work.”
Susan McAndrew, deputy director of health information privacy for OCR, wrote in an e-mail that “OCR cannot address KPMG’s involvement with the breach at St. Barnabas as this case is currently under investigation.”
Ellen Greene, vice president of public relations and marketing for the Saint Barnabas Health Care System, said the organization had no comment.
News broke last month that OCR hired KPMG, LLP to implement its HITECH-required HIPAA compliance auditing plan.
KPMG is assisting the government to implement the statutory requirement to audit covered entity and business associate compliance with the HIPAA privacy and security standards as amended by HITECH.
KPMG will end up auditing 150 entities varying in size by December 31, 2012. HITECH requires “periodic audits” of covered entities and business associates to ensure HIPAA compliance.
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- 3 Traits Personality Assessments Can't Reveal
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- CHS Hacked, 4.5M Patient Records Compromised
- CFO Exchange: Healthcare Leaders Share 5 Innovative Ideas
- Business Roundup: M&A Activity Down Slightly in First Half of 2014
- Large Employers Trimming Healthcare Spending
- Carondelet to Pay $35M to Settle Fraud Allegations