The dice were rolled and, surprise, you got a letter in the mail from the OCR. You were selected for a HIPAA compliance audit-one of 150 the OCR will conduct in 2012 via its contractor KPMG, LLP.
HIPAA privacy and security officers often spend a lot of time and effort protecting their healthcare organization from the threat posed to its PHI by outsiders. Most organizations do a pretty good job of recognizing the threats to critical assets from outside their own perimeter. However, they must also not ignore the threat that comes from those inside the organization, said Randall F. Trzeciak, who spoke at the Fifth HIPAA Summit West in September in San Francisco.