The initial round of audits was referred to as "friendly" audits, conducted by KPMG, a contractor for the OCR. This round will be manned by OCR staffers who, as we speak, are being trained for this mission. Important for all interested parties to keep in mind that the funding for this project will come from fines assessed based on organizations who have failed to prepare properly for HIPAA compliance.
Since over 25 million dollars in penalties have been assessed thus far due to "willful neglect," meaning disregard for attempting to comply with the requirements of the final rule, it can be reasonably expected that OCR auditors will be swift to levy fines for those who have failed to take steps to prepare.
We've been given ample time to prepare. After all the HITECH Act of 2009 laid the foundation for business associate compliance and the Final Rule was published in January 2013. So for all the procrastinators out there, the clock is ticking at a heightened pace and you cannot delay any longer. Get the facts, scale up or down to the size of your organization and just get it done!
