Dom Nicastro of Health Leaders Media has an item today about how KPMG, the company hired by OCR to implement the HITECH-mandated HIPAA compliance auditing plan, had its own data breach last year. That breach was covered at the time on PHIprivacy.net, here. Dom writes, in part:
Asked if OCR considered the KPMG involvement on this 2010 breach at any level when considering it for the HIPAA audit contract, McAndrew only said, “the award of the HIPAA audit contract was the result of HHS’ usual, rigorous, competitive process. Specific questions regarding the contract award are procurement sensitive.”
The process to hire KPMG involved a Department of Health and Human Services (HHS) panel that reviewed and ranked all technical proposals and qualifications by “predetermined evaluation criteria,” McAndrew said.
According to Health Leaders Media, the KPMG breach is still under investigation by OCR.