• Text Resize A A A
  • Print Print
  • Share Share Share Share

Initial 20 Entities Selected for Audit

Throughout the months of November and December 2011, OCR and KPMG notified 20 covered entities that they would be subject to an audit of their HIPAA Privacy and Security Rule and Breach Notification compliance activities.  The notification letter included a request for documents and initial information to establish a date for KPMG team members to meet at the covered entity on-site.  For the initial 20 audits, on-site field work began in January 2012 and was completed in March 2012. As the next wave of audits are conducted, OCR will post additional information.

The following is a list of the types of entities that received notification letters:

Type of Entity

Entity Location

OCR Region

Medicaid Plan

-

Region I

Allopathic & Osteopathic Physicians

NY

Region II

Hospital

NJ

Region II

Group Health Plan

PA

Region III

Group Health Plan

DC

Region III

Healthcare Clearinghouse

-

Region III

Nursing & Custodial Care Facilities

MD

Region III

Pharmacy

PA

Region III

SCHIP

-

Region III

Allopathic & Osteopathic Physicians

NC

Region IV

Allopathic & Osteopathic Physicians

AL

Region IV

Hospital

 KY

Region IV

Group Health Plan

TN

Region IV

Healthcare Clearinghouse

OK

Region VI

Health Insurance Issuer

NM

Region VI

Hospital

TX

Region VI

Health Insurance Issuer

MO

Region VII

Dentist

CO

Region VIII

Health Insurance Issuer

ND

Region VIII

Laboratory

SD

Region VIII




Content created by Office for Civil Rights (OCR)
Content last reviewed on July 26, 2013
Back to Top