The Health and Human Services Department (HHS) has awarded consultant KPMG a $9 million contract to help the Office of Civil Rights create an audit program to verify that healthcare providers, health plans and their business associates adhere to HIPAA privacy and security standards.

The vendor will also visit and audit up to 150 of these covered organizations by the end of 2012 to make sure they have consistently put their privacy and security policies into practice.

Dr. Farzad Mostashari, the national health IT coordinator, announced the vendor award online July 6, citing its importance. Assuring the privacy and security of patients’ information is crucial to advancing health information exchange, he has said.

The HITECH Act strengthened the Health Insurance Portability and Accountability Act. The Office of Civil Rights oversees health privacy information issues and HIPAA enforcement.

[See also: The chant for a HIPAA 5010 backup plan grows louder. And: ONC to explore, test patient e-consent for health data exchange. ]

As part of the audits, KPMG will interview senior officers, such as the CIO, privacy officer and legal counsel; examine the physical features and operations; and observe if the organization follows HIPAA requirements

The vendor will also report on the site visits, best practices noted, negative findings and recommendations, according to a description of the award in Federal Business Opportunities.