If you weren’t keen on the HIPAA phase two audits, prepare yourself. Because now, CMS has decided to get in on the fun. The agency has added yet another compliance program to its ehealth renaissance — this time with a HIPAA-edge. Context: The CMS Division of National Standards has launched a “Compliance Review Program,” which in a nutshell means more HIPAA audits, the agency indicated in a provider message. Starting sometime this month, the feds will randomly select nine HIPAA-covered entities (CEs) and review their electronic health transactions, ensuring HIPAA Administrative Simplification Rule alignment. Originally, CMS planned to start its audit log with only health plans and clearinghouses, building on a pilot program that HHS initiated in 2018 as a “proactive approach” to compliance. However, providers will now also be included in their own pilot program, the agency related in an April 10 memo to providers. Details: “Any providers who conduct electronic health care transactions can volunteer for the pilot program on behalf of themselves, not their group practice or hospital, unless authorized by their group practice or hospital to do so,” CMS says. “In April 2019, HHS will select three health care providers from the pool of volunteers to participate.” The agency will cross-check providers’ HIPAA compliance by weighing their electronic transactions against transaction formats, code sets, and unique identifiers, the CMS release suggests. “Participants will also be able to test whether they comply with operating rules.” “During the pilot program, participants will work one-on-one with HHS to identify and resolve compliance issues,” notes the CMS fact sheet on the program. “Upon completion of the pilot program, participants will receive a certificate and will be exempt from compliance reviews for one year.” Review the CMS “Compliance Review Program” release and sign up to volunteer at www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/Enforcements/Compliance-Review-Program.html.