Most Providers Unprepared for HIPAA Audit
Most healthcare organizations charged with HIPAA compliance are not fully prepared for a privacy and security audit by federal regulators, a November survey conducted by HCPro, Inc. reveals.
For hospital leaders, already challenged on the technology front to implement ICD-10, electronic medical records systems, and pursue meaningful use certification, that's not great news. The government has already begun conducting audits.
Earlier this year, the Office for Civil Rights, the enforcers of HIPAA privacy and security, engaged a contractor to audit covered entities and business associates at random. The objective was to assess how many would be HIPAA-compliant by December 31, 2012.
HCPro's survey results show that only 17% of responding organizations said they are fully prepared for an OCR privacy and security compliance audit.
"It is very hard to get your staff to understand how important this is," one compliance officer said. "Each breach we have is due to carelessness and not intentional, for example, not checking a patient name when you mail something out."
Of the more than 400 respondents, which included HIM directors and compliance officers, 281 (or 70%) said they are "somewhat prepared" for a HIPAA compliance audit conducted by the government.
As part the HITECH Act, OCR hired KPMG, LLP, to conduct the audits starting this fall and lasting through December of next year. The audits—targeted for covered entities and business associates—are expected to produce corrective action plans for facilities regarding HIPAA compliance.
"There needs to be an outside agency coming into the hospital and interviewing the employees on a regular basis," one respondent said in the survey. "Most organizations say they don't have the time to implement HIPAA regulations on a regular basis."
At least one survey respondent indicated a lack of commitment from "senior management." Said another respondent, "The C-suite understands patient care, but doesn't understand that system security needs more money to enforce HIPAA."
- MU Compliance Announcement Sparks Concern, Confusion
- New G-Codes to Pay Doctors for Broad Array of Non-Face-to-Face Care
- Scary Financial Challenges for 2014
- Telehealth Improves Patient Care in ICUs
- CMS Sets 2014 Pay Rates for Hospital Outpatient and Physician Services
- MGMA Urges 'End-to-End' ICD-10 Testing
- 1 in 5 CT Screenings for Lung Cancer Results in Overdiagnosis
- LifePoint Bolsters Presence in Michigan's Upper Peninsula
- States Rejecting Medicaid Expansion Forgo Billions in Federal Funds
- Douglas Hawthorne—A Chance to Do Something Big