Technology
IT e-Newsletter
Blogs
Industry Surveys
Breakthroughs Reports
Events
Sponsored
Departments Add News Widget

Five Stumbling Blocks Hinder HIPAA Compliance

Dom Nicastro, for HealthLeaders Media, February 3, 2010

When Chris Apgar, CISSP, president of Apgar & Associates in Portland, OR, conducts audits of healthcare organizations, he usually finds problems in five areas.

Many organizations are focusing on the new privacy and security requirements created by the Health Information Technology for Economic and Clinical Health (HITECH) Act. However, they also must measure their overall compliance with HIPAA requirements already on the books, says Apgar.

Facilities and organizations considering what to do next should concentrate on compliance in these five areas, says Apgar:

Lack of a risk analysis. Organizations either haven't conducted a risk analysis or, they last conducted one in 2005 when the HIPAA rule became final, he says. A risk analysis is "the foundation for your security program," he says. "You need that to build on."

Undocumented policies and procedures. Organizations may be doing the right thing, but they haven't documented it in their policies and procedures, he says. Less frequently, organizations do not follow proper procedures and don't have anything in writing.

Lack of training. Organizations may train new staff members, but many don't provide ongoing training, or the training they offer is often out-of-date, he says.

1 | 2
1 comments on "Five Stumbling Blocks Hinder HIPAA Compliance"


Karl Vanhooten (3/10/2010 at 1:54 PM)
The author misses one of the most common and insidious stumbling blocks: The fact that hospital staff have for generations - and will continue - to snoop into "interesting" patients records. This is especially troublesome now that almost every staff member is armed with his/her own spy camera in the form of a cell phone. This human dynamic has shown to be impossible to control regardless of the training and legal risks.