Editor's note: This is the third of a three-part series this week focusing on expert advice on complying with HIPAA and preparing for HITECH regulations. The HITECH compliance date for business associates to comply with the security rule was Wednesday, February 17.
HITECH compliance for business associates (BAs) has come and gone. The date for BAs to comply with the HIPAA Security Rule and the use and disclosures provision of the privacy rule was February 17. Further, breach notification enforcement begins February 22.
So where does your organization stand? Are you ready? Your BAs?
We can give you a pretty good idea after seeing the results of HCPro's HIPAA and HITECH survey that was rolled out the past two weeks. It attracted nearly 600 respondents, including mostly HIPAA compliance officers and HIM directors.
For starters, if your organization has done something with its HIPAA compliance program in light of the HITECH, you're in the majority: 89% said they've responded.
And exactly what have they done?:
One respondent said they created a breach notification action response team, which seems to be a good idea when you consider the interim final rule on breach notification took effect last summer.
Those regulations require:
"Breach notification" earned the No. 1 spot to our survey's question, "Which provision of the American Recovery and Reinvestment Act of 2009 do you feel is the most challenging?"
It took top honors at 39%, and only 29% said there were completely ready to comply with those requirements; 61% said there were "almost ready" to comply. Amending business associate contracts took No. 2 in terms of the most challenging aspects of ARRA/HITECH at 18%. Finishing third with 16% was "Patients rights to accounting on EHRs," which some told us earlier will be a logistical "nightmare."