Most Providers Unprepared for HIPAA Audit
Most healthcare organizations charged with HIPAA compliance are not fully prepared for a privacy and security audit by federal regulators, a November survey conducted by HCPro, Inc. reveals.
For hospital leaders, already challenged on the technology front to implement ICD-10, electronic medical records systems, and pursue meaningful use certification, that's not great news. The government has already begun conducting audits.
Earlier this year, the Office for Civil Rights, the enforcers of HIPAA privacy and security, engaged a contractor to audit covered entities and business associates at random. The objective was to assess how many would be HIPAA-compliant by December 31, 2012.
HCPro's survey results show that only 17% of responding organizations said they are fully prepared for an OCR privacy and security compliance audit.
"It is very hard to get your staff to understand how important this is," one compliance officer said. "Each breach we have is due to carelessness and not intentional, for example, not checking a patient name when you mail something out."
Of the more than 400 respondents, which included HIM directors and compliance officers, 281 (or 70%) said they are "somewhat prepared" for a HIPAA compliance audit conducted by the government.
As part the HITECH Act, OCR hired KPMG, LLP, to conduct the audits starting this fall and lasting through December of next year. The audits—targeted for covered entities and business associates—are expected to produce corrective action plans for facilities regarding HIPAA compliance.
"There needs to be an outside agency coming into the hospital and interviewing the employees on a regular basis," one respondent said in the survey. "Most organizations say they don't have the time to implement HIPAA regulations on a regular basis."
At least one survey respondent indicated a lack of commitment from "senior management." Said another respondent, "The C-suite understands patient care, but doesn't understand that system security needs more money to enforce HIPAA."
- Why Is Healthcare Price Transparency So Hard?
- EHR Spending Continues, But Jury Still Out on ROI
- 5 Hot Healthcare Ideas from SXSW
- Adverse Events from Insulin Prescribing 'An Epidemic'
- Payers Detail Strategies That Drive Consumer Satisfaction
- Care Coordination a Cost-Cutting Quality Driver
- Hospital Groups Strike Back at Hospital Rating Systems
- Use of Locum Tenens Up 22% in One Year
- 4 Marketing Tactics for Hospitals on Instagram
- Hospital CEO Turnover Hits Record High