Most Providers Unprepared for HIPAA Audit
Most healthcare organizations charged with HIPAA compliance are not fully prepared for a privacy and security audit by federal regulators, a November survey conducted by HCPro, Inc. reveals.
For hospital leaders, already challenged on the technology front to implement ICD-10, electronic medical records systems, and pursue meaningful use certification, that's not great news. The government has already begun conducting audits.
Earlier this year, the Office for Civil Rights, the enforcers of HIPAA privacy and security, engaged a contractor to audit covered entities and business associates at random. The objective was to assess how many would be HIPAA-compliant by December 31, 2012.
HCPro's survey results show that only 17% of responding organizations said they are fully prepared for an OCR privacy and security compliance audit.
"It is very hard to get your staff to understand how important this is," one compliance officer said. "Each breach we have is due to carelessness and not intentional, for example, not checking a patient name when you mail something out."
Of the more than 400 respondents, which included HIM directors and compliance officers, 281 (or 70%) said they are "somewhat prepared" for a HIPAA compliance audit conducted by the government.
As part the HITECH Act, OCR hired KPMG, LLP, to conduct the audits starting this fall and lasting through December of next year. The audits—targeted for covered entities and business associates—are expected to produce corrective action plans for facilities regarding HIPAA compliance.
"There needs to be an outside agency coming into the hospital and interviewing the employees on a regular basis," one respondent said in the survey. "Most organizations say they don't have the time to implement HIPAA regulations on a regular basis."
At least one survey respondent indicated a lack of commitment from "senior management." Said another respondent, "The C-suite understands patient care, but doesn't understand that system security needs more money to enforce HIPAA."
- Primary Care Docs Average More Hospital Revenue Than Specialists
- 69% of Employers Plan to Offer Healthcare Coverage After 2014
- How Chargemaster Data May Affect Hospital Revenue
- House Lawmakers Grill CMS Over Health Exchange Navigators
- ED Physicians Key to Half of Hospital Admissions
- Insurer's App Aims to Lower Healthcare Costs, Securely
- Building a Better Healthcare Board
- Don't Let Nurses Sink Your Bottom Line
- Q&A: Catholic Health Initiatives' New Senior VP for Capital Finance
- Hospital Pricing Irks Nurses; More Jobs, Less Pay