HITECH Survey: Providers Remain Concerned About HIPAA Breach Notifications
BA requirements under HITECH have changed drastically. Most survey respondents said they feel their BAs are ready, but the scary part is 45% said they are not confident in their BAs' readiness.
Thinking about updating your training? An overwhelming majority (71%) of respondents said they update their training only annually. And only 31% said they are "very comfortable" that the training is effective. Most (63%) said they are "fairly comfortable."
So what's the parting message here, now that HITECH has essentially arrived?
Kate Borten, CISSP, CISM, president of The Marblehead Group, offers these quick tips:
- Convert more organization leaders to become privacy and security believers
- Stay focused and do not become overwhelmed by privacy/security responsibilities or discouraged by setbacks
- Develop a 2010 work plan that is both achievable and a stretch for you and your organization
John Parmigiani, president, John C. Parmigiani & Associates, LLC, in Ellicott City, MD, and one of the members of the team that created the HIPAA Security Rule, says he hopes HITECH is the wakeup call that providers and enforcers need regarding HIPAA compliance.
"Having worked both with CEs and BAs over the years in attempting to foster HIPAA compliance, I am continually amazed at the lack of understanding and completeness in their HIPAA compliance," Parmigiani says.
Covered entities have been "emboldened by a long-standing environment of lax enforcement" and a belief that HIPAA compliance is a one-time project. It is not, he says, and perhaps government enforcement will be a harbinger for better compliance.
Through HITECH, OCR should easily be able to gain some "street cred" by quickly launching an audit initiative and "thereby sending a signal that compliance with HIPAA security and privacy is an important component of healthcare," he says.
Other pieces in this series:
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- CDC Warns of Antibiotic Overuse in Hospitals
- Two-Midnight Rule Must be Fixed or Replaced, Say Providers
- Care Coordination Tough to Define, Measure
- Don't Underestimate Emotional Intelligence
- The Secret to Physician Engagement? It's Not Better Pay
- SCOTUS Review of NC Board Case 'A Very Big Deal' to Providers
- Yale New Haven Health Partners with Tenet Healthcare in CT
- Physicians Take SGR Repeal Message to Washington
- Evidence-Based Practice and Nursing Research: Avoiding Confusion
- Size Matters in Antibiotic Overuse