HITECH Survey: Providers Remain Concerned About HIPAA Breach Notifications
BA requirements under HITECH have changed drastically. Most survey respondents said they feel their BAs are ready, but the scary part is 45% said they are not confident in their BAs' readiness.
Thinking about updating your training? An overwhelming majority (71%) of respondents said they update their training only annually. And only 31% said they are "very comfortable" that the training is effective. Most (63%) said they are "fairly comfortable."
So what's the parting message here, now that HITECH has essentially arrived?
Kate Borten, CISSP, CISM, president of The Marblehead Group, offers these quick tips:
- Convert more organization leaders to become privacy and security believers
- Stay focused and do not become overwhelmed by privacy/security responsibilities or discouraged by setbacks
- Develop a 2010 work plan that is both achievable and a stretch for you and your organization
John Parmigiani, president, John C. Parmigiani & Associates, LLC, in Ellicott City, MD, and one of the members of the team that created the HIPAA Security Rule, says he hopes HITECH is the wakeup call that providers and enforcers need regarding HIPAA compliance.
"Having worked both with CEs and BAs over the years in attempting to foster HIPAA compliance, I am continually amazed at the lack of understanding and completeness in their HIPAA compliance," Parmigiani says.
Covered entities have been "emboldened by a long-standing environment of lax enforcement" and a belief that HIPAA compliance is a one-time project. It is not, he says, and perhaps government enforcement will be a harbinger for better compliance.
Through HITECH, OCR should easily be able to gain some "street cred" by quickly launching an audit initiative and "thereby sending a signal that compliance with HIPAA security and privacy is an important component of healthcare," he says.
Other pieces in this series:
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- CNO on Hospital Redesign: 'You Can't Over-Communicate'
- How Digital Strategy Shapes Patient Engagement at Boston Children's Hospital
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- Half of All Primary Care, Internal Medicine Jobs Unfilled in 2013
- 3 Traits Personality Assessments Can't Reveal
- Carondelet to Pay $35M to Settle Fraud Allegations
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- Cleveland Clinic Partners with North Shore-LIJ for Heart Care