HITECH Survey: Providers Remain Concerned About HIPAA Breach Notifications
BA requirements under HITECH have changed drastically. Most survey respondents said they feel their BAs are ready, but the scary part is 45% said they are not confident in their BAs' readiness.
Thinking about updating your training? An overwhelming majority (71%) of respondents said they update their training only annually. And only 31% said they are "very comfortable" that the training is effective. Most (63%) said they are "fairly comfortable."
So what's the parting message here, now that HITECH has essentially arrived?
Kate Borten, CISSP, CISM, president of The Marblehead Group, offers these quick tips:
- Convert more organization leaders to become privacy and security believers
- Stay focused and do not become overwhelmed by privacy/security responsibilities or discouraged by setbacks
- Develop a 2010 work plan that is both achievable and a stretch for you and your organization
John Parmigiani, president, John C. Parmigiani & Associates, LLC, in Ellicott City, MD, and one of the members of the team that created the HIPAA Security Rule, says he hopes HITECH is the wakeup call that providers and enforcers need regarding HIPAA compliance.
"Having worked both with CEs and BAs over the years in attempting to foster HIPAA compliance, I am continually amazed at the lack of understanding and completeness in their HIPAA compliance," Parmigiani says.
Covered entities have been "emboldened by a long-standing environment of lax enforcement" and a belief that HIPAA compliance is a one-time project. It is not, he says, and perhaps government enforcement will be a harbinger for better compliance.
Through HITECH, OCR should easily be able to gain some "street cred" by quickly launching an audit initiative and "thereby sending a signal that compliance with HIPAA security and privacy is an important component of healthcare," he says.
Other pieces in this series:
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Surgical Checklists Unused in 10% of Hospitals, CMS Data Shows
- Doctors Feel Pressure to Accept Risk-based Reimbursement
- Roundtable: To Arrest HAIs, Culture Trumps Campaigns
- 4 Tectonic Shifts Shaking Up Healthcare
- 3 Insider Tips on Cutting Costs without Strangling Growth
- A Fresh Look at End-of-Life Care
- Heart Attack Patient Costs Skyrocket Beyond 30 Days
- 3 in 4 Patients Want E-mail Consultations
- Wanted: Nurse PhDs
- CVS Ramps Up Retail Clinics with Provider Affiliations