Survey finds only 18% of providers ready for HIPAA.As the newest deadline for compliance with the Healthcare Insurance Portability and Accountability Act There are a number of piece of legislation known as the Accountability Act:
prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. a new survey. Healthcare providers had until April 20 to comply with HIPAA's Security Rule, which requires them to ensure that all electronically transmitted health information on patients is safe from hackers, according to the HIPAA Compliance Survey for Winter 2005, produced by Chicago-based Health Information and Management Systems Society (HIMSS HIMSS Healthcare Information and Management Systems Society ) and Phoenix Health Systems of Montgomery Village, Md. The winter survey showed the same compliance results among providers as a survey conducted in summer 2004. But fewer providers indicated they believe they will he compliant on or before the deadline. Seventy-four percent indicated they would have necessary data security programs in place by April 20, down from 87 percent in June 2004, the study noted. D'Arcy Guerin Gue, executive vice president of Phoenix Health Systems, called the low compliance level "surprising and worrisome." "If healthcare organizations do not quickly deploy and maintain comprehensive electronic security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security , the ever-increasing use of HIPAA standard electronic transitions threatens to turn into patient privacy and security breaches waiting to happen," she said. Some of the non-compliant already know that feeling. Forty percent of providers in the survey noted that their organizations had experienced at least one security breach in the past six months. The survey also noted that because compliance with the security regulation is not yet required, "it is likely that some organizations have yet to fully establish tracking methods for security breaches." Still, others wondered why compliance has seemed so difficult. "The easiest way to do it is to keep it simple," said Tia Walker, founder and chief executive officer of Authora Inc., an encryption software Encryption software is software whose main task is encryption and decryption of data, usually in the form of files on hard drives and removable media, email messages, or in the form of packets sent over computer networks. maker in Seattle. "For several thousand dollars, you can acquire software to encrypt your data. You'll need an IT guy to help set the whole thing up for you, but it's otherwise not very difficult. And that's all you have to keep in mind: keep it simple, meet the HIPAA requirements and add on whatever else you want later." Survey respondents said the main reason for compliance delay was the overall difficulty in integrating new systems and policies within a company in a relatively short time. Other major reasons cited were difficulty in interpreting HIPAA regulations, budget constraints A Budget Constraint represents the combinations of goods and services that a consumer can purchase given current prices and his income. Consumer theory uses the concepts of a budget constraint and a preference ordering to analyze consumer choices. , and time constraints In law, time constraints are placed on certain actions and filings in the interest of speedy justice, and additionally to prevent the evasion of the ends of justice by waiting until a matter is moot. according to the survey. The Security Rule standard does not require specific technologies; providers may meet the requirements with whatever methods work best for their operations, according to HIPAA guidelines. The selected solutions must be "supported by a thorough security assessment and risk analysis." Fewer companies are using outside consultants as they attempt to meet HIPAA's guidelines, according to the survey. Only 37 percent of respondents reported using a consultant as of the winter survey, down from 42 percent in June 2004. Although steep fines of up to $250,000 can he assessed if a company does not comply with the new rule and an information breach occurs, it may be some time before the Secretary of Health and Human Services Noun 1. Secretary of Health and Human Services - the person who holds the secretaryship of the Department of Health and Human Services; "the first Secretary of Health and Human Services was Patricia Roberts Harris who was appointed by Carter" actually enforces it. The survey noted that less than 80 percent of providers are compliant with HIPAA's Privacy Rule, which went into effect in April 2003. The Privacy Rule gave patients the right to access their medical records, restrict access by others, request changes and learn how their records had been accessed. It also restricted most disclosures of protected health information protected health information Health informatics Any individually identifiable health informatlon that is used or circulated by an entity that falls under the governance of HIPAA; the privacy regulations mandate safeguards for protected health information, and the to the minimum needed for healthcare treatment and business operations Business operations are those activities involved in the running of a business for the purpose of producing value for the stakeholders. Compare business processes. The outcome of business operations is the harvesting of value from assets . A continuing lack of compliance by providers may compromise HIPAA's overall objectives and "jeopardize the ability to maintain privacy of protected health information," HIMSS Director of Professional Services (job) professional services - A department of a supplier providing consultancy and programming manpower for the supplier's products. Joyce Sensmeier said. For the survey, 400 healthcare industry representatives, including 320 healthcare providers, participated. Seventy-five percent of the providers were hospitals, facilities or private practices with 400 or fewer beds. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion