HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

Survey says . . . HIPAA compliance not where it ought to be

October 18, 2006

HIMSS and Phoenix Health Systems recently released results of their latest semi-annual HIPAA compliance survey. 

Though the deadline for compliance with the HIPAA Security Rule passed over a year ago, 80% of payers and only 56% of providers who responded to the US Healthcare Industry HIPAA Summer 2006 Survey have implemented the Security standards. 

On the privacy front:

  • A substantial percentage of Providers (22%) and Payers (13%) remain non-compliant with the Privacy regulations. These results are consistent with findings in all preceding Surveys since 2004, suggesting that a core group of covered entities either cannot or will not implement the Privacy standards.
  • Even among โ€œcompliantโ€ organizations, significant implementation gaps remain in certain areas, including establishing Business Associate Agreements, monitoring internal Privacy compliance, and maintaining โ€minimum necessaryโ€ information disclosure restrictions.
  • The percentage of reportedly compliant Provider organizations that has experienced privacy breaches decreased from January 2006, from 60% to 52%. Reportedly non-compliant Providers experienced more privacy breaches (64%) than compliant Providers, consistent with January 2006 Survey findings.

See the press release or the full report for more details.

Payors and providers got a free pass for a while on HIPAA compliance; the new enforcement rule effective in March was supposed to change all that.  Law.com published an article with compliance pointers in August, but a number of commentators have observed a paucity of enforcement efforts.

For example, Rebecca Herold, at The IT Compliance Conversation blog notes:

Instead of clarifying compliance enforcement issues for covered entities (CEs), the Enforcement Rule has seemed to confuse and mislead many CEs into believing that they really don’t need to do much with regard to HIPAA compliance unless the Department of Health and Human Services (HHS), the Office for Civil Rights (OCR) or the Centers for Medicare and Medicaid Services (CMS) come knocking at their door and tell them they specifically need to do something.

(That post includes a link to a podcast on this topic as well.)

Payors and providers should move to come into full HIPAA compliance before the government decides to allow for a private right of action — i.e., lawsuits filed by individuals alleging harm caused by a HIPAA violation and claiming damages.

Filed Under: Health Law, HIPAA, HIT, Hospitals, Physicians, Privacy

you might also like:

  1. Medical Groups Need to Focus on HIPAA Compliance

  2. HIPAA Privacy and Security Compliance: Should You Care?

  3. Get Your HIPAA House in Order

« Physician electronic health record adoption rates vary from 10-25% nationally, to 85% in big-city academic networks
CMS pilots P4P in Medicare population with chronic conditions »

Follow me on Twitter

David Harlow ๐Ÿ’‰๐Ÿ˜ท Follow 42,910 17,570

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow ๐Ÿ’‰๐Ÿ˜ท @healthblawg ·
5h 1620535759902998528

The Harlow #Healthcare #Innovation Daily #digitalhealth #hcldr #HarlowOnHC #digitalhealth #healthtech

Image for twitter card

Google Research and DeepMind develop AI medical chatbot

digitalhealth.net A new AI-powered medical-specific chatbot developed by Google and DeepMind has shown some potential for clinical applications.

paper.li

Reply on Twitter 1620535759902998528 Retweet on Twitter 1620535759902998528 0 Like on Twitter 1620535759902998528 0 Twitter 1620535759902998528
healthblawg avatar; David Harlow ๐Ÿ’‰๐Ÿ˜ท @healthblawg ·
5h 1620524933863378944

ICYMI> Paul Schrimpf, at Prophet Consulting, Driving Health Care Transformation โ€” Harlow on Healthcare https://healthblawg.com/2022/12/paul-schrimpf-prophet-consulting.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Paul Schrimpf, at Twitter feed image.
Reply on Twitter 1620524933863378944 Retweet on Twitter 1620524933863378944 0 Like on Twitter 1620524933863378944 0 Twitter 1620524933863378944
healthblawg avatar; David Harlow ๐Ÿ’‰๐Ÿ˜ท @healthblawg ·
11h 1620445622955278337

Moonshots โ€” StartUp Health https://paper.li/healthblawg/1369855999?read=https%3A%2F%2Fwww.startuphealth.com%2Fmoonshots #hcldr

Reply on Twitter 1620445622955278337 Retweet on Twitter 1620445622955278337 0 Like on Twitter 1620445622955278337 0 Twitter 1620445622955278337
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]