A year ago, AHRQ found rampant confusion and mistakes among covered entities trying to comply with HIPAA. This month, HIMMS Analytics released a survey of nearly 300 health care IT and data security professionals indicating that a focus on HIPAA compliance leaves a blind spot with respect to other patient data issues, including:
- Underreporting of data breaches
- Inconsistent understanding of the costs of a data breach
- Widespread failure to implement new policies and procedures following a data breach
The study was commissioned by Kroll Fraud Solutions and may be downloaded here (free registration required). The executive summary/press release is here (no registration required). Tip of the hat to Brian Klepper writing at The Health Care Blog. He is to host a webinar on the subject within the week and writes that he plans to post a link.