HIPAA compliance, um, no thanks
More organizations than you might think are not yet compliant with a number of HIPAA (Health Insurance Portability and Accountability Act) requirements aimed at protecting health information, according to a survey by the Healthcare Information and Management Systems Society (HIMSS) and consulting firm Phoenix Health Systems.
Results from an online survey conducted in June by the organizations, which included more than 280 providers and 70-plus payers, concluded that the main causes of complaint slowdown include a lack of worry over public relations problems and a significant lack of worry over legal troubles associated with non-HIPAA compliance. However, payers were much more worried about adverse media coverage due to a lack of compliance than providers.
Interestingly, many organizations simply seem to be choosing to just simply not implement some or all of the HIPAA requirements. A case in point, 18 percent of provider respondents and 6 percent of payers responded that they are not compliant even though the deadline passed over two years ago.
"Many healthcare organizations are to be congratulated for their diligence in working towards the objectives of HIPAA," said D'Arcy Guerin Gue, executive vice president of Phoenix Health Systems in comments about the survey. "But it is dismaying that large industry segments remain non-compliant with this national initiative to achieve standardized, secure healthcare transactions and high patient privacy levels that will improve the quality and cost-effectiveness of our healthcare delivery system. One must ask - if security threats, federal penalties, and prospects for significantly reducing healthcare errors, costs and other inefficiencies are not sufficient incentives - what are."
Based on the findings from the June survey:
Results from an online survey conducted in June by the organizations, which included more than 280 providers and 70-plus payers, concluded that the main causes of complaint slowdown include a lack of worry over public relations problems and a significant lack of worry over legal troubles associated with non-HIPAA compliance. However, payers were much more worried about adverse media coverage due to a lack of compliance than providers.
Interestingly, many organizations simply seem to be choosing to just simply not implement some or all of the HIPAA requirements. A case in point, 18 percent of provider respondents and 6 percent of payers responded that they are not compliant even though the deadline passed over two years ago.
"Many healthcare organizations are to be congratulated for their diligence in working towards the objectives of HIPAA," said D'Arcy Guerin Gue, executive vice president of Phoenix Health Systems in comments about the survey. "But it is dismaying that large industry segments remain non-compliant with this national initiative to achieve standardized, secure healthcare transactions and high patient privacy levels that will improve the quality and cost-effectiveness of our healthcare delivery system. One must ask - if security threats, federal penalties, and prospects for significantly reducing healthcare errors, costs and other inefficiencies are not sufficient incentives - what are."
Based on the findings from the June survey:
- 78 percent of providers and 90 percent of payers reported compliance with the privacy rule as of June, and privacy violations remain a problem;
- The security rule, which took effect on April 20th of this year, had a 43 percent of provider respondents -- though this is an increase from 18 percent in January. Payer compliance in this regard had an upswing to 74 percent from the January which had pay participation at 30 percent; and
- Eighty percent of provider and payer participants in June reported compliance with Transaction and Code Sets established by HIPAA, which increased from 73 percent of providers and 70 percent of payers in January. Also, as many as 55 percent of providers and payers voiced concern in the survey that many of their trading partners remain unable to accept or transmit certain HIPAA transactions.