After returning from a well received presentation on "Meaningful Use: Why HIPAA is No Longer a Paper Tiger" at the World Healthcare Innovation & Technology Congress - HITECH / HIPAA Compliance Management Leadership Summit, it doesn't surprise me that a majority of healthcare organizations are not prepared to comply with new privacy and security rules enacted within ARRA and the HITECH Act.
Although much of the current healthcare investment in technology has been in the realm of diagnostic treatments and equipment, technology investment to support administrative responsibilities has been largely ignored. According to some experts, approximately 13% of current healthcare costs are related to administrative paperwork, which could be simplified and costs reduced with the use of electronic records.
Healthcare IT News: Healthcare isn't ready for new security rules
As reported in Healthcare IT News, a recent study by the Ponemon Institute surveyed 77 U.S. healthcare organizations, which discovered that many of the current HIPAA compliance programs have deficiencies in privacy and security, including "inadequate program testing and failure to update programs." In addition, less than half of the respondents indicated they had the necessary resources to comply with the new HITECH regulations.
Other findings from the survey included:
- 79% do not conduct required independent audits of HIPAA Privacy & Security programs
- 90% experienced one or more data breaches involving PHI
- 50% reported lack of management support for HITECH compliance
- 60% reported a "partially implemented" risk management program
- Approximately 50% lack necessary staff training for privacy & security
- 45% believe they do not have an effective privacy policy in place
This study correlates with the idea that EHR adoption is and will continue to be a "Wicked Problem" for the healthcare industry in the coming decade. That said, there was an interesting opportunity to hear Former President Bill Clinton at the WHIT Congress as closing keynote speaker where he encouraged participants at the conference to become more engaged advocates for healthcare change. I call the topic "5 minutes to Midnight"
Looking for a best of breed HIPAA Compliance Tracking System?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store.
will help with your compliance initiatives? If so then check out the HSG Store.
Hi Deborah,
Being a HIPAA compliant EMR & Practice Management company that has been in the business for a while, this article is really insightful. Thank you :)
Posted by: EMR by Nightingale | November 18, 2009 at 03:57 AM