Editor's Corner

Like it or not, if you've got a role in healthcare IT, you also probably have a hand in your organization's Health Insurance Portability and Accountability Act (HIPAA) compliance responsibilities. Been ducking those responsibilities? You're not alone.

The deadline for complying with HIPAA security regulations was April 1, and 74 percent of payer-respondents in a recent survey said they were in compliance (up from a January survey total of 30 percent) compared with 43 percent of provider-respondents (up from 18 percent in January). But there's not much incentive to step up compliance efforts, the survey found. In fact, when asked to rank their biggest obstacles to HIPAA compliance, respondents placed "no public relations or branding problems anticipated with noncompliance" and "no anticipated legal consequences to noncompliance" at the top of the list.

Now in this case we're talking about a relatively small survey: 282 provider organizations and 71 payers with the Health Information and Management Systems Society (HIMSS) and Phoenix Health Systems. But these results track with many other surveys revealing an industry complacent about compliance, to put it politely. And no wonder.  With formal federal enforcement waning in the last several years (quick example: the number of FDA warning letters has been falling for years), it may take a visible federal crackdown to force industry to address HIPAA and related patient data security regulations. (To learn more about IT's role in HIPAA compliance, go here.) - Michael

Post a comment