OCR: Healthcare organizations unaware of privacy regulations
Recent HIPAA audits of provider and payer organizations conducted by contractor KPMG on behalf of the U.S. Department of Health & Human Services determined that many in the industry don't know which privacy regulations apply to them. An analysis of the audits by the HHS Office for Civil Rights unveiled this week found that out of 980 problems identified during 115 audits conducted last year, 289 (30 percent) were due to ignorance on the part of organizations. "Most of these related to elements of the Rules that explicitly state what a covered entity must do to comply," the analysis says.
What's more, out of 59 providers audited, 58 had at least one security finding or observation. Additionally, 47 providers failed to complete an accurate risk assessment that could help to identify potential data issues. Analysis