Are You Compliant With Federal Healthcare Regulations?

The results of the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) health information audit pilot program may be alarming to many health care providers, health insurers, and their business associates. OCR Senior Adviser Linda Sanches recently reported the results of the audits which were conducted by HHS-contracted KPMG.  The vast majority of the audited organizations failed to comply with mandatory requirements.

The most common cause of non-compliance was a lack of awareness of privacy and security requirements.  In particular small healthcare providers struggled with compliance.

The audit pilot program, involved 115 HIPAA covered entities, including 61 healthcare providers, 47 health insurers, and 7 healthcare clearinghouses.  The audits were preformed from November 2011 through December 2012.  The findings show that many healthcare companies are unaware of the HITECH Act’s requirements.  Most of the healthcare providers had not done a complete, accurate risk assessment.

The audit pilot program findings highlight a common problem among healthcare organizations and their business associates: a lack of understanding of data privacy and security laws. The findings also underscore the importance of employee training and breach response preparation.

Data security has become a multidimensional responsibility, especially in health care. As technology has become more prevalent and more portable, properly managing data can be challenging due to the complexity of the regulatory schemes, the broad range of employees involved and their varied responsibilities, and the difficulty in monitoring dozens of business associates.

If you have any questions about your status regarding IT security and compliance with Federal regulations contact ITPAC today.