HIPAA Compliance continues to be a HOT TOPIC in healthcare. Everyday news and information is published about the lack of compliance, the struggles within organizations, data breaches occurring, and the HIPAA audits coming. In 2013, the HIPAA Omnibus Rule was established which had many provisions on the HIPAA Privacy and Security Regulations. With the compliance date of September 23, 2013, many healthcare organizations and business associates have not taken proper steps to get to climb onto the HIPAA Omnibus and assure compliance with the new regulations.
A recent study conducted by NueMD in 2014 provided insight into compliance levels with the HIPAA Regulations and the HIPAA Omnibus Rule. Over 1,000 Medical Practices and 160 Billing Companies were surveyed in regards to the current level of compliance with HIPAA and the changes with the HIPAA Omnibus Rule. The results were SHOCKING and EYEOPENING!!!! Check out some key findings:
- 36% of respondents stated they didn’t know about the HIPAA Omnibus Rule
- 68% of respondents stated they didn’t know of the HIPAA Audits
- 23% of respondents stated they had no HIPAA Compliance Plan
- 54% of respondents stated they didn’t have a Security Officer
- 45% of respondents stated they didn’t have a Privacy Officer
- 55% of respondents stated they had no process established for Breach Notification
Based on the findings, it is clear that healthcare organizations need to step up and establish HIPAA Compliance Programs and ensure they are updating their information to include the HIPAA Omnibus Requirements. Jump on the HIPAA Omnibus and ensure that the organization has a joyful ride rather than being ran off the road.
The major components of the HIPAA Omnibus Rule that healthcare organizations AND business associates need to evaluate and implement within their organization are:
- Breach Notification
- Business Associates Compliance Requirements
- Sale of Protected Health Information
- Marketing and Protected Health Information
- Fundraising and Protected Health Information
- Research Authorization Changes
- Access to Immunization Data
- Electronic copy of Protected Health Information
- Access to Deceased Patient’s Records
- Genetic Information Nondisclosure Act (ACT)
- Restriction of Protected Health Information to Health Plans
- Update to the Notice of Privacy Practices
Please note this is not an “end all be all” list of requirements. Each organization needs to assess the regulatory changes and determine how and what applies to their specific organization.
With the HIPAA Delays – healthcare organizations are given the gift of time. Use this time to get aboard the HIPAA Omnibus and assure that you have updated or established all appropriate policies and procedures for your organization. Don’t delay any longer – the time is NOW!
Source: NueMD Survey Findings: http://www.nuemd.com/hipaa/survey/practice-findings.html