SURVEY SHOWS HEALTHCARE ORGANIZATIONS ACHIEVING GREATER HIPAA COMPLIANCE BUT CHALLENGES REMAIN
Privacy and security staff say continuing education and refinements needed

CHICAGO, April 11—The number of hospitals and health systems achieving full compliance with the Health Insurance Portability and Accountability Act (HIPAA) privacy rule has nearly doubled in the past year—rising from 23 percent to 40 percent—according to a survey conducted by the American Health Information Management Association (AHIMA). In addition, 91percent of overall respondents considered their facilities to be more the 85 percent compliant as the healthcare industry marks the second anniversary of HIPAA privacy rule implementation later this month.

While compliance is on the rise, the survey results suggest that more education and refinement may be necessary. When asked about any difficulties implementing or enforcing specific provisions of the privacy rule, “accounting for the release of information” topped the list again this year. The number of respondents saying this provision needs to be modified by the federal government jumped to 61 percent—up from 39 percent in 2004. Compounding their frustration with this provision is the fact that most facilities received very few if any patient requests for an accounting. In fact, 67 percent of respondents reported receiving no requests at all.

The need for ongoing education and retraining was consistently mentioned as a main concern with respondents feeling there is less support and fewer resources for such activities now that HIPAA privacy is in place.

“The compliance figures are certainly encouraging,” stated Mervat Abdelhak, PhD, RHIA, president of AHIMA. “But the clear message here is that privacy and security are on-going issues that require continued commitment and fine-tuning and can’t be forgotten beyond initial compliance.”

With the implementation deadline for HIPAA’s security rule coming later this month, 17 percent of responders described themselves as completely compliant, 43 percent described themselves as 85 to 95 percent compliant, 26 percent felt they were about 50 percent compliant, and 12 percent felt they were less than 50 percent compliant. Where facilities were behind on implementation, there was generally a conflict with other necessary information technology (IT) projects.

While HIPAA implementation has compelled organizations to make strides in the area of privacy and security, more challenges are ahead. Privacy officers soon will be faced with the advent of regional and national health information exchanges. Even small indicators of privacy or security noncompliance must be addressed so that privacy issues do not challenge the movement to develop regional and national health information networks.

"Privacy is certainly an issue at the forefront of any discussion regarding the development of a national health information network," says Dan Rode, MBA, FHFMA, AHIMA’s vice president of policy and government relations. "The results of this survey will contribute to the national healthcare IT agenda by providing the industry with a better understanding of the current state of privacy and security compliance in an increasingly electronic environment.”

AHIMA releases the results of this research in conjunction with the second annual National Health Information Privacy and Security Week, April 10 – 16. AHIMA sponsors National Health Information Privacy and Security Week to raise awareness among healthcare professionals, their employers, the media, and the public regarding the importance of protecting the privacy, confidentiality, and security of personal health information.

For a copy of the report, “State of HIPAA Privacy and Security Compliance 2005,” visit the AHIMA’s Web site at http://www.ahima.org/marketing/email_images/2005PrivacySecurity.pdf. Respondents to the survey included designated privacy and security officers and those serving on the HIPAA privacy and security teams or committees within hospitals and health systems.

AHIMA is the premier association of health information management (HIM) professionals. AHIMA's 52,000 members are dedicated to the effective management of personal health information needed to deliver quality healthcare to the public. Founded in 1928 to improve the quality of medical records, AHIMA is committed to advancing the HIM profession in an increasingly electronic and global environment through leadership in advocacy, education, certification, and lifelong learning. For information about the Association, go to http://www.ahima.org/.