SURVEY SHOWS NEED FOR RENEWED FOCUS ON PRIVACY EFFORTS
Privacy and security staff say compliance slipping, more support needed

CHICAGO, April 19—The number of hospitals and health systems achieving significant compliance with Health Insurance Portability and Accountability Act (HIPAA) privacy regulations has dropped slightly in the last year according to a survey conducted by the American Health Information Management Association (AHIMA).

The percentage of healthcare privacy officers and others whose jobs relate to HIPAA privacy who believe their institution is more than 85 percent compliant dropped to 85 percent in 2006, down from 91 percent in 2005. As a result, the percent who believe they are less than 85 percent compliant increased from 9 percent in 2005 to 15 percent in 2006.

The majority of respondents—55 percent—cited a lack of sufficient resources as the most significant barrier to full privacy compliance. Respondents report sensing a loss of support from senior management, both in ensuring facility staff is aware of the need for privacy as well as ensuring sufficient budgeting for continued education and training. This lack of resources and competing priorities has led to a diminished focus on the privacy rule by some hospital and health system staff.

“HIPAA implementation has been a challenge for organizations and the majority are meeting that challenge, but the need for privacy, confidentiality, and security remains—especially as organizations tighten staffing and budgets,” says Jill Callahan Dennis, JD, RHIA, AHIMA president. “A slight drop in the number of facilities reporting themselves to be fully or mostly compliant with HIPAA should serve as a warning to the industry that compliance should not be taken for granted.”

The survey also highlights the continued difficulties with certain provisions of the privacy rule, most notably accounting for disclosures. Many respondents would like to see changes in this provision, finding it not only burdensome but also significantly inefficient since demand for such accounting is extremely low. An overwhelming majority of respondents reported receiving only a few requests for an accounting with 64 percent receiving no requests at all.

One year into the HIPAA security regulations, 25 percent of respondents indicate full compliance with another 50 percent indicating they are between 85 and 95 percent compliant. This represents an increase over 2005, when 17 percent of all respondents described themselves as fully compliant and 43 percent described themselves as 85 to 95 percent compliant. These results appear to indicate that the security regulations were much easier to achieve than the privacy rules.

When asked about patient privacy concerns, 30 percent of respondents said they encountered more questions from consumers this year and, more disturbingly, 22 percent reported an increase in the number of patients who refused to sign release of information forms. While more research is needed to understand the concerns behind this increase, it is clear the industry has an opportunity to better educate consumers regarding the protection of their personal health information.

“Communicating with consumers, answering their questions and addressing their concerns, is a key to advancing health information exchange activities,” says Linda Kloss, MA, RHIA, AHIMA CEO. “Without consumer confidence the nationwide health information network will never succeed.”

AHIMA conducted the survey in January 2006, with the assistance of an impartial third-party market research firm. E-mail invitations were sent to AHIMA members who were considered most likely to have participated significantly in the HIPAA implementation process and others who had participated in various HIPAA-related educational opportunities provided by AHIMA. The survey received 1,117 qualified responses. For a copy of the report, “State of HIPAA Privacy and Security Compliance 2006,” visit AHIMA’s Web site at http://www.ahima.org/emerging_issues/2006StateofHIPAACompliance.pdf.

AHIMA is the premier association of health information management (HIM) professionals. AHIMA's 52,000 members are dedicated to the effective management of personal health information needed to deliver quality healthcare to the public. Founded in 1928 to improve the quality of medical records, AHIMA is committed to advancing the HIM profession in an increasingly electronic and global environment through leadership in advocacy, education, certification, and lifelong learning. For more information, go to http://www.ahima.org.