HIPAA compliance efforts wilt in summer survey

Jonathan S. Batchelor
Aug 23, 2005

The dog days of summer tend to reduce activity of all kinds as hot, sultry temperatures take over. This year even healthcare facilities seem to have been affected. According to the recent U.S. Healthcare Industry HIPAA Compliance Survey, payors and providers seem to be showing a seasonal deceleration in their HIPAA compliance efforts.

The survey, conducted from June 1 through June 20 this year, found that while progress has been made in all three areas of compliance -- security, privacy, and transactions and code sets (TCS) -- a surprisingly large percentage of covered organizations have yet to achieve many of the basics of HIPAA. The survey is a joint venture by consulting firm Phoenix Health Systems of Montgomery Village, MD, and the Healthcare Information and Management Systems Society (HIMSS) of Chicago.

The results are based on responses from 383 healthcare representatives who responded to an e-mail invitation to participate. Provider organizations accounted for 80% of the respondents, and payors made up the remaining 20% of the cohort. Approximately 84% of the total respondents indicated that they hold an official role within their organization for HIPAA compliance.

"Current survey results show, for the first time in the survey's six-year history, that many healthcare organizations have simply chosen not to implement many, if not all, HIPAA requirements," the study authors wrote.

The provider organizations were broken down into facility and practice categories. Approximately 22% of the respondents were from hospitals with more than 400 beds, and 17% were from institutions with 100 to 400 beds. Facilities with fewer than 100 beds made up 13% of the provider portion of the survey. Medium-size physician practices or other healthcare providers of 11 to 29 members comprised 9% of the provider respondents, while smaller practices of 10 or fewer members made up the remaining 19%, according to the survey data.

Payors were stratified into those covering more than 1.5 million lives (3%), 501,000 to 1.5 million lives (4%), 150,000 to 500,000 lives (3%), and those organizations covering fewer than 150,000 lives (10%).

According to the survey respondents, even though all major compliance deadlines have passed, the two most reported roadblocks to HIPAA adoption were the following:

  • No public relations or brand problems anticipated with noncompliance
  • No anticipated legal consequences for noncompliance (complaint-driven oversight)

"Many action items comprising HIPAA initiatives are dependent on steps that came before, and all require adequate resources including time, talent, and money," the study authors noted. "This complex combination of factors has been a prescription for compliance delay, if not failure, for many organizations."

Security still porous

The security compliance deadline was last April, but less than three-quarters of payors (74%) indicated that they are currently compliant with the HIPAA security regulations. However, the group as a whole has made a strong effort to become compliant in the past six months, compared with the 30% that stated they were compliant in January of this year.

Providers are struggling to achieve security compliance, although they, too, have shown significant gains over the past six months. Approximately 43% of the surveyed providers said their organizations were compliant, yet this is a vast improvement over the 18% who reported they were compliant in January.

"Of organizations that are currently noncompliant, the majority expect to achieve compliance within three to four months," the study authors wrote.

Risk management and analysis, information system activity review, and audit controls were the elements of Security Rule implementation that payors and providers deemed most difficult to implement. About half of the providers found contingency planning to be a stumbling block, while payors said security incident response and reporting was a problem for their organizations.

Security breaches remain a problem. Approximately 32% of the providers (a 12% downturn from the 40% reported in January) and 27% of payors experienced at least one security breach. The authors noted that given overall levels of Security Rule compliance, some organizations may not yet have established tracking mechanisms for security breaches.

Privacy plateau

And although compliance with the HIPAA privacy rule may have plateaued, privacy violations continue. Survey results indicate that 78% of providers and 90% of payors are compliant with the rule.

However, 18% of providers and 6% of payors report that they remain noncompliant, more than two years after the April 2003 deadline. Consistent with survey results both in June 2004 and January 2005, these numbers infer little or no progress with a core group of noncompliant covered entities.

"It is not difficult to draw the conclusion that incentives to implement HIPAA-required privacy practices have been -- and may remain -- insufficient to induce 100% compliance by the healthcare industry," the study authors wrote.

Even more troubling than the minority of compliance-resistant healthcare entities is the ongoing struggle with privacy breaches. More than half (59%) of the providers and 45% of the payors reported privacy breaches in the past six months. However, this is a marked improvement from the prior six months, when 73% of the providers and 57% of the payors experienced known privacy breaches.

TCS ticking down

The Centers for Medicare and Medicaid Services (CMS) have set an October 1 final deadline for compliance with HIPAA's TCS standards. After that date, the agency will return all reimbursement claims that do not meet compliance to their originator for resubmission as compliant claims.

Given that economic incentive, one would expect all payors and providers to be 100% compliant with TCS. However, according to the survey, approximately 20% of payors and providers are still noncompliant.

Of the 80% of payors that reported full compliance, only 68% said they were conducting all required transactions. For the providers that indicated full TCS compliance, only 44% indicated they were conducting all required transactions.

Logistical issues with information system interfaces between payors and providers continue to bedevil the healthcare industry's capability to implement TCS compliance. An average of 55% of providers and payors noted that while their information systems are capable of producing certain transactions, their trading partners cannot accept or transmit them.

"Many healthcare organizations are to be congratulated for their diligence in working toward the objectives of HIPAA," said D'Arcy Guerin Gue, executive vice president of Phoenix Health Systems. "But it is dismaying that large industry segments remain noncompliant with this national initiative to achieve standardized, secure healthcare transactions, and high patient privacy levels that will improve the quality and cost-effectiveness of our healthcare delivery system. One must ask -- if security threats, federal penalties, and prospects for significantly reducing healthcare errors, costs, and other inefficiencies are not sufficient incentives, what are?"

By Jonathan S. Batchelor
AuntMinnie.com contributing writer
August 24, 2005

Related Reading

CMS sets final date for HIPAA TCS compliance, August 5, 2005

HIPAA compliance still a distant goal as deadline looms, April 1, 2005

Evolving information threats make HIPAA Security Rule necessary, February 18, 2005

HIPAA TCS standards provide business intelligence opportunities, February 17, 2005

Seven-step approach offers help for HIPAA integration, February 14, 2005

Copyright © 2005 AuntMinnie.com

Latest in IS
2017 03 30 15 16 56 745 Mammogram Calendar 400
Can self-scheduling and referral close breast cancer screening gaps?
July 31, 2023
2018 11 19 17 20 4754 Back Pain 400
Simple EHR intervention reduces unnecessary lower-back x-rays
July 30, 2023
2020 01 28 20 45 5229 Cloud Computing Laptop 400
Amazon Web Services releases imaging data platform
July 25, 2023
2021 06 16 23 10 5735 Student Doctor Laptop Test 400
Online course teaches students about appropriate imaging use
July 19, 2023
Related Stories
2005 04 12 16 47 18 706
IS
SNOMED CT: Electronic health records enhance radiology patient safety
Merge
IS
Merge eFilm
Ris
IS
Clinical specialization, connectivity keep RIS vital
Witt
IS
Witt Biomedical
More in IS
Can self-scheduling and referral close breast cancer screening gaps?
By Amerigo Allegretto
Online patient portal self-scheduling and self-referral methods can help mitigate health disparities in breast cancer screening, according to research published July 26 in the Journal of the American College of Radiology.
July 31, 2023
2017 03 30 15 16 56 745 Mammogram Calendar 400
Simple EHR intervention reduces unnecessary lower-back x-rays
By Kate Madden Yee
A relatively simple electronic health record (EHR) intervention reduces the incidence of unnecessary x-rays for patients presenting with low back pain, a study published July 28 in the Journal of the American College of Radiology has found.
July 30, 2023
2018 11 19 17 20 4754 Back Pain 400
Amazon Web Services releases imaging data platform
By AuntMinnie.com staff writers
Amazon Web Services has launched an imaging data platform for storing, accessing, and analyzing medical images at petabyte scale.
July 25, 2023
2020 01 28 20 45 5229 Cloud Computing Laptop 400
Online course teaches students about appropriate imaging use
By Amerigo Allegretto
An online elective course can effectively educate radiology students on the concept of appropriateness in medical imaging, according to an Israeli study published July 18 in Academic Radiology.
July 19, 2023
2021 06 16 23 10 5735 Student Doctor Laptop Test 400
CMS proposes radiology reimbursement cuts, AUC pause for 2024 MPFS
By Erik L. Ridley
In what has seemingly become an annual event, the U.S. Centers for Medicare and Medicaid Services (CMS) has once again included radiology reimbursement cuts in its Medicare Physician Fee Schedule (MPFS) Proposed Rule.
July 13, 2023
2019 07 31 17 01 7432 Medicare Puzzle 400
Summary reports improve CT planning for ovarian cancer surgery
By Kate Madden Yee
A synoptic, or summary radiology report, improves pretreatment CT planning for patients with advanced ovarian cancer compared to a simple structured report, according to a study published on July 12 in the American Journal of Roentgenology.
July 12, 2023
2023 07 12 19 50 6142 2023 07 12 Ajr Ct Ovarian 400
PET/CT shows value in patients with portal vein thrombosis
By Will Morton
PET/CT could be a valuable new imaging technique for distinguishing benign from malignant portal vein thrombosis in liver cirrhosis patients, according to a group in Egypt.
June 26, 2023
2023 06 22 23 04 9721 2023 06 23 Pet Pvt 20230622231003
Ransomware affects emergency radiology workflows
By Amerigo Allegretto
Ransomware attacks have a significant effect on emergency radiology workflows, as well as on acute care delivery and the personal well-being of healthcare providers, according to a study published June 15 in the Annals of Emergency Medicine.
June 19, 2023
2021 08 10 16 10 2928 Cybersecurity Lock V2 400
SIIM: Can Microsoft Teams lessen radiologist interruptions?
By Erik L. Ridley
AUSTIN, TX - Asynchronous forms of communication such as Microsoft Teams are much less disruptive to radiologists than phone calls or in-person visits, according to a talk delivered at the annual Society for Imaging Informatics in Medicine (SIIM) meeting.
June 18, 2023
2020 04 16 18 17 3383 Radiologist Ct Scan Brain Tumor 400
Turing debuts MRI visual feedback module at ISMRM 2023
By AuntMinnie.com staff writers
Neuroimaging software company Turing Medical Technologies (formerly Nous Imaging) used the venue of ISMRM 2023 in Toronto to launch FIRMM-pix, an in-bore visual feedback module designed to actively reduce head motion during brain MRI scans.
June 8, 2023
2023 01 30 21 50 9506 Computer Display Monitor Lab Mri V2 400
ImagineSoftware acquires Within Health
By AuntMinnie.com staff writers
Radiology billing and RIS developer ImagineSoftware has acquired artificial intelligence software developer Within Health. Terms of the deal were not disclosed.
May 23, 2023
2020 08 20 17 37 8876 Business Handshake Man 400
DetectedX touts learning platform success
By AuntMinnie.com staff writers
DetectedX is highlighting that the user base for its Radiology Online Learning Centre has exceeded 4,500 users, which the company says range from large radiology groups to individuals around the world.
May 3, 2023
2020 06 16 22 09 9134 Doctor Virtual Meeting Laptop Computer 400
Page 1 of 603
Next Page