The much-anticipated compliance deadline for the Health Insurance Portability and Accountability Act privacy rule has come and gone - but health care providers still have their work cut out for them. According to a recent survey, 78 percent of providers said they were HIPAA compliant by the April 14 deadline - a gigantic upsurge from the mere 9 percent who touted their compliance in January. "Many enterprises hire staff who will 'work well under pressure,'" says the survey, conducted by the Healthcare Information and Management Systems Society and Phoenix Health Systems, "and our spring survey results suggest that healthcare organizations employ their share."
However, as HIMSS and Phoenix point out, a closer look at the results show that plenty of work is left to be done - even for providers who claim HIPAA compliance. Between 10 and 40 percent of "privacy-compliant" providers still aren't up to speed on the following compliance measures:
obtaining all required business associate agreements (this appears to be the big trouble spot - 40 percent of "compliant" organizations still haven't worked this out);
monitoring organizational compliance;
implementing security protections required under the privacy rule;
employing appropriate "minimum necessary" restrictions; and
maintaining an accounting of disclosures. To see the survey, go to
www.hipaadvisory.com/action/surveynew/Spring2003.htm. Lesson Learned: Catching up on - and maintaining - HIPAA privacy compliance should still be a top concern for health care organizations.