Health care closes in on compliance with HIPAA
Health care closes in on compliance with HIPAA
Industry has until April 2003 to comply
The health care industry appears to have taken the organizational steps necessary to comply with the Health Insurance Portability and Privacy Act (HIPAA) privacy rule, according to a survey conducted by the Health Care Compliance Association (HCCA) in Philadelphia.
This new regulation, which affects every aspect of the health care industry’s business and clinical operations, calls for sweeping changes in the way in which an individual’s health information is handled. Hospitals, physicians, laboratories, outpatient clinics, surgery centers, nursing homes, home care, managed care, health care insurers, and other health care entities are all affected by this new omnibus rule. The government has given the health care industry until April 2003 to comply with the comprehensive regulation meant to protect the privacy of an individual’s medical information.
The HCCA surveyed its members about HIPAA privacy readiness in the fall of 2001. The HCCA sent the survey to all its members, and 237 completed surveys were returned, 107 of which came from hospitals. In addition, 62% of the respondents indicated their facilities are located in urban areas, 22% are in suburban areas, and 16% are in rural areas.
An important step toward implementing this new rule is educating the organization on the way patients’ medical information will be handled. Staff education about the new privacy rule is under way. Most organizations have held one or two hours of training on HIPAA privacy regulations for the majority of their stakeholders — physicians, staff, executives, and board members.
When asked whether various groups had received one to two hours of HIPAA education, 55% said their Board of Directors had been educated; 52% said staff had been educated; 46% said medical staff had been educated; and 42% said executive staff had been educated. The survey also indicates that 43% of medical staff, 30% of Board of Directors, 31% of staff, and 8% of executive staff have received no HIPAA privacy training.
Of those responding to the survey:
- 93% report that a HIPAA task force has been established.
- 77% indicate that a privacy officer has been designated.
- 64% have reviewed employee screening and background checking practices.
- 81% have determined the organization’s designation as a covered entity.
- 60% report that a security officer has been designated.
- 54% report that privacy and security responsibilities have been assigned to one individual.
Respondents report that 40% have developed organizational structures that delineate responsibilities for privacy and security, while 33% have developed cost estimates for privacy, security, and transaction requirements.
Development of HIPAA privacy policies and procedures also is proceeding. Forty-nine percent say policies have been developed related to discipline for breach of privacy principles and breaches of security, 41% have developed a grievance policy to address complaints and breaches of confidentiality, and 53% have developed policies related to patient access to records.
However, 78% indicate they have not developed policies for access to "minimum necessary" information, 80% have yet to develop policies addressing the potential exposure of protected health information through viewing, paging, or other operational activities, and 73% have not developed policies related to verbal discussions of protected health information by authorized persons. The fact that the security regulations related to health information are proposed and not final may account for why they are not as far along.
Those responding to the survey on issues related to Transaction and Code Sets report that 59% have identified all transaction standards and code sets, 32% have determined preparedness of trading partners, 28% have developed systems for ongoing maintenance of standards transactions and code sets, 30% have educated their business office on standards and code sets, and 47% have identified all electronic data interchange partners. The rule requires that Transaction and Code Sets be in place by October 2002.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.