The trusted source for
healthcare information and
HIPAA Regulatory Alert
HIPAA security rule progress still slow
Many companies still not fully compliant
A Computerworld survey of information technology managers and analysts found that five months after HIPAA's data security rules took effect, many health care companies still are not fully compliant with them. Those interviewed said technology, process, and budgetary issues delayed compliance efforts, along with what was seen as a weak enforcement component that has led many health care organizations to believe they could take a wait-and-see attitude toward the rules.
Meanwhile, a June survey conducted by the Healthcare Information and Management Systems Society (HIMSS) showed that some 74% of the insurers and 43% of the health care providers responding to the survey said they were fully compliant with the security rules, which became effective April 20. Those numbers were up from the organization's January survey but still were surprisingly low to HIMSS officials.
Several organizations surveyed reported they had chosen not to implement all of the security requirements because they didn't anticipate that it would result in any image problems or legal issues, according to HIMSS director of informatics Joyce Sensmeier.
HIPAA provides for civil penalties of up to $25,000 and criminal penalties of up to $250,000 per year for noncompliance. The Centers for Medicare & Medicaid Services initiates enforcement action only in response to a complaint against a company.