Survey reveals that healthcare organizations are keen to comply with Federal Privacy laws
FairWarning recently commissioned an independent firm to execute a national survey of healthcare providers. The survey included 200 unique hospitals from across the US, the majority of which were compliance, privacy or risk personnel, followed by IT management and executive management. The survey was designed to elicit answers regarding opinion and insights on new healthcare privacy regulations (specifically ARRA HITECH), patient safety, privacy and auditing budgets and information technology risk management.
In the survey, nearly half of healthcare organizations (or 47.3 percent) believed their organization is already compliant with federal privacy laws such as ARRA HITECH and HIPAA and is audit ready. However, nearly one-third of survey respondents stated they will not be compliant with ARRA HITECH requirements by the set deadlines. Again, just 7 percent of respondents have demonstrated that they have both processes and automated systems in place which incorporate cornerstone technologies designed to eliminate security and privacy vulnerabilities.
The greatest concern of the respondents surrounding non-compliance with any of the federal privacy laws, were reputational impact of a failed audit or major privacy breach, financial penalties for non-compliance and media exposure.
“It is highly unlikely that an organization can fully comply with its obligations under HIPAA and the ARRA HITECH without implementing automated systems for patient and user privacy auditing, managing and aggregating accounting of disclosures and identity management,” stated John Houston, Vice President of Privacy and Information Security and Assistant Counsel at the University of Pittsburgh Medical Center. “While respondents felt that their level of compliance was high, their implementation of necessary technologies was much lower.”
The survey findings concluded that healthcare organizations are:
1. Familiar with new healthcare privacy and security regulations, specifically ARRA HITECH
2. Concerned with the reputational impact associated with a breach and breach notification requirements
3. Mobilizing to meet compliance requirements and deploying critical technologies to plug security gaps and meet compliance requirements
4. Allocating budget to meeting new privacy and security requirements
5. Beginning to believe that enforcement of these laws is a government priority and,
6. In need of further education to align spending and technology deployments to government expectations.
Subscribe to the comments for this post