A recent survey of 77 healthcare organizations discovered that almost every single one of them said they are not ready to comply with the privacy and security provision of the Health Information Technology for Economic Clinical Health Act, which goes into effect in February.
The HITECH Act extends the Health Insurance Portability & Accountability Act’s (HIPAA) rules for security and privacy safeguards, including increased enforcement, penalties, and audits. According to the survey, many current HIPAA compliance programs have deficiencies in the areas of privacy and security, including inadequate program testing and failure to update the programs.
Now, the number of health care organizations is rather low. So the survey from the Ponemon Institute and Crowe Horwath LLP is a sampling at best. At the same time, what you can take away from the results should raise a few eyebrows. If 94-percent of the 77 organizations surveyed are unprepared, how does everyone else fair?
Out of the 77 organizations who make up the data pool, most of them have had one or more data breach incidents involving the loss or outright theft of protected health information over the last two years. In fact, 90-percent of them said they have lost at least one record. At the same time, over half of them report that there is no management support for the HITECH Act. If management isnРІР‚в„ўt behind the program, you can forget anyone in IT getting the funding to make the needed infrastructure changes to support it.
Sixty percent of those surveyed said their organizations have only partially implemented a risk-based program for protecting the privacy of protected health information (PHI). Almost half of respondents say they do not provide adequate staff training for privacy and security. Forty-five percent believe their organizations have not effectively developed a privacy policy that clearly summarizes appropriate use and sharing of PHI.
“It is disappointing, though not surprising, to learn that a majority of companies do not believe they are prepared for the latest in healthcare information security regulations,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute.
“Our research consistently finds that a lack of budgetary and moral support from the executive suite is a common barrier to proper data security and management programs, even with the specter of regulatory enforcement looming.”
Tell us, do you trust that your medical provider is doing all they can to protect your personal medical information?