Case Management

Mentor Moment: Many providers unprepared for HIPAA audit

Case Management Weekly, January 4, 2012

Most healthcare organizations charged with HIPAA compliance are not fully prepared for a privacy and security audit by federal regulators, a November 2011 survey conducted by HCPro, Inc. reveals.

For hospital leaders, already facing multiple technology challenges—implementing ICD-10 and electronic medical records systems, and pursue meaningful use certification, this is not great news. The government is already conducting audits.

The Office for Civil Rights, which enforces the HIPAA Privacy and Security rules, engaged a contractor to conduct random audits of 150 covered entities and business associates by December 31.

HCPro’s survey results indicate that only 17% of responding organizations are fully prepared for an OCR privacy and security compliance audit.

“It is very hard to get your staff to understand how important this is,” one compliance officer said. “Each breach we have is due to carelessness and not intentional, for example, not checking a patient name when you mail something out.”

Only 281 or 70% of the more than 400 respondents, which included HIM directors and compliance officers, said they are “somewhat prepared” for a government HIPAA compliance audit.

The January editions of Medical Records Briefing and Briefings on HIPAA will provide more details about the survey results.

Most Popular