Health Information Management

HIPAA benchmarking survey reveals trends about reportable breaches

HIM-HIPAA Insider, February 23, 2015

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

by Jaclyn Fitzgerald, Editor

In early 2014, HCPro’s Medical Records Briefing (MRB) newsletter conducted a HIPAA benchmarking survey to gauge compliance with the HIPAA Omnibus Rule shortly after its September 23, 2013 implementation date. This year, MRB asked healthcare professionals to give us an update on their HIPAA compliance more than one year after implementation.
 
With the March 1 deadline for reporting breaches of PHI to HHS just around the corner, it seemed appropriate to ask respondents about breach notification. The percentage of respondents that said their organizations experienced a HIPAA breach in the past two years remained at 55% from 2014 to 2015.
 
However, more than half of respondents (54%) said their organizations have not experienced an increase in reportable breaches and do not anticipate an increase. Some of this may be related to how organizations define a breach. In fact, one respondent said that his or her facility struggled most with determining whether an incident is a reportable breach.
 
The HIPAA Omnibus Rule eliminated the harm threshold and expanded the definition of a breach to include all PHI that is compromised, which some industry experts predicted would lead to an increase in reportable breaches. The expansion of the definition of a breach may explain why some respondents say they have not experienced a breach in the last two years, says Chris Simons, MS, RHIA, HIM director and privacy officer at Cheshire Medical Center in Keene, New Hampshire. “I suspect they are not using the Omnibus standard for determining a breach, but instead relying on the old assessment of potential harm,” Simons says.
 
This year, 42% of respondents were HIM directors or managers, 30% were privacy officers, and 19% were compliance officers or managers. Similar to 2014, nearly half of this year’s respondents (49%) serve as the privacy officers for their organizations compared to 50% in 2014, while just 33% reported being privacy officers prior to the Omnibus Rule implementation in early 2013. Based on this data, an increased number of HIM directors or managers appear to be serving as privacy officers at their facility. More specifically, 65% of HIM directors and managers responding to the 2015 survey also serve as the privacy officer.

 



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular