Business

Industry not ready for HIPAA security mandate

A report urges health care entities to act now to safeguard electronic data.

By Tyler Chin — Posted May 24, 2004

Print  |   Email  |   Respond  |   Reprints  |   Like Facebook  |   Share Twitter  |   Tweet Linkedin

Health care organizations are woefully unprepared to comply with the HIPAA security rule and must act immediately to meet the April 21, 2005, deadline, according to a report by URAC, a health care organization accrediting agency.

URAC warned the industry to start compliance efforts now because it will take six months to a year to implement a program to protect the confidentiality, integrity and availability of patient records stored in an electronic format or transmitted electronically. URAC based its assessment on contacts with 300 health care entities that have inquired about or gone through its Web site and HIPAA privacy and security accreditation programs,

Although URAC did not consult with small physician offices for its report, it believes -- as do other industry observers -- that doctors are equally unprepared for HIPAA security compliance.

Compliance will be challenging regardless of size, but "smaller practices obviously have less work to do in the sense that they have smaller [information] systems and smaller number of individuals with whom they need to be concerned," said Claire W. Barrett, a URAC accreditation reviewer who co-wrote the report.

"The other thing to keep in mind is the security rule is designed ... to be scalable so the compliance activity of physicians will be inherently less than a complex hospital's or health plan system's," said Garry Carneal, URAC's president.

URAC's report identified four key barriers toward compliance: incomplete or inadequate risk analysis effort; inconsistent and poorly executed risk management strategies to address security vulnerabilities; limited or faulty information systems activity review; and ineffective security incident reporting and response.

The report lays out a 12-month timetable of activities and recommendations for meeting the security rule compliance deadline.

Back to top


External links

URAC's security white paper (link)

Back to top


ADVERTISEMENT

ADVERTISE HERE


Featured
Read story

Confronting bias against obese patients

Medical educators are starting to raise awareness about how weight-related stigma can impair patient-physician communication and the treatment of obesity. Read story


Read story

Goodbye

American Medical News is ceasing publication after 55 years of serving physicians by keeping them informed of their rapidly changing profession. Read story


Read story

Policing medical practice employees after work

Doctors can try to regulate staff actions outside the office, but they must watch what they try to stamp out and how they do it. Read story


Read story

Diabetes prevention: Set on a course for lifestyle change

The YMCA's evidence-based program is helping prediabetic patients eat right, get active and lose weight. Read story


Read story

Medicaid's muddled preventive care picture

The health system reform law promises no-cost coverage of a lengthy list of screenings and other prevention services, but some beneficiaries still might miss out. Read story


Read story

How to get tax breaks for your medical practice

Federal, state and local governments offer doctors incentives because practices are recognized as economic engines. But physicians must know how and where to find them. Read story


Read story

Advance pay ACOs: A down payment on Medicare's future

Accountable care organizations that pay doctors up-front bring practice improvements, but it's unclear yet if program actuaries will see a return on investment. Read story


Read story

Physician liability: Your team, your legal risk

When health care team members drop the ball, it's often doctors who end up in court. How can physicians improve such care and avoid risks? Read story

  • Stay informed
  • Twitter
  • Facebook
  • RSS
  • LinkedIn