A new survey by the Ponemon Institute, an organization dedicated to advancing responsible information and privacy management practices, found that almost all surveyed organizations did not substantially comply with HIPAA, including as modified by the HITECH Act. The survey was conducted in November 2009, but, according to Ponemon, the results are not supposed to have changed much.
Ponemon Institute’s survey of 77 healthcare organizations, including 42 covered entities and 35 business associates, found (via BNA):
- 27 percent of the health care organizations had not started and were “barely aware” of what was required;
- 32 percent of the organizations were waiting for more details;
- 14 percent of organizations surveyed had a plan but were waiting for more details on the requirements;
- 21 percent of the organizations surveyed were just beginning to act on becoming compliant;
- 79 percent of organizations do not regularly have the required independent assessment or audit of their program to determine adequacy; and
- 57 percent reported having known deficiencies for privacy or security.
You can find the full survey here.
“Study Finds Majority of Health Care Entities Not Compliant with HIPAA, HITECH Provisions,” BNA Health IT Law & Industry Report (May 24, 2010).