News Feature | September 19, 2016

Survey Reveals How Well Respondents Understand HIPAA

Christine Kern

By Christine Kern, contributing writer

Results show that just 40 percent were aware of planned Phase 2 HIPAA audits.

As Health IT Outcomes wrote, there are 154 separate requirements as part of the HIPAA security standard, each of which has defined audit procedures. The Office of Civil Rights began conducting the first round of HIPAA audits in October 2014, affecting physician practices, healthcare facilities, and their corresponding business associates. In order to ensure the continued protection of protected health information, HIPAA has had to evolve as innovative technology has expanded the way healthcare providers interact with sensitive patient data.

In 2014, NueMD designed a questionnaire to gauge respondents’ knowledge of HIPAA’s Privacy and Security regulations, compliance measures, and communication methods, totaling over 1,100 responses from medical practices and billing companies across all 50 states. Curious to see if the healthcare industry had made any progress, NueMD conducted a follow up survey this year to see where medical practices currently stand.

The 2016 study surveyed 927 respondents across patient care, officer manager, administrator, billing, office/IT staff, and other roles, representing a wide range of practices and billing companies. And while awareness of the HIPAA audit process has risen from 32 percent in 2014 to 40 percent today, there is still significant room for improvement. Awareness is just the first step towards compliance, however; all healthcare entities must take active steps to ensure guidelines are being followed.

The survey also investigated how the participants were faring when it came to actual adoption of a HIPAA Compliance Plan, illustrating that some have encountered challenges in their follow-through. In 2014, 58 percent of respondents had reported they had a compliance plan in effect; in 2016, that number has rising to just over 70 percent.

However, the study found, “Practices seemed to be slipping a little with regard to some of the other aspects of compliance.” One of those aspects is annual training, which is imperative to ensuring staff know the appropriate steps to take in the event of a potential or actual breach. In this regard, the survey actually found a decrease from 62 percent to 58 percent of owners, managers, and administrators who said they provided annual training for their staff. The study authors speculate delays in HIPAA auditing may have been a contributing factor to this reduction.

The study also revealed a minor drop in the appointment of security and privacy officers as required by HIPAA. In 2014, 56 percent of respondents said they had already made these hires, but those numbers dropped to 53 percent for security officers and 54 percent for privacy officers.

Ultimately, the study reveals there is still significant work to be done when it comes to meeting HIPAA requirements by healthcare agents. The final question on the survey asked how confident they were that they had at least one employee familiar with HIPAA who was taking active steps to ensure compliance. In 2014, 81 percent reported being “very” or “somewhat” confident, while in 2016 that number was 83 percent.