HIPAA resistance continues

[InfoSec News <isn () c4i org>]

http://www.nwfusion.com/news/2002/1108hipaa.html

By Deni Connor
Network World Fusion, 11/08/02

A survey by two organizations shows that less than 50% of affected
healthcare systems have completed an assessment of the effect the
Health Insurance Portability and Accountability Act (HIPAA) will have
on their organizations.

Phoenix Health Systems and the Healthcare Information and Management
Systems Society (HIMSS), an organization that represents more than
13,000 healthcare institutions, found that HIPAA compliance for
organizations is being hampered by interpretation of the regulations
and not enough time to file needs assessments and documents relating
to privacy and remediation.

Only 5% of the organizations have completed the procedures on how
healthcare claims will be filed or paid and how benefits will be
coordinated. Eighty percent of the survey respondents applied for
extensions for these documents until October 2003. Originally, the
deadline was last month.

While 60% of CxO-level employees of the organizations are showing
"moderately to strong" support of HIPAA and say that budgets allocated
to HIPAA compliance and implementation will be higher next year than
in 2002, they cite cost concerns and a lack of industry best practices
for dragging their feet. And, while most organizations are focusing on
complying with the privacy and transactions requirements, security
measures - which would protect the confidentiality of patients - are
moving more slowly.

Phoenix Health Systems and the HIMSS surveyed its membership and
received 965 responses. Of those, 68% provided healthcare in hospital
or physician practices; 20% consisted of healthcare payers or
clearinghouses and 12% were vendors.

The study also showed that over 60% of the respondents are
implementing HIPAA requirements that were published over two years
ago, in May 2000.

Although more than 50% of the organizations have not yet completed a
needs analysis, 30% said they will complete them in the next three
months. In this group, which is made up of providers, hospitals,
doctors offices, payers and vendors, 59% of the hospitals have
completed assessments.
 
The survey shows that 25% of large hospitals with at least 400 beds
have allocated between $100,000 and $250,000 toward HIPAA compliance
next year. Twenty percent of large hospitals will spend between
$250,000 and $1 million, and 10% will spend more than $1 million.

Of the respondents, 78% said that preventing future privacy breaches
was their major priority, followed by 67% who identified the increased
patient confidence that implementing secure transactions would have.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.