Many health data privacy and security problems could be avoided if health care providers and insurers knew the regulations that applied to them, according to an analysis by HHS contractor KPMG, Modern Healthcare reports.
KPMG conducted the analysis of audits that it performed on behalf of HHS’ Office of Civil Rights (Carlson, Modern Healthcare, 4/23).
Background
As part of a 2012 pilot program, OCR called for 115 random HIPAA privacy and security compliance audits of health care providers, payers and claims clearinghouses.
The pilot program aimed to help OCR prepare to establish a permanent audit program during fiscal year 2014 (iHealthBeat, 3/19).
Details of Analysis
According to the analysis, about one-third of the 980 problems identified during the 115 HIPAA audits happened because health care organizations were unaware of certain regulations that applied to them.
Out of the organizations that had documented problems:
The analysis also found that 47 of the 61 audited health care providers had not completed a full and accurate risk assessment to identify potential data problems.
Comments on Findings
OCR Senior Adviser Linda Sanches said it appeared that some organizations wrote their data privacy and security policies only after being targeted for an audit.
She noted that the health care entities with documented problems will not face penalties because the audits were conducted by contractor KPMG. However, Sanches added that OCR officials might review findings from the audits during future investigations.
According to Sanches, the analysis’ findings suggest that many health care providers could benefit from reviewing HITECH Act regulations that broaden HIPAA data privacy and security safeguards (Modern Healthcare, 4/23).
Source: iHealthBeat
Comments are closed.
Copyright 2015 - Pulse Practice Solutions | 615.425.2719