Many Healthcare Organizations Remain Noncompliant With HIPAA Security Rule, New URAC Report Shows

WASHINGTON -- In recognition of the HIPAA Security

Rule pre-anniversary deadline on April 21, 2004, URAC has released a case study

report examining the state of preparedness in the healthcare industry in

complying with the Security Rule. The report identifies four key stumbling

blocks that hamper the ability of organizations to satisfactorily meet the

demands of the Rule, and finds many healt care organizations remain

noncompliant.

URAC's report identifies the following as barriers to compliance:

* Incomplete or inappropriately scoped risk analysis efforts. For

example, does the healthcare organization understand whether or not

patient data is at risk of compromise on their systems?

* Inconsistent and poorly executed risk management strategies. For

example, does the healthcare organization actively address the

technical issues and employee practices that affect security?

* Limited or faulty information system activity review. For example, does

the healthcare organization actively collect data on how its systems

and employees are performing?

* Ineffective security incident reporting and response. For example, does

the healthcare organization even detect when patient data has been

compromised (e.g., stolen by an unauthorized person) and how do they

deal with that compromise?

Bill Braithwaite, former senior advisor on Health Information Policy in

the Office of the Secretary of HHS said, "This report is a must-read for

healthcare professionals from all walks of life. It provides practical

insights on what hurdles must be overcome to successfully implement the HIPAA

security requirements and other important security practices that should be

part of any risk management strategy."

"Many healthcare organizations still have a long way to go to implement a

health information security program that meets baseline regulatory and

business requirements," said Garry Carneal, URAC president and CEO. "The

report highlights key challenges confronting covered entities and other

organizations as they upgrade their security programs in anticipation of next

year's security deadline, and offers recommendations on what healthcare

organizations can do to address these challenges."

Specific recommendations include:

* HIPAA compliance should not be seen as a costly regulatory burden, but

as a way to appropriately manage ongoing security risks in a way that

reduces overall business risk, reduce costs, and improves quality.

* Healthcare organizations need to start preparing now, one year ahead of

the Security Rule deadline, to achieve full compliance.

Carneal added, "Our experience working with hundreds of different

organizations that are considering, are in process, or have already applied to

become accredited under URAC's various security standards gives us a unique

and comprehensive vantage point to make these observations."

URAC offers a number of resources to aid healthcare organizations with

their HIPAA compliance efforts including HIPAA Privacy and Security

Accreditation programs, a Security Audit service, publications, educational

conferences and workshops. The authors of the case study report will detail

the findings and analysis in an audio conference scheduled for May 24, 2004.

To register, visit http://www.urac.org.

URAC, an independent, nonprofit organization, is a leader in

promoting healthcare quality through its accreditation and certification

programs. URAC offers a wide range of quality benchmarking programs and

services that keep pace with the rapid changes in the health care system, and

provide a symbol of excellence for organizations to validate their commitment

to quality and accountability. Through its broad-based governance structure

and an inclusive standards development process, URAC ensures that all

stakeholders are represented in establishing meaningful quality measures for

the entire healthcare industry.

Source: URAC

Share this article: Email, Slashdot, Digg, Del.icio.us, Yahoo!MyWeb, Windows Live Favorites, Furl
Add this article feed to: RSS, My Yahoo, Newsgator, Bloglines