Re: Walmart Health: Just had a great dental visit this morning, which was preceded by helpful reminders from Epic, and…
Readers Write: We Have a HIPAA Education Problem
We Have a HIPAA Education Problem
by Caleb Clarke
NueMD conducted a survey in October with Porter Research and The Daniel Brown Law Group on HIPAA compliance. We just released the results, and we feel we’ve identified a problem … an education problem.
Knowledge of Key Events and Policy Updates (or Lack Thereof)
To gain an understanding of general knowledge surrounding HIPAA, we asked respondents about their awareness of some recent key events and changes to policy:
- Only 32 percent of respondents were aware of OCR’s upcoming HIPAA audits.
- 64 percent were aware of the Omnibus updates that went into effect in 2013.
- 60 percent were aware that the Omnibus updates require providers to establish Business Associate Agreements with third-party vendors that access PHI.
These numbers speak to the lack of education around policy and regulation within our industry. With the second round of HIPAA audits set to start at any time, we hoped they would be a little higher.
A Communication Disconnect
When we asked about specific compliance measures within practices, we found evidence of a communication disconnect between management/owners and staff/providers. This shifted our focus to education taking place within practices.
One question that brought this to light was, “Has your business adopted a HIPAA compliance plan within the last year?” While the actual amount of people who said they have a plan is an issue (only 58 percent), the difference in responses was even more concerning – 68 percent of office managers said they have a plan, versus 43 percent of office staff.
When we asked if their practice has performed a HIPAA-required risk analysis, only 33 percent said “yes,” but again, different roles responded differently. Fourteen percent of owners and managers said they weren’t sure if they’ve conducted a risk analysis, versus 43 percent of office staff and non-owner providers.
A staff training program should alleviate these types of discrepancies. As managers, administrators, and officers institute policies and procedures, they need to convey this information to their entire staff. Unfortunately, only 62 percent of owners, managers, and administrators said their practices provides annual HIPAA training (and only 56 percent of office staff and non-owner providers reported having been trained within the last year).
Providers Have More to Worry About Than HIPAA
Providers only have so much time and money, and HIPAA’s not the only thing competing for their resources. With the transition to ICD-10 (delayed again, and maybe again?!), tight deadlines, rigid criteria to meet for Meaningful Use, and confusion surrounding the Affordable Care Act, it’s easy for HIPAA to take a backseat. However, those three hot- button issues are riddled by controversy, which doesn’t seem to be the case for HIPAA.
We will, without a doubt, encounter some sticky situations with HIPAA over the next few years – especially as new types of cases make their way to court, and data breaches become more common. If anything, though, that type of controversy should only reinforce the need to be compliant. Not many people will say that safeguarding protected health information is a bad thing. The challenge is implementing regulation in a way that allows providers to do their jobs.
Which brings us back to the crux of the issue – education. Providers need an easy way to learn how to be compliant while keeping all their other plates spinning.
So What’s The Solution?
It’s difficult to find great information on HIPAA compliance, but not impossible. To help bring some clarity to the situation, we compiled several HIPAA compliance resources along with our survey results. We searched the web to find some of the best articles and tools available, and created some others to help fill in the gaps. It’s a small way for us to help providers get on the right path. Our hope is that it can serve as a launch pad for reasonable, but robust, compliance programs.
Caleb Clarke is director of strategic development, sales, and marketing at NueMD.
Jennifer, Mr. H, Lorre, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis
More news: HIStalk, HIStalk Connect.
Get HIStalk Practice updates.
Contact us online.
Become a sponsor.