HIPAA Survey Shows Small Medical Practices, Billing Companies Not Ready for Audits

Thanks to Travis McKnight for today’s post! Travis is a journalist who discusses medicine, science and technology. Follow him on Twitter @Khellendos.

A health care study reports that a significant portion of surveyed small medical practices and medical billing companies are not compliant with the Health Insurance Portability and Accountability Act’s updated Omnibus privacy and security regulations, compliance measures, and communication methods.

HIPAA survey

The HIPAA study, which was conducted by Porter Research, NueMD and the Daniel Brown Law Group, gathered responses from more than 1,100 medical practices and billing companies throughout the country. Researchers interviewed providers, administrators, and medical office staff, 36 percent of whom didn’t even know about HIPAA’s updated rules. Of those respondents who did know of the new rulings, only 58 percent said they have a HIPPA compliance plan — a task required by HIPPA policy.

The 2013 HIPAA updates, which are affected by the Health Information Technology for Economic and Clinical Health Act, increased penalties for privacy and security violations up to $1.5 million per year, forced business associates of HIPAA covered entities to abide by certain HIPAA policies, and established new rules for notifying patients and the public of security breaches.

Additionally, the survey team noticed a trend suggesting billing companies may be doing better with compliance compared to medical practices, and that there is a consistent information gap between management and staff when handling HIPAA compliance measures.

HIPAA Survey Results Overview

The survey of more than 1,100 healthcare professionals revealed several areas of concern, including:

  • 66 percent of respondents were unaware of HIPAA audits prior to this survey bringing it to their attention.
  • 35 percent of respondents have conducted a HIPAA-required risk analysis.
  • 34 percent of owners, managers, and administrators felt “very confident” their electronic devices containing personal health information (PHI) were HIPAA compliant.
  • 24 percent of owners, managers, and administrators in small practices have evaluated all of their Business Associate Agreements.
  • 56 percent of office staff and non-owner care providers in small practices have received HIPAA training in the last year.
  • 62 percent of owners, managers, and administrators said their business provided annual HIPAA training; of those, only 65 percent said they have proof.