I was reviewing the results of a HIPAA Compliance survey performed by the folks over at hipaadvisory.com (Phoenix Health Systems) and noticed a number of interesting things. First, almost three years after the HIPAA Privacy Compliance deadline, only about 80% of providers are HIPAA compliant. That means 20% of providers are three years overdue on Privacy compliance. The surveyors concluded that this 20% has been stable for a while and represents a core group that will simply refuse to comply. They seemed to see that as a negative, but 80% compliance, while not perfect, is pretty good.
Also, a year after the Security rule deadline, only 55% of providers generally have managed to come into compliance with the security rule. Of particular interest is that fact that as a group, the most non-compliant providers are hospitals with more than 100 beds. More than 50% of these large hospitals are still not in compliance with the Security rule. If you are not Security rule compliant, you are not alone. However, do not let that become an excuse for non-compliance. CMS is not more likely to accept “well everyone else was doing it” as an excuse than your parents were.
Providers who were not in compliance were asked what standards they had implemented. The standards that were implemented least often were contingency planning and emergency access. I found this answer rather surprising, given recent history. After all of the coverage of what hurricane Katrina did to New Orleans and other more recent examples of tornadoes and other severe weather in the Midwest, it is hard to fathom that providers are not addressing contingency planning.
For home care providers who think disasters can’t happen to them, I offer the recent tornadoes in the Midwest. Downtown Indianapolis has had a major office building closed for two weeks now, because of storm damage. This has displaced a number of law firms and other companies. Not to mention the damage to Iowa City and in Tennessee and Kentucky. It doesn’t take a hurricane to trigger contingency plans, a sever spring storm or a winter blizzard can leave you unable to reach your office, or worse, your clients.
When a disaster happens is not the time for contingency planning. When you hear the weatherman saying a severe thunderstorm, blizzard (insert other weather phenomenon here) is coming, you should already know what you will do if the storm leaves you without an office, power (insert other contingency here.)
Permalink
