The requirements laid out by HIPAA are notorious for lacking teeth or oversight, and many smaller healthcare organizations take advantage of this with lackluster compliance efforts. Magrath says that from a government enforcement perspective this won't likely change soon.
"The only way I see something coming down the pike, is if there are a bunch of high profile breaches that force legislators to do something," he says. "In the absence of that, I don't see anybody forcing hospitals to pay fines."
However, Walsh says that the healthcare sector may turn to self-policing as the most influential healthcare organizations recognize the importance of HIPAA mandates. For example, he believes that this may be the year that the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) ties more HIPAA compliance requirements in with its accreditation process.
"Accreditation may be held up when the hospital doesn't comply," says Walsh. "They have been threatening this for some time, but maybe 2007 is the year they get serious about this."
Wednesday, December 20, 2006
Is this how we are finally going to be forced to compliance?