An audit of Atlanta's Piedmont Hospital that was initiated by the U.S. Department of Health and Human Services in March is raising concerns in the health care industry about the prospect of more enforcement actions related to the data security requirements of the federal HIPAA legislation.
The audit was the first of its kind since the Health Insurance Portability and Accountability Act's security rules went into effect in April 2005, joining data privacy mandates that were already in place. The security rules require organizations that handle electronic health data to implement measures for controlling access to confidential medical information and protecting it against compromise and misuse.
If your management has been slacking on compliance, it is time to read them this article from Computer World. Enforcement is the new black; the free ride is over. I absolutely agree with Barry Runyon:
The mere fact that an audit of HIPAA security compliance was conducted for the first time has many in the health care industry preparing for more enforcement actions, according to Barry Runyon, an analyst at Gartner Inc. "I don't think Piedmont was an anomaly," he said. "My sense is that there is going to be more feet on the street from HHS going on unannounced audits."
Good grief, we in this industry have had plenty of time to get our acts together, and most of the provisions are nothing more than best practices anyway.
Please, please, please do not be the next hospital, clinic, or other covered entity that I write about here. Get compliant!