[ISN] HIPAA resistance continues

From: InfoSec News (isnat_private)
Date: Mon Nov 11 2002 - 01:50:39 PST

  • Next message: InfoSec News: "Re: [ISN] Cordless keyboard woes continue"

    By Deni Connor
    Network World Fusion, 11/08/02
    A survey by two organizations shows that less than 50% of affected
    healthcare systems have completed an assessment of the effect the
    Health Insurance Portability and Accountability Act (HIPAA) will have
    on their organizations.
    Phoenix Health Systems and the Healthcare Information and Management
    Systems Society (HIMSS), an organization that represents more than
    13,000 healthcare institutions, found that HIPAA compliance for
    organizations is being hampered by interpretation of the regulations
    and not enough time to file needs assessments and documents relating
    to privacy and remediation.
    Only 5% of the organizations have completed the procedures on how
    healthcare claims will be filed or paid and how benefits will be
    coordinated. Eighty percent of the survey respondents applied for
    extensions for these documents until October 2003. Originally, the
    deadline was last month.
    While 60% of CxO-level employees of the organizations are showing
    "moderately to strong" support of HIPAA and say that budgets allocated
    to HIPAA compliance and implementation will be higher next year than
    in 2002, they cite cost concerns and a lack of industry best practices
    for dragging their feet. And, while most organizations are focusing on
    complying with the privacy and transactions requirements, security
    measures - which would protect the confidentiality of patients - are
    moving more slowly.
    Phoenix Health Systems and the HIMSS surveyed its membership and
    received 965 responses. Of those, 68% provided healthcare in hospital
    or physician practices; 20% consisted of healthcare payers or
    clearinghouses and 12% were vendors.
    The study also showed that over 60% of the respondents are
    implementing HIPAA requirements that were published over two years
    ago, in May 2000.
    Although more than 50% of the organizations have not yet completed a
    needs analysis, 30% said they will complete them in the next three
    months. In this group, which is made up of providers, hospitals,
    doctors offices, payers and vendors, 59% of the hospitals have
    completed assessments.
    The survey shows that 25% of large hospitals with at least 400 beds
    have allocated between $100,000 and $250,000 toward HIPAA compliance
    next year. Twenty percent of large hospitals will spend between
    $250,000 and $1 million, and 10% will spend more than $1 million.
    Of the respondents, 78% said that preventing future privacy breaches
    was their major priority, followed by 67% who identified the increased
    patient confidence that implementing secure transactions would have.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Nov 11 2002 - 04:44:31 PST