Site moved to, redirecting in 1 second...

« The empire strikes back . . . | Main | Great leap forward? »

May 09, 2007

HIPAA confusion and solutions

The current AIS Health Report on Patient Privacy tells us: National Review of HIPAA Compliance Finds Rampant Confusion, MistakesHere's the lead:

Four years after the privacy rule went into effect, hospitals and other covered entities (CEs) are struggling with basic concepts that underlie compliance, such as what the "minimum necessary" standard means. Mistrust among CEs is rampant, and many have implemented business practices in the name of privacy and security that have no basis in law.

That's one of the take-home messages from a two-year, $11.5 million study of privacy and security compliance funded by the Agency for Healthcare Research and Quality (AHRQ) under HHS.

The AHRQ contractor reports further on the study here.

Confusion and misinterpretation of HIPAA requirements seems to be related to the flexibility built into the rules, and providers' difficulty in integrating overlapping state and federal requirements.  There are some recommendations for future improvements in the report, including development of form documents (including business associate agreements), and safe harbors for compliance.  It is unclear when, if ever, these improvements may be implemented.

This report makes clear that a wide variety of CEs could benefit from a HIPAA compliance audit.  This is a service provided by The Harlow Group LLC and its associated consultants with expertise in legal, health care operations and IT aspects of HIPAA compliance.  Please contact me should you have a need in this area.

-- David Harlow


TrackBack URL for this entry:

Listed below are links to weblogs that reference HIPAA confusion and solutions:

» HIPAA compliance = privacy protected? from Trusted.MD Network
A year ago, AHRQ found rampant confusion and mistakes among covered entities trying to comply with HIPAA. This month, HIMMS Analytics released a survey of nearly 300 health care IT and data security professionals indicating that a focus on HIPAA... [Read More]


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.