News Feature | September 28, 2015

HIPAA Compliance Survey: Your IT Clients' Thoughts

By Megan Williams, contributing writer

HIPAA Compliance Survey: Your IT Clients’ Thoughts

How do your current and potential clients feel about Health Insurance Portability and Accountability (HIPAA) compliance?

The answer to that question is essential to refining your sales process and understanding which solutions will be most important to the organizations you work with. Scrypt, a HIPAA-compliant document management and delivery company, has released a survey of healthcare providers’ attitudes on the subject.

Key Findings

  • The biggest concern in terms of HIPAA breach potential within healthcare organizations is around staff or human error.
  • Fewer than 20 percent of professionals in healthcare are confident that the 10-year nationwide interoperability goal (set by the Office of the National Coordinator for Health IT [ONC]) will be met.
  • A full 98 percent of respondents indicated that they have policies in place to keep staff informed about HIPAA compliance within their own practice
  • Despite the levels of recent data breaches, only 10 percent of respondents indicated that their HIPAA compliance policies had been affected as a result.

Questions

The questions included in the survey are as follows:

  • “How is your practice currently exchanging PHI [protected health information] outside of its EHR/EMR [electronic health records/electronic medical records system] or practice management software?”
  • “Have recently publicized breach cases affected your HIPAA compliance policies?”
  • “Who do you feel poses the greatest threat in terms of a HIPAA breach?”
  • “What is your practice doing to prevent HIPAA breaches?”
  • “How does your organization keep staff informed about changes in HIPAA compliance?”
  • “How confident are you that all providers, i.e., the industry as a whole, will meet this [the 10-year ONC] goal?”
  • “Do you think more money from HIPAA fines should be reinvested in improving patient data security?”

Results

The survey yielded multiple results that paint a mixed picture of the current healthcare landscape.

Too many organizations are relying on either manual fax or unencrypted email to exchange PHI — both practices that leave organizations open to malicious attack or theft of information. This represents opportunities to sell cloud fax solutions and other encryption and security options.

HIPAA compliance training is not happening enough. With only 10 percent of respondents indicating that their HIPAA policies have been affected by recent cyberattacks, the need for covered entities to invest in proper training and reviews of policies and procedures is great.  This likely ties into the result that “staff or human error” remains the biggest concern in terms of a potential breach.

It’s also worth nothing that one in five of the survey respondents indicated they are not using HIPAA-compliant software to protect patient data.

This survey is worth downloading and reviewing to look for alignment with your organizational goals, and even as a tool to give your existing clients insight into where they stand in relation to the rest of the industry.