As instances of compromised healthcare data continue to mount, the Department of Health and Human Services' Office for Civil Rights (OCR) will be required to respond more fervently to this HIPAA compliance issues.
Data breaches appear to be on the rise, according to a bi-annual survey cited by PC World last month. Security breaches have steadily climbed from 13 percent of respondents in 2008 to 19 percent in 2010 and 27 percent this year. Nearly all of these incidents can be traced back to lax behavior on the part of healthcare employees.
Healthcare organizations that maintain a culture of compliance on every level of their treatment, billing and other organizational processes are far less likely to run into a problem with HIPAA compliance than if they try to address these issues in a piecemeal fashion. If employees understand the importance of properly managing and protecting all data, safety will be enhanced.
"There are some specific areas where OCR has been wandering around the country and preaching the culture of compliance," healthcare compliance expert Chris Apgar told Healthcare IT News. "Those are the areas they're preaching, and the new head of the Office of Civil Rights even highlighted risk analysis in his testimony before Congress."
Healthcare facilities that use a healthcare IT consulting service to develop proper health IT use protocols are less likely to draw the ire of OCR and should be better equipped to provide high-quality care. A consultant may also provide a third-party opinion that can only enhance risk management strategies.
Authorities may even look more favorably upon an organization that commits a HIPAA violation if they have shown initiative in working with a third party to ensure compliance with government regulations.