Are healthcare organizations lagging on HIPAA?

Jun 1, 2004 12:00 PM

Four key stumbling blocks are hampering the ability of organizations to satisfactorily meet the demands of the HIPAA Security Rule — which must be implemented by next year — and a new report from URAC finds many healthcare organizations remain noncompliant.

“Many healthcare organizations still have a long way to go to implement a health information security program that meets baseline regulatory and business requirements,” says Garry Carneal, URAC president and CEO. “The report highlights key challenges confronting covered entities and other organizations as they upgrade their security programs.”

URAC's report identifies the following as barriers to compliance: Incomplete or inappropriately scoped risk analysis efforts; limited or faulty information system activity review; inconsistent and poorly executed risk management strategies; and ineffective security incident reporting and response.

The report recommends that HIPAA compliance should not be seen as a costly regulatory burden, but as a way to appropriately manage ongoing security risks in a way that reduces overall business risk and costs, and improves quality. It adds that healthcare organizations need to start preparing now, one year ahead of the Security Rule deadline, to achieve full compliance.

Originally, URAC was incorporated under the name “Utilization Review Accreditation Commission,” but that name was shortened to the acronym URAC in 1996 when it began accrediting other types of organizations such as health plans and preferred provider organizations.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue