Blog | Protenus

New Survey: 70% had HIPAA Compliance Plans in 2016

NueMD, a cloud-based medical billing service, administered a HIPAA compliance survey in 2014. The survey intended to gauge knowledge of regulations, steps taken toward compliance, and the use of electronic devices as a means of communication. In 2016, they issued a follow-up survey to measure the change in HIPAA compliance and awareness over time. This guest blog post is from Jeremy Alderman at NueMD

The 2016 NueMD survey received 927 total responses, 86% from medical practices and 6% from billing companies. Of these respondents, 462 reported involvement with patient care, while 465 reported involvement with administrative duties.

Stay up to date on the latest information affecting healthcare compliance and health data security by subscribing to our blog.

2016 Survey Findings

The 2016 survey indicates that general knowledge of HIPAA regulations has increased since 2014. NueMD determined this by measuring the respondents’ awareness of ongoing HIPPA audits and the 2013 Omnibus updates. The number of respondents aware of the Omnibus updates increased from 64% to 69% in 2016. Since 2014, the number of respondents aware of the ongoing HIPAA audits increased from 32% to 40%. Though this is a significant growth in audit awareness, there are still plenty of people in the industry who have yet to gain this critical level of awareness.

Without a plan, it’s impossible to be compliant with HIPAA. Only 58 percent of respondents claimed they had a compliance plan in 2014, a number that has risen to 70% in 2016. According to NueMD, this shift represents the largest positive change since 2014. What makes for a good compliance plan? Providing routine staff training, and appointing both a HIPAA Security Officer and a Privacy Officer. Compliance measures decreased in these three areas:

  1. Respondents who provide HIPAA training decreased from 62% to 58%
  2. Respondents who employ a Security Officer decreased from 56% to 53%
  3. Respondents who employ a privacy Officer decreased from 56% to 54%

68% of respondents are aware of BAA regulations

With regard to Business Associate Agreements (BAAs), both awareness and compliance have increased. The number of respondents who report awareness of BAA regulations has increased from 60% to 68%. Furthermore, the number of respondents who have reviewed and updated BAAs for compliance has increased from 45% to 48%.  

A recent BA/third party report found that third party breaches affected 4.5 million patient records between January and August of 2016.  This information in addition to the NueMD survey emphasizes the need for healthcare organizations to better understand the complex nature of these agreements and determine how they can best mitigate their risk of a breach and maintain compliance.

Only 37% of respondents are confident their electronic devices are compliant

The survey reports awareness and compliance with electronic device communication regulations. The number of respondents who have cataloged their electronic devices containing Protected Health Information (PHI) has increased from 27% to 33% over the three-year study. The number of those who haven’t begun cataloging their devices has shrunk from 27% to 22%. Additionally, the number of respondents who are confident that their electronic devices are HIPAA compliant has increased from 31% to 37%.

Patient communication is imperative for successful compliance measures. The survey measures the number of respondents who use electronic devices to communicate with their patients. Since 2014, email and social media usage have slightly increased, while text messaging has increased from 29% to 35%. Respondents report low levels of confidence that their communications are HIPAA compliant. Since 2014, confidence levels regarding mobile and email have stayed stagnant. Confidence that text and social media are HIPAA compliant has increased by 1% and 3%, respectively.

The 2016 survey suggests that overall awareness of HIPAA regulations has increased, along with confidence of compliance. Though organizations are more confident they are compliant, interestingly enough, compliance measures have decreased, such as with staff training and appointment of HIPAA officials. As the HIPAA audits continue throughout 2017, it will be interesting to see how compliance plans and measurements are affected.

Subscribe to our blog to receive the latest information about healthcare compliance and health data security.


Subscribe by email