Audits of HIPAA Covered Entities Find Security Compliance Most Challenging

Only 11% of the 115 healthcare providers and health plans audited for compliance with the Health Insurance Portability and Accountability Act’s (HIPAA) privacy and security rules were found in compliance, according to findings presented at the April 23, 2013, Health Care Compliance Association’s compliance institute in National Harbor, Maryland. Security issues accounted for 60% of the negative findings and observations identified by the audit, followed by privacy (30%), and breach notification (10%), said Linda Sanches, senior health information privacy specialist at the Department of Health and Human Services’ Office for Civil Rights (OCR), which oversaw the audit. According to Sanches’s presentation, the audit found that two-thirds of covered entities did not have a completed and accurate risk assessment of potential risks and vulnerabilities of their information technology (IT) security management processes.