The Sept. 23 HIPAA Omnibus Rule deadline is closing in, but Coalfire’s “The Final Omnibus Rule – Awareness and Compliance among Healthcare Business Associates” report was released today and some organizations may not be as prepared as they hoped. Coalfire, an IT governance, risk and compliance consultant, produced results that may have been relatively expected, but there were still some HIPAA compliance trends worth noting. Here were some numbers from the report:
- Only 40 percent of respondents were aware of their responsibilities as a business associate (BA) under the omnibus Rule, as 28 percent were somewhat aware and another 32 percent were unaware.
- 64 percent have assessed their HIPAA omnibus compliance, while 28 percent were unsure and 16 percent hadn’t performed an assessment.
- A mere 44 percent believe their organization is HIPAA omnibus compliant, another 24 percent are unsure and 32 percent are partially compliant.
Andrew Hicks, Coalfire’s National Healthcare Practice Lead and author of the report, spoke with HealthITSecurity.com about Coalfire’s findings and how his organization works with covered entities, BAs and subcontractors in becoming HIPAA compliant. Hicks believes that just like when the HIPAA Privacy and Security rules first came out in 1996 and there was a very slow migration toward being HIPAA compliant, omnibus compliance will take some time. “We’re going to see a lot of business associates (BAs) and subcontractors that are on the fence on whether they actually need to comply with HIPAA,” Hicks said. “I think it will take some time and significant penalties to really increase awareness and get every on board compliance-wise.” Health IT Security , Sep 10, 2013