NueMD (Atlanta, GA), a cloud-based medical billing service, administered a HIPAA Compliance Survey in 2014. In 2016, they issued a follow-up survey to measure the change in HIPAA compliance and awareness over time. The 2016 NueMD survey received 927 total responses, 86% from medical practices and 6% from billing companies. Of these respondents, 462 reported involvement with patient care, while 465 reported involvement with administrative duties. The survey measures knowledge of HIPAA regulations, compliance with HIPAA, and proper use of electronic devices.
The 2016 HIPAA compliance survey indicates that general knowledge of HIPAA regulations has increased since 2014. NueMD determined this by measuring the respondents’ awareness of ongoing HIPAA audits and the 2013 Omnibus updates. Since 2014, the number of respondents aware of the ongoing OCR audits increased from 32% to 40%, while the number of respondents aware of the Omnibus updates increased from 64% to 69%.
Furthermore, the number of respondents with a HIPAA compliance plan increased from 58% to 70%. This shift represents the largest positive change since 2014. Yet, while HIPAA awareness has increased, compliance measures have decreased in three areas:
- The number of respondents who provide HIPAA training decreased from 62% to 58%
- The number of respondents who employ a security officer decreased from 56% to 53%
- The number of respondents who employ a privacy officer decreased from 56% to 54%
With regard to business associate agreements (BAAs), both awareness and compliance have increased. The number of respondents who report awareness of BAA regulations has increased from 60% to 68%. Furthermore, the number of respondents who have reviewed and updated BAAs for compliance has increased from 45% to 48%.
The third section of the HIPAA compliance survey measures awareness of and compliance with regulations related to electronic devices. Since 2014, the number of respondents who have cataloged their electronic devices containing protected health information (PHI) has increased from 27% to 33%. The number of those who haven’t begun cataloging their devices has shrunk from 27% to 22%. Additionally, the number of respondents who are confident that their electronic devices are HIPAA compliant has increased from 31% to 37%.
The HIPAA compliance survey also measures the number of respondents who use electronic means of communication with their patients. Since 2014, email and social media usage increased by 1% and 2%, while text messaging has increased from 29% to 35%. On the other hand, respondents report low levels of confidence that their communications are HIPAA compliant. Since 2014, confidence levels regarding mobile and email have stayed stagnant. Confidence that text and social media are HIPAA compliant has increased by 1% and 3%, respectively.
In summary, the 2016 HIPAA compliance survey suggests that awareness of regulations has increased. However, this increase in awareness did not result in increased compliance measures. Overall, more organizations have a HIPAA compliance plan, but compliance measures have actually decreased.
Find out how Compliancy Group can make you confident in your compliance today!
