Even with HIPAA privacy and transaction deadlines looming, healthcare organizations still have a long way to go to meet the new requirements, a quarterly survey of compliance efforts says.
Three months before the April 14 compliance date, only 9% of providers indicated that they had completed HIPAA privacy remediation efforts through mid-January, though an additional 75% reported that they will be ready in time, according to a survey by Phoenix Health Systems of Montgomery Village, Md., and the Chicago-based Healthcare Information and Management Systems Society.
The two organizations released the findings Monday at the annual HIMSS national conference in San Diego.
However, only 5% of payers were ready for HIPAA privacy enforcement.
The results suggest that "on-time healthcare industry readiness for HIPAA compliance remains a serious concern," according to Phoenix Health Systems.
The healthcare consulting firm surveyed 666 healthcare organizations during the first half of January. Providers accounted for 70% of the respondents, about the same in as the previous quarterly poll, but small practices with 10 or fewer physicians now make up 17% of the respondents, up from 10% last fall.
The healthcare community is lagging even further behind on the transactions and code sets section of HIPAA, according to the survey. However, 90% of respondents say they applied for a one-year extension from the original transaction compliance deadline of Oct. 16, 2002.
CMS said last fall that only about 500,000 of the estimated 2 million covered entities had requested the extra time.
Still, a mere 6% of providers were done with remediation at the time of the survey, and only 37% more said they will be ready to begin testing their electronic data interchange processes by April 15, the date CMS says all healthcare organizations must start testing transactions.
The total of 43% is equal to the number of providers who do not expect to complete remediation for seven to 10 months.
Understanding the rules remains the biggest hurdle to transaction compliance, followed closely by concerns over integrating new policies and procedures into existing workflow.
The report quotes an unnamed payer as saying, "Nothing about HIPAA seems to be in black and white. No one seems to be able to provide clear answers or direction. We are relying on documentation and due diligence."
Two-thirds of respondents are involved in privacy training activities, while 78% have started implementing their transaction compliance plans.
Yet, half of the survey participants have begun security assessment even though HHS still has not issued the final HIPAA security rules; enforcement begins 26 months following publication, which ModernPhysician.com has reported could happen any day.