Industry has far to go on latest HIPAA regs: report

In what sounds like a broken record, the healthcare industry is far behind in efforts to comply with the next set of requirements of the Health Insurance Portability and Accountability Act of 1996, according to a study by URAC, a Washington-based agency that operates healthcare accreditation and certification programs. Healthcare organizations have until April 21, 2005, to provide a HIPAA-standard level of security for the personal health information they collect, use and share both internally and with outside organizations. Based on consultations with more than 300 providers, payers and other healthcare-related organizations, URAC determined that most are not compliant with the security regulations and "still have a long way to go" to meet "baseline regulatory and business requirements," the group said in a 28-page report. Obtain the report at URAC's Web site, www.urac.org. Read a Modern Healthcare exclusive on the HIPAA headache. -- by John Morrissey