Surveys find fewer than 20% ready for April 20 HIPAA deadline

Article

Fewer than one-fifth of healthcare organizations will meet the April 20 Health Insurance Portability and Accountability Act data security rules compliance deadline, according to two industry association surveys.

Fewer than one-fifth of healthcare organizations will meet the April 20 Health Insurance Portability and Accountability Act data security rules compliance deadline, according to two industry association surveys.

The Healthcare Information and Management Systems Society reported April 7 that just 18% of 400 providers, as well as 30% of insurers, will be compliant by the deadline.

The number of organizations that expect to be fully compliant by April 20 has actually declined over the past six months, according to HIMSS. Only 74% of providers and 80% of payers indicated that they will be compliant on or before the deadline. This compares with 87% and 91%, respectively, in a June 2004 survey.

The second survey, released by the American Health Information Management Association (AHIMA) April 11, found that only 18% of 1140 privacy, security, and compliance officers surveyed were fully compliant with the HIPAA security rules. The AHIMA survey also showed that 43% of survey respondents were 85% to 95% compliant, 25% were halfway compliant, and 12% of respondents said they were less than halfway compliant.

"I'm concerned that compliance numbers aren't higher, as the security rule is basically a technical issue, and the bar wasn't set that high," said Joyce Sensmeier, HIMSS director of informatics.

Sensmeier says we're seeing HIPAA fatigue.

"This is the third in a series [of deadlines], and many personnel and financial resources have had to go into the compliance effort," she said.

Another issue is lack of adequate guidance.

"The Centers for Medicare and Medicaid Services has issued some FAQs and guidance documents recently, but it may have been too little too late," she said.

Another concern is enforcement and how CMS will monitor compliance.

"Penalties for noncompliance can cost up to $25,000 per violation, but the fine will be enforced only if a complaint is filed against a healthcare organization, which has generated a lackadaisical attitude among some companies," Sensmeier said.

Under HIPAA scurity rules, any healthcare entity that handles electronic health data must implement fully auditable steps for monitoring access to private information and protect it from abuse.

Newsletter

Stay at the forefront of radiology with the Diagnostic Imaging newsletter, delivering the latest news, clinical insights, and imaging advancements for today’s radiologists.

Recent Videos
SNMMI: Emerging PET Insights on Neuroinflammation with Progressive Apraxia of Speech (PAOS) and Parkinson-Plus Syndrome
Improving Access to Nuclear Imaging: An Interview with SNMMI President Jean-Luc C. Urbain, MD, PhD
SNMMI: 18F-Piflufolastat PSMA PET/CT Offers High PPV for Local PCa Recurrence Regardless of PSA Level
SNMMI: NIH Researcher Discusses Potential of 18F-Fluciclovine for Multiple Myeloma Detection
SNMMI: What Tau PET Findings May Reveal About Modifiable Factors for Alzheimer’s Disease
Emerging Insights on the Use of FES PET for Women with Lobular Breast Cancer
Can Generative AI Reinvent Radiology Reporting?: An Interview with Samir Abboud, MD
Mammography Study Reveals Over Sixfold Higher Risk of Advanced Cancer Presentation with Symptom-Detected Cancers
Combining Advances in Computed Tomography Angiography with AI to Enhance Preventive Care
Study: MRI-Based AI Enhances Detection of Seminal Vesicle Invasion in Prostate Cancer
Related Content
© 2025 MJH Life Sciences

All rights reserved.