NueMD, who is a cloud-based medical billing service, administered a HIPAA compliance survey in 2014. In 2016, they issued a follow-up survey to measure the change in HIPAA compliance and awareness over time.
The 2016 NueMD survey received 927 total responses, 86% from medical practices and 6% from billing companies. The practice roles were broken down as follows: 50% patient care (MD, RN, etc.), 15% office mangers, 14% administrators, 8% biller, 6% office/IT staff, and 6% other.
Some of the goals from conducting the survey were to shed light on key parts of HIPAA compliance, compare perspectives of different roles in practices, and to provide educational resources to keep you informed and compliant.
The 2016 survey indicates that general knowledge of HIPAA has increased since 2014. NueMD determined this by measuring the respondents’ awareness of ongoing HIPAA audits and the 2013 Omnibus updates. Since 2014, the number of respondents aware of the ongoing HCC audits increased from 32% to 40%, while the number of respondents aware of the Omnibus updates increased from 64% to 69%.
Additionally, the number of respondents with a HIPAA compliance plan increased from 58% to 70%. The shift represents the largest positive change since 2014. While HIPAA awareness has increased, compliance measures decreased in three areas. The number of respondents who provide annual staff training surprisingly decreased from 62% to 58%. This could be attributed to on-and-off delays in auditing. The number of respondents who appointed a Security Officer decreased from 56% to 53%, and the number of respondents who appointed a Privacy Officer again slightly decreased from 56% to 54%.
The survey also measures the number of respondents who use electronic means of communication with their patients. Since 2014, email and social media usage increased by 1% and 2%, while text messaging has increased from 29% to 35%. On the other hand, respondents report low levels of confidence that their communications are HIPAA compliant. Since 2014, confidence levels regarding mobile and email have stayed stagnant. Confidence that text and social media are HIPAA compliant has increased by 1% and 3%, respectively.
Since 2014, the number of respondents who have cataloged their electronic devices containing Protected Health Information (PHI) has increased from 27% to 33%. The number of those who haven’t begun cataloging their devices has shrunk from 27% to 22%. Additionally, the number of respondents who are confident that their electronic devices are HIPAA compliant has increased from 31% to 37%.
The 2016 survey suggests that awareness of HIPAA regulations has increased. In 2014, 38% percent of respondents noted they are very confident their business is in compliance with HIPAA, which has increased to 40% in 2016. 19% had no confidence of HIPAA compliance in 2014, while the number of non-confidence has decreased to just 17% in 2016. Although more organizations have a HIPAA compliance plan, compliance measures have actually decreased, even though confidence levels have increased. As we roll into 2017, it will be interesting to see if the ongoing HIPAA audits impact these results.