US Healthcare Industry HIPAA Compliance Survey Results: Summer 2005

Summer 2005 marks our sixth consecutive year of tracking and reporting on the status of HIPAA compliance within the healthcare industry. The Summer 2005 Survey also marks a HIPAA milestone: for the first time, the three major HIPAA deadlines have all officially passed. With the Privacy Rule deadline occurring over two years ago (April 14, 2003), the Transactions and Code Sets (TCS) deadline 20 months old for those who received extensions (October 16, 2003), and the Security deadline well behind us (April 20, 2005), one might expect that yet another survey measuring HIPAA compliance is unnecessary.

True, some organizations that have long since implemented HIPAA requirements are now moving past the off-putting concept of "compliance" toward internally communicating a more palatable cultural recipe of "good" or "best" practices. These forward-thinking organizations are in the process of institutionalizing HIPAA principles, practices and desired outcomes, greater patient privacy, and secure nation-wide use of standard electronic healthcare transactions. On the other hand, as we will report here, surprisingly large percentages of covered organizations have yet to achieve many of the basics of HIPAA.

(Excerpt from report)