One of the problems that we seem to have as a society is that we pass legislation without people really comprehending how it will affect them. Now that the Health Information Technology for Economic and Clinical Health (HITECH) Act is now the law of the land, we're seeing this same phenomenon all over again.
A new survey (registration required) from the Healthcare Information and Management Systems Society (HIMSS) and ID Experts, which provides compliance management software, found that out of 176 senior IT executives from health care providers or companies that do business with health care providers, one-third said they were unaware that business partners of a health care organization now needed to comply with the privacy and security requirements outlined in the Healthcare Information Portability and Accountability Act (HIPAA).
That would also mean that most of these same people are unaware that 47 percent of the health care providers in the survey said they would terminate contracts with business partners for HITECH violations.
The good news is that two-thrids of the IT executive surveyed seemed to understand the implications of the HITECH Act. Like most pieces of legislation, the real bite of the HITECH Act won't be felt until organizations start undergoing audits. Of course, nothing brings on an audit faster than a breach. Half of the large hospitals that participated in the survey admitted to at least one data breach in the last year, and 60 percent of the hospitals in the survey said they expected data breaches to rise in the next year. The rest are either exceedingly optimistic or plan to define breaches very narrowly given the wording of the HITECH act.
The folks at ID Experts are hosting a webinar today to go over the implications of the survey. But one thing is clear. Just like HIPAA, it may take awhile for the effects of the HITECH Act to be fully felt. When they are, you can be sure it will be costly and painful unless you start taking steps to mitigate their impact on your business today.