Audits find organizations unaware of new data, privacy rules

Simply knowing all the rules could prevent many of the problems plaguing data security and privacy among healthcare providers and insurers. Nearly one-third of the 980 problems that HHS' Office for Civil Rights uncovered during privacy and data-security audits of 115 healthcare providers and insurers happened because the organizations were not aware of all of the requirements facing them, according to root-cause analyses performed by HHS contractor KPMG.

“You probably don't know what you don't know,” OCR Senior Adviser Linda Sanches told a crowd of healthcare lawyers and compliance officials Tuesday during the Health Care Compliance Association's annual Compliance Institute. Sanches said the findings show that many healthcare companies could benefit from re-reading the rules and regulations in the Health Information Technology for Economic and Clinical Health, or HITECH, Act that widen HIPAA privacy and data-security protections on patients' protected health information.