Most not ready for HIPAA audits; data breaches abound

Even though the Office of Civil Rights has already started conducting Health Insurance Portability and Accountability Act (HIPAA) audits, most healthcare organizations are not prepared for a privacy and security compliance review, according to a November HCPro survey, reports HealthLeaders Media.

Of the more than 400 responding organizations, only 17 percent said they are fully prepared for a federal HIPAA audit, while 70 percent are "somewhat prepared" to be evaluated.

The audits are designed to yield best practices, as well as areas of risk for health information breaches, according to FierceHealthcare. However, such "unpreparedness" to demonstrate HIPAA compliance could signal health records are not properly secure or private.

Such was the case Friday for patients of Asheville (N.C.) Head, Neck & Ear Surgeons, as hundreds of old phone records fell off a truck onto a downtown street, reports the Citizen-Times. The sheets included patients' phone numbers, dates of birth, patient account numbers, medical complaints, and prescription drug information. A cleanup crew has since recovered all of the documents, according to the article.

Meanwhile, patients' debts at Contra Costa Health Service in California were exposed in an online report to the Board of Supervisors last year, Contra Costa County announced Friday.

The report didn't contain actual medical information but rather the names of patients who had received services from Contra Costa Health Services and the amount of debt owed. The breach was discovered last week, and the county already has notified affected residents, as well as removed the information from the report and the county's website.

For more information:
- read the HealthLeaders article about the survey
- read the Citizen Times article
- here's the Contra Costa County statement