HIPAA Security Rule Report:

A Report for Compliance, Risk, and IT Professionals

The goal of this report is to show the current state of HIPAA compliance to help you increase your level of compliance and security, as well as your HIPAA and security budgets.

What does this report include?

• Current HIPAA compliance trends
• HIPAA Security Rule compliance tips
• Guidelines to remedy major security issues
• A HIPAA security budget outline

We gathered responses from over 300 healthcare professionals across the nation, including CEOs, IT staff, compliance and risk officers, and office managers. They were asked over 40 questions ranging from overall HIPAA compliance status to specific elements of the HIPAA Security Rule.

A significant security disparity exists among healthcare executives and IT departments, outlined by this report. In a survey of c-suite, compliance and risk officers, and IT managers, a 10-20% gap was revealed between what executives believe is happening in regards to patient data security in the organization and the reality of HIPAA compliance.

A few key findings of the report include:

• 80% of respondents believe their organization is fully HIPAA compliant, while most surveyed were missing key elements of compliance with the HIPAA Security Rule.
• Only 63% of healthcare organizations encrypt PHI on work devices.
• Only 76% of risk and compliance officers believe their organization would pass an HHS OCR audit.
• A mere 60% of compliance and risk officers say the organization has created a HIPAA Risk Management Plan.

“The healthcare industry is significantly less secure than executives think,” said HIPAA Security Analyst Brand Barney. “But with more cyber attacks happening each day, it’s becoming critical for health organizations to be HIPAA compliant.”

This report gives guidelines to remedy security issues, such as proper encryption, investing in vulnerability scanners, and implementing security policies. The report even outlines a security budget for organizations of various sizes to use.

It is our hope that this report's results will help better protect health organizations from future compromise.