The State of Compliance

As part of the Certified HIPAA Security Officer Bootcamp and the Certified HIPAA Security Business program, I have been spending quite a lot of time doing research. This research allowed to do an informal assessment of the state of compliance in the United States. Sad to say that what I found was depressing at best. Let me give you a taste of our findings:

  1. We found quite a number of experts with all kind of acronyms after their name but few I will recommend to conduct a basic assessment or training.
  2. Lots of Security Risk Assessments that are not worth the paper they were printed on.
  3. Quite a few managers who are drowning based on all the tasks they have to accomplish yet don’t have the knowledge, the time or the resources to get things done.
  4. Overall lack of knowledge as it relates to the tasks that need to be completed.
  5. Too many subcontractors who are not in compliance with the basic HIPAA Security requirements.
  6. Way too many policies and procedures that say nothing, but rearrange the words written in the regulation.
  7. Way too many patches that are not worth the time it takes to even look at them.

We could go on for a while yet there is no reason to do so as our point is to simply state that our overall state of compliance is declining at a time where the risks are increasing.  I have actually spent over twenty years researching, resolving problems and creating systems to assist with compliance issues yet I can admit freely that I do not know it all. I have also seen the number of settlements and fines increasing to a point that I’m certain we cannot afford to continue this trend.

On the other hand, there is good news. Most of us still have time to change this trend. It is not going to be easy nor is going to be fast, but it will certainly be worthwhile. Which brings me to my recommendations:

  1. Select a champion for your business/organization
  2. Give you champion the opportunity to learn. For example, attend conferences like the Healthcare Compliance and Innovation Conference where he/she can learn and network with other similar minds
  3. Create a team atmosphere within your organization
  4. Make your subcontractors accountable for their requirements and terminate the relationship if they don’t step up to the plate
  5. Keep it simple!!

Just plain and simple, our state of compliance is not good, but with the proper training and action plan we can change this trend.