HIPAA imposed several requirements to ensure the confidentiality of patients’ health information, and it raised several questions in the benefits industry. You can find answers to your questions in HIPAA Privacy and Security, the 11th book in the International Foundation’s Survey & Sample Series. The survey, produced by Foundation staff in the Information Center and Research Department, reflects responses from 188 U.S. multiemployer salaried administrators, public employers, corporate benefit managers and professional service providers (attorneys, consultants, thirdparty administrators, etc.) along with 114 sample HIPAA privacy and security policies, procedures, notices, forms and job descriptions.
Following are highlights from the survey.
Sixty-one percent of respondents have the same person serve as their privacy official and security official, rather than have two individuals appointed. This was the more common approach for all sectors. Thirty-nine percent of respondents state their privacy and security official positions are separate. Organizations draw upon a variety of staffing areas to appoint their privacy officials, but in all sectors except the multiemployer sector, information technology (IT) staffers most often serve as security officials.
More than half of respondents (56%) have established a privacy and/or security committee. Various areas of the organization are represented on this committee. About two-thirds of respondents indicate that human resources (HR) and benefits (68%) and/or IT (64%) are represented on their committee. Almost half (47%) state that legal counsel is represented on their committee. Thirty-eight percent have asked business operations or office management to be a part of their committee.
Most respondents (67%) provide HIPAA training to their employees in-house, using the privacy/security committee or official or training department. Thirty percent of all respondents use a combination of in-house and outside training while 3% use outside training only.
Most respondents (81%) use in-house face-to-face instruction. Of these, 53% use handbooks and manuals; 25% use newsletters and bulletins; and 20% use outside seminars or conferences.
Corporate benefit managers comprise 34% of respondents, multiemployer plan salaried administrators comprise 30%, professional service providers comprise 21% and public employers comprise 15%.[order full report]