NueMD is a cloud-based medical billing service that administered a HIPAA compliance survey in 2014. The survey intended to gauge knowledge of regulations and compliance measures. In 2016, they issued a follow-up survey to evaluate the change in HIPAA compliance and awareness over time. The 2016 NueMD survey received 927 total responses, 86% from medical practices and 6% from billing companies. Of these respondents, 462 reported involvement with patient care, while 465 reported involvement with administrative duties.

This is a guest post written by Jeremy Alderman, on behalf of NueMD.

Without having a plan, it’s impossible to be compliant with HIPAA. Only 58 percent of respondents claimed they had a compliance plan in 2014, a number that has increased to 70 percent in 2016. According to NueMD, this shift represents the largest positive change since 2014. What makes for a good compliance plan? Providing annual staff training, and appointing both a HIPAA Security Officer and a Privacy Officer. Compliance measures decreased in three areas; the number of respondents who provide HIPAA training decreased from 62% to 58%, the number of respondents who employ a Security Officer decreased from 56% to 53%, and the number of respondents who employ a privacy Officer decreased from 56% to 54%.

The 2016 survey indicates that general knowledge of HIPAA regulations has increased since 2014. NueMD determined this by measuring the respondents’ awareness of ongoing HIPPA audits and the 2013 Omnibus updates. The number of respondents aware of the Omnibus updates increased from 64% to 69% in 2016. Since 2014, the number of respondents aware of the ongoing HIPAA audits increased from 32% to 40%. Though this is a significant growth in audit awareness, there are still plenty of people in the industry who have yet to gain this awareness.

With regard to Business Associate Agreements (BAAs), both awareness and compliance have increased. The number of respondents who report awareness of BAA regulations has increased from 60% to 68%. Furthermore, the number of respondents who have reviewed and updated BAAs for compliance has increased from 45% to 48%.The survey reports awareness and compliance with electronic device communication regulations. The number of respondents who have cataloged their electronic devices containing Protected Health Information (PHI) has increased from 27% to 33% over the three-year study. The number of those who haven’t begun cataloging their devices has shrunk from 27% to 22%. Additionally, the number of respondents who are confident that their electronic devices are HIPAA compliant has increased from 31% to 37%.

The survey reports awareness and compliance with electronic device communication regulations. The number of respondents who have cataloged their electronic devices containing Protected Health Information (PHI) has increased from 27% to 33% over the three-year study. The number of those who haven’t begun cataloging their devices has shrunk from 27% to 22%. Additionally, the number of respondents who are confident that their electronic devices are HIPAA compliant has increased from 31% to 37%.

Patient communication is imperative for successful compliance measures. The survey measures the number of respondents who use electronic devices to communicate with their patients. Since 2014, email and social media usage have slightly increased, while text messaging has increased from 29% to 35%. Respondents report low levels of confidence that their communications are HIPAA compliant. Since 2014, confidence levels regarding mobile and email have stayed stagnant. Confidence that text and social media are HIPAA compliant has increased by 1% and 3%, respectively. The 2016 survey suggests that overall awareness of HIPAA regulations has increased, along with

The 2016 survey suggests that overall awareness of HIPAA regulations has increased, along with the confidence of compliance. Though organizations are more confident than they are compliant, interestingly enough, compliance measures have decreased, as seen with staff training and the appointment of HIPAA officials. As the HIPAA audits continue throughout 2017, it will be interesting to see how compliance plans and measurements are affected.