By Katie Wike, contributing writer
Compliance with the modified HIPAA Omnibus Rule is still proving a horrendous task for providers
Health IT Outcomes reported on a notice released in the Federal Register by HHS’ Office for Civil Rights breaking down how long providers will spend complying with HIPAA security and privacy rules, writing, “It is estimated that the amount of time needed for the U.S. healthcare industry to comply with HIPAA privacy and security rules is 32.8 million hours.” Those 32.8 million are the equivalent of almost 3,800 years.
HHS Secretary Kathleen Sebelius said in January, "Much has changed in healthcare since HIPAA was enacted over 15 years ago. The new rule will help protect patient privacy and safeguard patients' health information in an ever expanding digital age."
Todd Richardson, vice president and CIO of Aspirus, Inc., told Fierce Health IT that providers already have enough trouble trying to comply with HIPAA while at the same time meet HITECH requirements. “On one hand we have 'protect, protect, protect' and on the other hand we have 'share, share, share.’ While the balance is 'protect and share,' the devil is always in the details. The reality is that all of the information is not under the tight control of the covered entity.
"I find a little bit of irony in the reality of today's new paradigm, where we have so many people posting so much personal information on Facebook and tweeting about their every move and their latest lab result, yet the government is pushing privacy requirements further," Richardson said.
The Federal Register’s report breaks down the estimated times as follows:
Much of this work will have to be repeated annually.