The challenges associated with Health Information Portability and Accountability Act compliance: A quantitative analysis of Maryland acute care facilities

According to Stein (2006), there have been over 19,000 complaints of HIPAA violations reported and investigated since 2004 which represents approximately 2 complaints per U.S. hospital per year. Of those complaints, over 300 have been sent to the Justice Department for criminal prosecution. Only 56% of providers have achieved HIPAA security standards compliance in 2006 according to Phoenix Health Systems national survey data. Given the severity of criminal and civil penalties associated HIPAA non-compliance, Maryland has appointed the Maryland Health Care Commission (MHCC) which has developed HIPAA Security Standards: A Guide to Security Readiness to promote the compliance with HIPAA security standards among Maryland's health care providers (MHCC, 2006). The purpose of this study is to examine various challenges associated with HIPAA compliance among Maryland acute care hospitals as rated by IT/HIPAA directors as measured by the HIPAA Compliance Challenge Survey (HCCS). The degree of challenge reported among the various survey questions will be associated with selected demographic variables of interest. Based on the results of these reported challenges, more effective and efficient resource utilization recommendations can be made to security practitioners and HIPAA compliance/consultant specialists.