New York State Hospital readiness to implement certain patient privacy provisions of the Health Insurance Portability and Accountability Act

This study examined New York State Hospital Readiness to Implement the Standards for Privacy of Individually-Identifiable Health Information; Final Rule of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, P, L. 104-191. The final rules took effect on April 14, 2001. Covered entities had two years to implement the rules, (Small entities were given three years to implement the rules). The final rules required appointment of a privacy officer in each covered entity as well as training of all staff members who worked with such information. Policies and procedures were to be revised and audit mechanisms were to be established. In addition, sanctions were to be established for policy violations.; The research looked at the hospital as one example of a covered entity. The diamond model developed by Vaughn Merlyn was used to evaluate hospital readiness, The model encompassed five dimensions of an information program, They included: culture, mission, power, structure and resources.; A survey questionnaire was sent to Directors of Health Information/Medical Record Departments of all New York State hospitals in November 2001. Analysis of the survey resulted in descriptive statistics. These statistics and related graphs were developed for the entire group and were broken down by culture: control-type category, service category, bed-size category and geographic region, When compared against the Diamond Model, it was found that many of the hospitals were not ready for HIPAA. The research resulted in a proposed model for HIPAA implementation.