Book contents
- The Cambridge Handbook of Compliance
- The Cambridge Handbook of Compliance
- Copyright page
- Contents
- Figures
- Tables
- Contributors
- 1 Introduction: Compliance as the Interaction between Rules and Behavior
- Part I Compliance Concepts and Approaches
- Part II Deterrence and Incapacitation
- Part III Incentives
- Part IV Legitimacy and Social Norms
- Part V Capacity and Opportunity
- Part VI Compliance and Cognition
- Part VII Management and Organizational Processes
- Part VIII Measuring and Evaluating Compliance
- Part IX Analysis of Particular Fields
- 55 Strengthening Tax Compliance by Balancing Authorities’ Power and Trustworthiness
- 56 Compliance in Occupational Safety and Health
- 57 Intellectual Property Compliance: Systematic Methods for Building and Using Intellectual Property
- 58 Insider Trading Compliance Programs
- 59 Antitrust Compliance: Collusion
- 60 Understanding AI Collusion and Compliance
- 61 HIPAA Compliance
- 62 Biopharmaceutical Compliance
- 63 Transnational Anti-Bribery Law
- 64 Data Security, Data Breaches, and Compliance
- 65 Doping in Sports: A Compliance Conundrum
- 66 Food Safety Compliance
- 67 Global Supply Chain Auditing
- 68 Corporations, Human Rights and Compliance
- 69 Aiming for Integrity with Integrity
- References
61 - HIPAA Compliance
from Part IX - Analysis of Particular Fields
Published online by Cambridge University Press: 07 May 2021
Book contents
- The Cambridge Handbook of Compliance
- The Cambridge Handbook of Compliance
- Copyright page
- Contents
- Figures
- Tables
- Contributors
- 1 Introduction: Compliance as the Interaction between Rules and Behavior
- Part I Compliance Concepts and Approaches
- Part II Deterrence and Incapacitation
- Part III Incentives
- Part IV Legitimacy and Social Norms
- Part V Capacity and Opportunity
- Part VI Compliance and Cognition
- Part VII Management and Organizational Processes
- Part VIII Measuring and Evaluating Compliance
- Part IX Analysis of Particular Fields
- 55 Strengthening Tax Compliance by Balancing Authorities’ Power and Trustworthiness
- 56 Compliance in Occupational Safety and Health
- 57 Intellectual Property Compliance: Systematic Methods for Building and Using Intellectual Property
- 58 Insider Trading Compliance Programs
- 59 Antitrust Compliance: Collusion
- 60 Understanding AI Collusion and Compliance
- 61 HIPAA Compliance
- 62 Biopharmaceutical Compliance
- 63 Transnational Anti-Bribery Law
- 64 Data Security, Data Breaches, and Compliance
- 65 Doping in Sports: A Compliance Conundrum
- 66 Food Safety Compliance
- 67 Global Supply Chain Auditing
- 68 Corporations, Human Rights and Compliance
- 69 Aiming for Integrity with Integrity
- References
Summary
Abstract: Despite the federal Department of Health and Human Services’ provision of considerable guidance and technical assistance to covered entities and business associates regarding their responsibilities under the HIPAA Privacy, Security, and Breach Notification Rules (HIPAA), little is known about the extent of compliance across the healthcare industry as well as reasons for noncompliance. This chapter reviews academic, industry, and government studies assessing HIPAA compliance and presents relevant insights. These insights relate to the extent to which small numbers of covered entities comply with the HIPAA Privacy Rule’s plain language requirement, the HIPAA Privacy Rule’s access to protected health information requirement, the HIPAA Security Rule’s addressable encryption standard, and the HIPAA Security Rule’s audit logs and access reports requirement. Additional insights relate to the extent to which covered hospitals and health systems believe that they are complying with the HIPAA Privacy and Security Rules, the impact of HITECH on data breaches involving business associates, the organizational strategies and institutional environments that influence compliance, and the extent to which institutional pressures and internal security needs assessments influence investment in security compliance.
- Type
- Chapter
- Information
- The Cambridge Handbook of Compliance , pp. 895 - 908Publisher: Cambridge University PressPrint publication year: 2021
References
American Health Information Management Association (AHIMA). 2004. The State of HIPAA Privacy and Security Compliance. http://bok.ahima.org/PdfView?oid=23016.Google Scholar
American Health Information Management Association (AHIMA). 2006. The State of HIPAA Privacy and Security Compliance. http://bok.ahima.org/doc?oid=100517#.XW05lpNKiT8.Google Scholar
Anthony, Denise L., Appari, Ajit, and Johnson, M. Eric. 2014. “Institutionalizing HIPAA Compliance: Organizations and Competing Logics in U.S. Health Care.” Journal of Health and Social Behavior 55: 108–24.Google Scholar
Anthony, Denise L., and Stablein, Timothy. 2016. “Privacy in Practice: Professional Discourse about Information Control in Health Care.” Journal of Health Organization and Management 30:207–26.Google Scholar
Carrion, Inmaculada, Aleman, Jose Luis Fernandez, and Toval, Ambrosio. 2011. “Assessing the HIPAA Standard in Practice: PHR Privacy Policies.” Annual Conference of the IEEE EMBS 33 (August–September): 2380–3.Google Scholar
Cavusoglu, Huseyin, Cavusoglu, Hasan, Son, Jai-Yeol, and Benbasat, Izak. 2015. “Institutional Pressures in Security Management: Direct and Indirect Influences on Organizational Investment in Information Security Control Resources.” Information and Management 52: 385–400.Google Scholar
Drolet, Brian C., Marwaha, Jayson S., Hyatt, Brad, Blazar, Phillip E., and Lifchez, Scott D.. 2017. “Electronic Communication of Protected Health Information: Privacy, Security, and HIPAA Compliance.” Journal of Hand Surgery 42, No. 6 (June): 411–16.Google Scholar
Freundlich, Robert E., Freundlich, Katherine L., and Drolet, Brian C.. 2018. “Pagers, Smartphones, and HIPAA: Finding the Best Solution for Electronic Communication of Protected Health Information.” Journal of Medical Systems 42:9.CrossRefGoogle Scholar
Lye, Carolyn T., Forman, Howard P., Gao, Ruiyi, Daniel, Jodi G., Hsiao, Allen L., Mann, Marilyn K., deBronkart, Dave, Campos, Hugo O., and Krumholz, Harlan M.. 2018. “Assessment of US Hospital Compliance with Regulations for Patients’ Requests for Medical Records.” JAMA Open Network (October 5): 1–12.CrossRefGoogle Scholar
McKnight, Randall, and Franko, Orrin. 2016. “HIPAA Compliance with Mobile Devices Among ACGME Programs.” Journal of Medical Systems 40, No. 5 (May): 129.Google Scholar
Paasche-Orlow, Michael, Brancati, Frederick L., Taylor, Holly A., Jain, Sumati, Pandit, Anjali, and Wolf, Michael S.. 2013. “Readability of Consent Form Templates: A Second Look.” IRB: Ethics and Human Research 35, No. 4 (July–August): 12–19.Google Scholar
United States Department of Health and Human Services (HHS). 2016. Individuals’ Right Under HIPAA to Access Their Health Information 45 CFR § 164.524. www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html.Google Scholar
United States Department of Health and Human Services (HHS). 2018. Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance for Calendar Years 2015, 2016, and 2017. www.hhs.gov/sites/default/files/compliance-report-to-congress-2015–2016–2017.pdf.Google Scholar
United States Department of Health and Human Services (HHS). 2019. HIPAA Compliance and Enforcement. www.hhs.gov/hipaa/for-professionals/compliance-enforcement/index.html.Google Scholar
Yaraghi, Niam, and Gopal, Ram D.. 2018. “The Role of HIPAA Omnibus Rules in Reducing the Frequency of Medical Data Breaches: Insights from an Empirical Study.” Milbank Quarterly 96, No. 1: 144–66.Google Scholar
- 3
- Cited by