The 2013 Law Firm HIPAA Compliance Survey Report presents information gathered from over 70 organizations, measuring attitudes, priorities and response strategies.
Summary of Key Findings:
- Interest in and responsibility for HIPAA compliance spans departments and stakeholder roles – survey participants include firm management, risk management, heads of IT, information security managers and practice group leaders.
- Firms report that protected health information subject to HIPAA protections often appears in matters from firm healthcare, litigation, labor & employment, insurance, and medical/life science practice areas.
- Firms see reputational harm as the key risk and impact of a breach or compliance failure.
- Firms are actively pursuing compliance with new HIPAA regulations, employing measures including undertaking internal assessments and review of business associate agreements, implementing new policies and training and adopting security and monitoring controls.
- In many instances, compliance measures are spearheaded by IT, often working cross-functionally with risk and practice stakeholders.
- To manage future compliance, firms overwhelmingly plan to modify business intake procedures to identify and flag HIPAA-related matters at the point of inception.
- Many firms are discussing HIPAA compliance with their insurance brokers or underwriters to assess the applicability of current malpractice and cyber insurance policies or expand coverage.
Pat Archbold, head of Intapp's Risk Practice Group notes:
- "We sponsored this survey to provide our customers and partners with insight into how the legal industry is responding to the new HIPAA Omnibus Rule, which affects a significant number of organizations. We’re working closely with many firms to help them respond, supporting their efforts to safeguard and monitor the treatment of sensitive information and meet their compliance objectives."