Compliance and HIPAA Privacy
Key Points:
- Eighty percent of Compliance Offices are responsible for HIPAA Privacy.
- Some Compliance Offices have HIPAA Privacy consuming up to 75% of their time and effort.
The 2025 Compliance Benchmark Survey, conducted by SAI360 and Strategic Management Services, LLC, offers insights into the current state and ongoing development of compliance programs within the healthcare industry. One area in the Survey concerned the time and effort Compliance Offices devote to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Unlike corporate compliance, which is largely voluntary, the HIPAA Privacy Rule imposes standards and requirements. According to the Survey, eight out of ten Compliance Offices reported having HIPAA Privacy as part of their responsibilities. Four out of ten respondents reported that HIPAA Privacy consumes up to half of their time and effort. One out of eight respondents indicated that it takes up to seventy-five percent of their workload, while another four out of ten reported it taking only one quarter of their time and effort. These findings suggest that HIPAA Privacy is a growing area of interest and burden. Added to the challenge, is the variation in workload related to privacy compliance. For example, privacy-related work tends to spike during activities such as risk assessments, new training programs, or responding to breaches of protected health information; while at other times, work levels subside significantly. Elsewhere in the Survey, respondents reported that their most frequent encounter with regulatory agencies is with the Office of Civil Rights as result of a breach in protected health information. This helps drive the importance of focusing on privacy. Additionally, one-third of respondents reported having compliance office staff consisting of one full- or part-time Compliance Officer. In such cases, managing both general compliance and HIPAA Privacy may be overwhelming; and consideration might be given to outsourcing the HIPAA Privacy function to a part-time external consultant.
Interested in learning more? Click the Download PDF button above to read the report or here to watch the webinar. You can also contact Richard Kusserow at [email protected] to discuss support for your Compliance Program.
