According to an IFEBP news release, the survey found that:
- 56% of employers have established a privacy and/or security committee with various areas of the organization represented on the committee.
- 61% of respondents have the same person serving as their privacy official and security official, rather than having two individuals appointed. This was the most common approach across all sectors.
- 67% of respondents provide HIPAA training to their employees in-house, using the privacy/security committee or official or training department.
- 92% of those surveyed identify themselves as being subject to HIPAA’s privacy and/or security rules.
The survey collected information from 188 US multiemployer salaried administrators, public employers, corporate benefit managers and professional service providers. The results include 114 sample HIPAA privacy and security policies, procedures, notices, forms and job descriptions.
The US Department of Health and Human Services released final HIPAA enforcement regulations in February (See HHS Releases Final HIPAA Enforcement Regs ).