25% off all training courses Offer ends May 8, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 8, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Survey Shows Management Support for Compliance Activities Correlates with Fewer Data Breaches

Posted By on Apr 2, 2025

One of the objectives of the 2024/25 HIPAA Journal Annual Survey was to identify challenges to HIPAA compliance. Several challenges were identified relating to management support, particularly in smaller organizations with 200 or fewer employees. The data which led to these observations was further analyzed to see what impact management support has on HIPAA compliance.

The 2024/25 HIPAA Journal Annual Survey was an anonymous survey conducted at the beginning of the year among subscribers to The HIPAA Journal newsletter. Because subscribers to The HIPAA Journal newsletter tend to be more “compliance aware,” the majority of responses to questions relating to compliance, data security, and training were what might be expected.

However, an analysis of the responses to the final three questions relating to workplace culture, management support, and organizational commitment to enforcing HIPAA policies revealed that many smaller organizations operate in environments that are not conducive to HIPAA compliance. The three questions were:

Do you believe your workplace culture encourages HIPAA compliance?

Possible answers: 1) Yes 2) No

75% of respondents who answered “no” to this question represented organizations with 200 or fewer employees.

Do you feel adequately supported by management in following HIPAA procedures?

Possible answers: 1) Yes 2) No

66% of respondents who answered “no” to this question represented organizations with 200 or fewer employees.

How would you rate your organization’s commitment to enforcing HIPAA policies?

Possible answers: 1) Excellent 2) Good 3) Fair 4) Poor

70% of respondents who answered “fair” or “poor” to this question represented organizations with 200 or fewer employees.

The More Support, the Greater the Proactivity

To identify how a lack of management support could impact HIPAA compliance, the responses to these questions were compared against the responses to a previous survey question asking how respondents would describe their organization’s approach to HIPAA compliance. The three possible answers to this question were:

Proactive – regular compliance audits, training, and monitoring.

Reactive – addressing compliance issues only when they arise.

Minimal – due to limited resources or insufficient focus on compliance.

Due to the compliance aware nature of respondents, most (69.0%) said their organizations have a proactive approach to HIPAA compliance. However, when analyzing the breakdown of responses by organization size, the organizations most likely to have a proactive approach to HIPAA compliance had between 201 and 500 employees, or more than 500 employees.

Approach to HIPAA Compliance by Organization Size

While the relationship between management support and the proactive nature of compliance activities could be attributable to several factors, the percentage of respondents from smaller organizations who said their organization’s approach to HIPAA compliance was “minimal” supports the argument that smaller organizations are not as well supported in compliance activities as larger organizations.

The consequences of a lack of support are that 11.7% of organizations that adopted a proactive approach to HIPAA compliance experienced a notifiable data breach over the past twelve months compared to 31.3% of organizations that adopted a reactive approach. It was not possible to calculate a percentage for organizations with a minimal approach due to the number of “don’t know” responses from this category in the data breach question.

Does This Prove Management Support is Necessary for HIPAA Compliance?

What this analysis shows is that when management supports a proactive approach to HIPAA compliance, it cultivates a workplace culture that encourages HIPAA compliance and commits to enforcing HIPAA policies, which means there is less likelihood that the organization will experience a notifiable data breach. However, although this analysis implies management support is necessary for HIPAA compliance, it does not prove it.

Nonetheless, compliance officers who feel they are not being adequately supported should draw their management’s attention to this analysis and other compliance benchmarks identified in the 2024/25 HIPAA Journal Annual Survey. This may be particularly important for compliance officers in smaller organizations, many of whom appear to have their compliance efforts undermined by a lack of management support.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist