HIPAA no easy mandate
- By Dibya Sarkar
- May 08, 2001
The Health Care Financing Administration
Complying with a federal law to standardize, manage and electronically share
health care information will be much harder than making systems Year 2000-ready,
experts told state officials Monday.
Panelists outlined what state governments need to do to meet the deadlines
of the federal Health Insurance Portability and Accountability Act. The
discussion came during a session of the National Association of State Information
Resource Officers' midyear conference in Austin, Texas.
HIPAA was enacted in 1996 to ensure health insurance portability, reduce
health care fraud and abuse, create national standards for health information,
and improve the security and privacy of shared medial information. It affects
all health plans and clearinghouses as well as all payers and providers,
including states. It assesses penalties for non-compliance.
States must comply with data standards by October 2002. It's not going to
be easy, officials say.
"It's like Y2K only much, much worse," said Richard Friedman with the U.S.
Department of Health and Human Services, the lead agency overseeing HIPAA
compliance. "Within health, it's everything in that area. It's not just
changing the date."
He said states need to think strategically and that the issue goes far beyond
a technology solution. It has to do with government policies and guidelines,
he said.
One component of HIPAA is adopting national standards for electronic data
interchange of certain administrative and financial transactions. That's
intended to greatly reduce costs. In addition, privacy standards must be
adopted by April 2003, and security standards are expected to be issued
soon.
Lorrie Tritch, with Iowa's human services department, said that although
everyone supports the goals of the act, the deadlines are unrealistic.
"These are all things we should be doing anyway," she said. "What we need
is time to get there."
Several organizations including NASIRE, the National Governors' Association
and the American Public Human Services Association support extending federal
deadlines until all rules have been finalized so governments can take a
holistic, rather than a piecemeal, approach to the issue.
Iowa chief information officer Richard Varn, who moderated the panel, said
it would take roughly $3 billion for all 50 states to comply with HIPAA.
Seattle attorney John Christiansen said he was concerned that states would
not budget adequately to comply. He urged state governments to devote more
staff time to dealing with HIPAA and to consider outsourcing to meet demands.
William Cox, with North Carolina's health department, said his state has
established a national Web forum the Government Information Value Exchange
for States (www.hipaagives.org) to help other
states with compliance efforts. He emphasized, as did the other panelists,
that states should partner with each other and other public- and private-sector
entities.