HIPAA no easy mandate

  • By Dibya Sarkar
  • May 08, 2001

The Health Care Financing Administration

Related Links

HHS's Administrative Simplification

"HHS to standardize medical e-transactions"

"HHS prescribes info standards for health care"

Complying with a federal law to standardize, manage and electronically share health care information will be much harder than making systems Year 2000-ready, experts told state officials Monday.

Panelists outlined what state governments need to do to meet the deadlines of the federal Health Insurance Portability and Accountability Act. The discussion came during a session of the National Association of State Information Resource Officers' midyear conference in Austin, Texas.

HIPAA was enacted in 1996 to ensure health insurance portability, reduce health care fraud and abuse, create national standards for health information, and improve the security and privacy of shared medial information. It affects all health plans and clearinghouses as well as all payers and providers, including states. It assesses penalties for non-compliance.

States must comply with data standards by October 2002. It's not going to be easy, officials say.

"It's like Y2K only much, much worse," said Richard Friedman with the U.S. Department of Health and Human Services, the lead agency overseeing HIPAA compliance. "Within health, it's everything in that area. It's not just changing the date."

He said states need to think strategically and that the issue goes far beyond a technology solution. It has to do with government policies and guidelines, he said.

One component of HIPAA is adopting national standards for electronic data interchange of certain administrative and financial transactions. That's intended to greatly reduce costs. In addition, privacy standards must be adopted by April 2003, and security standards are expected to be issued soon.

Lorrie Tritch, with Iowa's human services department, said that although everyone supports the goals of the act, the deadlines are unrealistic.

"These are all things we should be doing anyway," she said. "What we need is time to get there."

Several organizations — including NASIRE, the National Governors' Association and the American Public Human Services Association — support extending federal deadlines until all rules have been finalized so governments can take a holistic, rather than a piecemeal, approach to the issue.

Iowa chief information officer Richard Varn, who moderated the panel, said it would take roughly $3 billion for all 50 states to comply with HIPAA.

Seattle attorney John Christiansen said he was concerned that states would not budget adequately to comply. He urged state governments to devote more staff time to dealing with HIPAA and to consider outsourcing to meet demands.

William Cox, with North Carolina's health department, said his state has established a national Web forum — the Government Information Value Exchange for States (www.hipaagives.org) — to help other states with compliance efforts. He emphasized, as did the other panelists, that states should partner with each other and other public- and private-sector entities.

Featured

  • Cybersecurity
    Boy looks under voting booth at Ventura Polling Station for California primary Ventura County, California. Joseph Sohm / Shutterstock.com

    FBI breach notice rules lauded by states, but some want more

    A recent policy change by the FBI would notify states when their local election systems are hacked, but some state officials and lawmakers want the feds to inform a broader range of stakeholders in the election ecosystem.

  • paths (cybrain/Shutterstock.com)

    Does strategic planning help organizations?

    Steve Kelman notes growing support for strategic planning efforts -- and the steps agencies take to keep those plans relevant.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.