HIPAA no easy mandate

The Health Care Financing Administration

Complying with a federal law to standardize, manage and electronically share health care information will be much harder than making systems Year 2000-ready, experts told state officials Monday.

Panelists outlined what state governments need to do to meet the deadlines of the federal Health Insurance Portability and Accountability Act. The discussion came during a session of the National Association of State Information Resource Officers' midyear conference in Austin, Texas.

HIPAA was enacted in 1996 to ensure health insurance portability, reduce health care fraud and abuse, create national standards for health information, and improve the security and privacy of shared medial information. It affects all health plans and clearinghouses as well as all payers and providers, including states. It assesses penalties for non-compliance.

States must comply with data standards by October 2002. It's not going to be easy, officials say.

"It's like Y2K only much, much worse," said Richard Friedman with the U.S. Department of Health and Human Services, the lead agency overseeing HIPAA compliance. "Within health, it's everything in that area. It's not just changing the date."

He said states need to think strategically and that the issue goes far beyond a technology solution. It has to do with government policies and guidelines, he said.

One component of HIPAA is adopting national standards for electronic data interchange of certain administrative and financial transactions. That's intended to greatly reduce costs. In addition, privacy standards must be adopted by April 2003, and security standards are expected to be issued soon.

Lorrie Tritch, with Iowa's human services department, said that although everyone supports the goals of the act, the deadlines are unrealistic.

"These are all things we should be doing anyway," she said. "What we need is time to get there."

Several organizations — including NASIRE, the National Governors' Association and the American Public Human Services Association — support extending federal deadlines until all rules have been finalized so governments can take a holistic, rather than a piecemeal, approach to the issue.

Iowa chief information officer Richard Varn, who moderated the panel, said it would take roughly $3 billion for all 50 states to comply with HIPAA.

Seattle attorney John Christiansen said he was concerned that states would not budget adequately to comply. He urged state governments to devote more staff time to dealing with HIPAA and to consider outsourcing to meet demands.

William Cox, with North Carolina's health department, said his state has established a national Web forum — the Government Information Value Exchange for States (www.hipaagives.org) — to help other states with compliance efforts. He emphasized, as did the other panelists, that states should partner with each other and other public- and private-sector entities.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.