Officials shaky on HIPAA compliance

  • By Dibya Sarkar
  • Nov 18, 2001

HIPAA home page

Related Links

A majority of state and local government agency officials are unsure whether their jurisdiction would meet sweeping new federal guidelines designed to enhance health care-related information systems within the next 18 months, according to a recent Gartner Inc. survey.

Wes Rishel, a health care research director with Gartner, presented the survey results during a conference Nov. 16 on the Health Insurance Portability and Accountability Act. Federal Sources Inc. and Potomac Forum Ltd. sponsored the one-day event in Washington, D.C.

HIPAA, signed by President Clinton in 1996, was enacted to provide a comprehensive federal law that would protect the privacy of people's health information and improve the efficiency of health care delivery by standardizing electronic data interchange. It would supersede each state's laws, which vary widely in privacy, security and transactions standards.

The federal law covers all health care providers who electronically transmit health information as well as health plans and health care clearinghouses. So far, this "administrative simplification" provision has yielded two sets of published rules, covering transactions and privacy. Security guidelines have yet to be published.

Providers and payers must comply with the Transactions Rule -- which set national standards for codes that identify patients and describe diseases, injuries and other health problems -- by Oct. 16, 2002. They must also comply by April 14, 2003, with the Privacy Rule, which governs accessibility to identifiable patient information and gives patients new rights to access their medical records.

According to Gartner, only 6 percent of chief information officers surveyed expected to meet the Transactions Rule deadline, while 63 percent don't know whether they will be able to comply. Seventeen percent said they were very likely to comply, 9 percent said somewhat likely, 3 percent highly unlikely, and 2 percent said not at all. The responses were similar when CIOs were asked about the privacy deadline.

Rishel said that because CIOs are early in their assessment process, they may be too optimistic about compliance.

In regard to a separate survey, Rishel said many health care organizations overall will not be ready for the October 2002 transaction compliance deadline. Many are just learning about HIPAA and its requirements, and fewer have done an assessment of their own systems. "That's not encouraging news," he said.

By not complying, health care organizations and government agencies could receive stiff civil and criminal penalties.

Federal extensions for compliance may be likely, but Rishel said that many providers and payers are not taking HIPAA seriously. He also said vendors are not establishing leadership in helping providers move toward compliance. "For the providers, they're relying on the vendors, and the vendors are not doing a great job," he said.

High cost is a major factor among all providers and payers. Gartner estimated that each payer and provider expected to spend $3 million to $14 million overall to comply with HIPAA.

Featured

  • Oversight
    President of the United States of America, Donald J. Trump, attends the 2019 Army Navy Game in Philadelphia, Pa., Dec. 14, 2019. (U.S. Army photo by Sgt. Dana Clarke)

    Trump shakes up official watchdog ranks

    The White House removed an official designated to provide oversight to the $2 trillion rescue and relief fund and nominated a raft of new appointees to handle oversight chores at multiple agencies.

  • Workforce
    coronavirus molecule (creativeneko/Shutterstock.com)

    OMB urges 'maximum telework flexibilities' for DC-area feds

    A Sunday evening memo ahead of a potentially chaotic commute urges agency heads to pivot to telework as much as possible.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.