Officials shaky on HIPAA compliance

HIPAA home page

Related Links

A majority of state and local government agency officials are unsure whether their jurisdiction would meet sweeping new federal guidelines designed to enhance health care-related information systems within the next 18 months, according to a recent Gartner Inc. survey.

Wes Rishel, a health care research director with Gartner, presented the survey results during a conference Nov. 16 on the Health Insurance Portability and Accountability Act. Federal Sources Inc. and Potomac Forum Ltd. sponsored the one-day event in Washington, D.C.

HIPAA, signed by President Clinton in 1996, was enacted to provide a comprehensive federal law that would protect the privacy of people's health information and improve the efficiency of health care delivery by standardizing electronic data interchange. It would supersede each state's laws, which vary widely in privacy, security and transactions standards.

The federal law covers all health care providers who electronically transmit health information as well as health plans and health care clearinghouses. So far, this "administrative simplification" provision has yielded two sets of published rules, covering transactions and privacy. Security guidelines have yet to be published.

Providers and payers must comply with the Transactions Rule -- which set national standards for codes that identify patients and describe diseases, injuries and other health problems -- by Oct. 16, 2002. They must also comply by April 14, 2003, with the Privacy Rule, which governs accessibility to identifiable patient information and gives patients new rights to access their medical records.

According to Gartner, only 6 percent of chief information officers surveyed expected to meet the Transactions Rule deadline, while 63 percent don't know whether they will be able to comply. Seventeen percent said they were very likely to comply, 9 percent said somewhat likely, 3 percent highly unlikely, and 2 percent said not at all. The responses were similar when CIOs were asked about the privacy deadline.

Rishel said that because CIOs are early in their assessment process, they may be too optimistic about compliance.

In regard to a separate survey, Rishel said many health care organizations overall will not be ready for the October 2002 transaction compliance deadline. Many are just learning about HIPAA and its requirements, and fewer have done an assessment of their own systems. "That's not encouraging news," he said.

By not complying, health care organizations and government agencies could receive stiff civil and criminal penalties.

Federal extensions for compliance may be likely, but Rishel said that many providers and payers are not taking HIPAA seriously. He also said vendors are not establishing leadership in helping providers move toward compliance. "For the providers, they're relying on the vendors, and the vendors are not doing a great job," he said.

High cost is a major factor among all providers and payers. Gartner estimated that each payer and provider expected to spend $3 million to $14 million overall to comply with HIPAA.


  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

Stay Connected