New Mexico gets ready for HIPAA compliance

As states scramble to meet the April 14 deadline for the Health Insurance Portability and Accountability Act’s privacy rules, New Mexico is smoothing its way to HIPAA compliance by focusing on data integration.

HIPAA’s privacy rule took up 40 pages of the Federal Register, plus 900 pages of preamble and explications, said Mary Gerlach, CIO of New Mexico’s Health Department. “All of this was in three columns, in tiny print. It’s a very challenging law,” she said.

Among other measures, the privacy rule requires that individuals who receive health care have to receive a notice of privacy practices from the provider. The individual has to sign a form that they received such a notice of privacy, and those forms must be tracked, Gerlach said.

New Mexico’s role as a health care provider is a large one. The state runs substance abuse and mental health services and programs for the developmentally disabled, as well as six residential health facilities, hospitals and a research laboratory.

New Mexico has no county health departments, and among cities, only Albuquerque runs its own health department.

New Mexico is the fifth-largest state geographically, but its population of 1.8 million is widely dispersed, Gerlach said. The state had no choice but to establish an electronic tracking system for all the privacy information state health care providers will have to monitor under HIPAA, she said.

“We took all of our legacy systems, and instead of remediating them, we built an integrated client data system atop our legacy systems using Microsoft Corp. products,” Gerlach said.

The Integrated Client Data System (ICDS) runs under Windows 2000 Server and uses Active Directory services. It also has a SQL Server 2000 back end and an front end.

HIPAA also requires that by Oct. 16, financial health care transactions be made using ANSI X12 and ANSI X12N standard formats, Gerlach said. ICDS will use Microsoft’s BizTalk to translate other formats to the ANSI formats.

The department began training employees and other contract workers about the HIPAA rules last month via the Web using Internet Explorer 6.0, Gerlach said. About 62 percent of the work force has been trained in the basics of HIPAA, she said.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Defense

    DOD wants prime contractors to be 'help desk' for new cybersecurity model

    The Defense Department is pushing forward with its unified cybersecurity standard for contractors and wants large companies and industry associations to show startups and smaller firms the way.

  • FCW Perspectives
    tech process (pkproject/

    Understanding the obstacles to automation

    As RPA moves from buzzword to practical applications, agency leaders say it’s forcing broader discussions about business operations

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.