New Mexico gets ready for HIPAA compliance

As states scramble to meet the April 14 deadline for the Health Insurance Portability and Accountability Act’s privacy rules, New Mexico is smoothing its way to HIPAA compliance by focusing on data integration.

HIPAA’s privacy rule took up 40 pages of the Federal Register, plus 900 pages of preamble and explications, said Mary Gerlach, CIO of New Mexico’s Health Department. “All of this was in three columns, in tiny print. It’s a very challenging law,” she said.

Among other measures, the privacy rule requires that individuals who receive health care have to receive a notice of privacy practices from the provider. The individual has to sign a form that they received such a notice of privacy, and those forms must be tracked, Gerlach said.

New Mexico’s role as a health care provider is a large one. The state runs substance abuse and mental health services and programs for the developmentally disabled, as well as six residential health facilities, hospitals and a research laboratory.

New Mexico has no county health departments, and among cities, only Albuquerque runs its own health department.

New Mexico is the fifth-largest state geographically, but its population of 1.8 million is widely dispersed, Gerlach said. The state had no choice but to establish an electronic tracking system for all the privacy information state health care providers will have to monitor under HIPAA, she said.

“We took all of our legacy systems, and instead of remediating them, we built an integrated client data system atop our legacy systems using Microsoft Corp. products,” Gerlach said.

The Integrated Client Data System (ICDS) runs under Windows 2000 Server and uses Active Directory services. It also has a SQL Server 2000 back end and an front end.

HIPAA also requires that by Oct. 16, financial health care transactions be made using ANSI X12 and ANSI X12N standard formats, Gerlach said. ICDS will use Microsoft’s BizTalk to translate other formats to the ANSI formats.

The department began training employees and other contract workers about the HIPAA rules last month via the Web using Internet Explorer 6.0, Gerlach said. About 62 percent of the work force has been trained in the basics of HIPAA, she said.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected