HIPAA Implementation Newsletter
Issue #1 -- Friday, March 2, 2001
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires
changes in physical and electronic security for almost all of the health care and
health insurance industry. The U.S. Department of Health and Human Services (HHS)
estimates that electronic information transmission and processing required by HIPAA
will save $29.9 billion over ten years. Changes in privacy regulations will impose
costs of $17.6 billion plus the cost of the pending security regulations. All of
these changes are targeted for implementation in the next two years.
The scope of the work to be done and the limited time to complete it create major
challenges for health care providers and insurance companies. They also provide
significant opportunities for a broad spectrum of firms that provide systems and
services to support the implementation of HIPAA related requirements. If you may
need assistance or have systems or services to offer, read on. If not,
click and you will be removed
form this mailing list.
Lyon, Popanz & Forester has been tracking HIPAA for some time. This newsletter
is our way of sharing what we know with others who are interested in HIPAA. We will
publish the newsletter when there is material and as we have time, no more than
once a week and at least once a month. Please feel free to forward it to others.
Have them send us an email if they would like to be added to the mailing list.
In the Beginning
The history
of HIPAA began in the early 1990s during the presidency of Bush I.
It survived a number of misadventures in Congress and
the act was eventually passed in August 1996.
Its stated purpose is to: "… improve … the efficiency and effectiveness of the
health care system, by encouraging the development of a health information system
through the establishment of standards and requirements for the electronic
transmission of certain health information." That sounded like a good idea and
was widely supported by the industry.
Congress gave itself 36 months to enact privacy standards. If they did not meet
that deadline, they gave the Secretary of HHS six additional months to
"promulgate final regulations." Implementation is clearly running behind the
original expectations. Most of the electronic transactions and codes are being
adopted from existing standards. The real controversy and most of the challenges
are in the areas of privacy and security for individuals' medical information.
Status of Privacy and Security
Privacy regulations were released in December 2000. Due to an "unintended
oversight" by the outgoing administration, they will not be considered final
until April 14 2001, and will go into effect two years after that unless …
On February 25,
Secretary Thompson said: The administration is "absolutely
committed" to achieving the goals of the privacy rule. "Our goal is to achieve
privacy protections that work," he added. "I believe we should be open to the
concerns of all those who care strongly about health care and privacy. And after
we hear those concerns, our commitment must be to put strong and effective
patient privacy protections into effect as quickly as possible." With that,
the regulations have been opened for 30 days of rehearing. Comments are being
accepted until March 30. The impact of the rehearing on the implementation date
is uncertain.
The Need
The privacy of personal medical records is a sensitive issue. The conversion
from paper based records to electronic formats and their transmission creates
all kinds of potential for innocent errors and intentional wrongdoing. There is
a long list of things that have to be done to assure even current levels of privacy
and security as the industry transitions to standardized electronic records and
transmission.
Implementation requires changes in the way patient data is handled from the
bedside to the insurance payment to the final disposition of the records. It impacts
both physical and electronic forms, requires the development of new policies and
processes and training, the enhancement of physical security and strengthening of
systems security. Failures carry civil, and in some cases criminal penalties
including the possibility of jail time. The new standards also raise the performance
bar. A wide range of systems and services will be needed by the health care industry
to successfully implement HIPAA.
The Role of the Implementation Newsletter
The HIPAA Implementation Newsletter provides information to assist health care providers,
health insurance companies, and vendors of systems and services in planning,
managing and implementing the changes required by HIPAA. We will provide basic
information and links to other sources. There is already a great deal of information
about the act, vendors, conferences, books, etc on the Web. We will help you find
the most useful material.
If you are among the advanced guard of people who are already in the trenches of
HIPAA and have something to share, we welcome your contribution. If you want to be
quoted, we will give you credit, if you don't, just say so. If you are a provider
or insurer looking for ways to improve your implementation process, we can help.
If you are a vendor looking for opportunities to apply your skills, experience,
systems or services, keep reading. If you know others who are similarly inclined,
please pass this along and suggest they add their name to our mail list.
___________
To be removed from the mail list, click
To subscribe, click We appreciate
it if you include information about your firm and your interests.
The HIPAA Implementation Newsletter is published periodically by Lyon, Popanz & Forester.
Copyright 2001, All Rights Reserved. Issues are posted on the Web at
http://lpf.com/hipaa concurrent with email distribution.
Edited by Hal Amens
Information in the HIPAA Implementation newsletter is based on our experience
as management consultants and sources we consider reliable. It contains neither
legal nor financial advice. For that, consult appropriate professionals.
Lyon, Popanz & Forester is a management-
consulting firm that designs and manages projects that solve management problems.
Planning and project management for HIPAA are areas of special interest.
|
