A survey by two organizations shows that less than 50% of affected healthcare systems have completed an assessment of the effect the Health Insurance Portability and Accountability Act (HIPAA) will have on their organizations.

Phoenix Health Systems and the Healthcare Information and Management Systems Society (HIMSS), an organization that represents more than 13,000 healthcare institutions, found that HIPAA compliance for organizations is being hampered by interpretation of the regulations and not enough time to file needs assessments and documents relating to privacy and remediation.

Only 5% of the organizations have completed the procedures on how healthcare claims will be filed or paid and how benefits will be coordinated. Eighty percent of the survey respondents applied for extensions for these documents until October 2003. Originally, the deadline was last month.

While 60% of CxO-level employees of the organizations are showing “moderately to strong” support of HIPAA and say that budgets allocated to HIPAA compliance and implementation will be higher next year than in 2002, they cite cost concerns and a lack of industry best practices for dragging their feet. And, while most organizations are focusing on complying with the privacy and transactions requirements, security measures - which would protect the confidentiality of patients - are moving more slowly.

Phoenix Health Systems and the HIMSS surveyed its membership and received 965 responses. Of those, 68% provided healthcare in hospital or physician practices; 20% consisted of healthcare payers or clearinghouses and 12% were vendors.

The study also showed that over 60% of the respondents are implementing HIPAA requirements that were published over two years ago, in May 2000.

Although more than 50% of the organizations have not yet completed a needs analysis, 30% said they will complete them in the next three months. In this group, which is made up of providers, hospitals, doctors offices, payers and vendors, 59% of the hospitals have completed assessments.
 
The survey shows that 25% of large hospitals with at least 400 beds have allocated between $100,000 and $250,000 toward HIPAA compliance next year. Twenty percent of large hospitals will spend between $250,000 and $1 million, and 10% will spend more than $1 million.