• United States

HIPAA a hardship for health care companies

Oct 21, 20024 mins
Enterprise ApplicationsHIPAA

A difficult economic climate may make it harder for health care providers to comply with provisions of the Health Insurance Portability and Accountability Act (HIPAA) in time for deadlines next year, according to a report by the consulting company Frost & Sullivan.

The independent report, “Effects of HIPAA in the U.S. Healthcare Markets” studied three health care market sectors affected by HIPAA: hospitals, managed care organizations and physician practice groups.

The study found that, despite an April 2004 deadline for HIPAA compliance on patient privacy, IT spending remains a low priority for hospitals and health care providers struggling for survival because of the economy.

“This is something that we’ve seen fomenting over time,” said Amith Viswanathan, senior industry analyst for health care information systems at Frost & Sullivan. “IT is a last priority item for hospitals. It’s a question of ‘do we buy a new car or do we eat?'”

The growing medical needs of the large population of aging “baby boomers,” those born between 1946 and 1964, has combined with cuts in federal Medicare reimbursements and increased payroll and operations costs to constrain IT spending by health care companies, according to Viswanathan.

“Hospitals are dealing with all kinds of operational issues, and they’re cutting spending for anything ancillary to patient care,” Viswanathan said.

Enacted by the U.S. Congress in 1996, HIPAA establishes national standards meant to ensure privacy in electronic health care transactions. The legislation, which is enforced by the Department of Health and Human Services (DHHS), affects health care providers, health plans and private physicians.

Since it was enacted, HIPAA has pushed hospitals and other health care organizations to shift from older, mainframe technology and paper-based processes to more efficient and secure systems that improve patient confidentiality.

Providers were supposed to comply with HIPAA regulations regarding medical transactions and code-sets, which indicate what type of procedure was performed on a patient, by last Wednesday. Organizations that were not in compliance with HIPAA rules by the deadline were required to apply for an extension by mailing or e-mailing a form to the DHHS before midnight Tuesday.

There was a rush of applications from affected companies for one-year extensions just before last week’s deadline, said Allan Carey, program manager at market researcher IDC in Framingham, Massachusetts.

Compliance with HIPAA guidelines on patient privacy is required by April 14, 2003.

Despite the effects of the tough economy on hospitals and physicians, however, the need to comply with certain HIPAA regulations, especially those concerning patient privacy, is expected to keep demand for certain HIPAA IT and consulting services strong.

“The biggest issue for providers is privacy. Accreditation organizations like JCAHO (the Joint Commission on Accreditation of Healthcare Organizations) as well as the Office of Civil Rights are going to be very concerned with (privacy). It’s also a major market for ambulance chasers,” said Viswanathan, referring to attorneys who will use violations of HIPAA rules by doctors, hospitals and insurance providers as the basis for patient lawsuits.

For companies that sell HIPAA-related IT consulting services, the report finds good prospects for products that address high-value HIPAA compliance areas, according to Viswanathan.

For example, companies selling electronic medical record (EMR) products to secure patient data and electronic data interchange (EDI) products that streamline billing and reimbursement are likely to find a willing market among hospitals looking to comply with HIPAA rules.

“We see the EMR business taking off as a gateway application,” Viswanathan said. “Hospitals can use it to measure an audit trail, measure a log, measure user authentication and issue biometric access passes if needed.”

“With EDI, we were surprised to find that hospitals that typically remit payment information to clearinghouses are looking to take that process in-house. They want to see where their transactions are going. “

Beyond that, Viswanathan recommends that companies delivering HIPAA services focus on training in areas such as privacy — a service that is desperately needed, but that won’t break a hospital’s budget.

“Privacy issues are among the least understood areas of HIPAA. They generate the most questions and loopholes, and are the area of largest liability,” Viswanathan said.