[ISN] HIPAA a hardship for health care companies

From: InfoSec News (isnat_private)
Date: Tue Oct 22 2002 - 01:58:08 PDT

  • Next message: InfoSec News: "[ISN] 2003 PKI Research Workshop CFP"

    By Paul Roberts
    IDG News Service
    A difficult economic climate may make it harder for health care
    providers to comply with provisions of the Health Insurance
    Portability and Accountability Act (HIPAA) in time for deadlines next
    year, according to a report by the consulting company Frost &
    The independent report, "Effects of HIPAA in the U.S. Healthcare
    Markets" studied three health care market sectors affected by HIPAA:  
    hospitals, managed care organizations and physician practice groups.
    The study found that, despite an April 2004 deadline for HIPAA
    compliance on patient privacy, IT spending remains a low priority for
    hospitals and health care providers struggling for survival because of
    the economy.
    "This is something that we've seen fomenting over time," said Amith
    Viswanathan, senior industry analyst for health care information
    systems at Frost & Sullivan. "IT is a last priority item for
    hospitals. It's a question of 'do we buy a new car or do we eat?'"
    The growing medical needs of the large population of aging "baby
    boomers," those born between 1946 and 1964, has combined with cuts in
    federal Medicare reimbursements and increased payroll and operations
    costs to constrain IT spending by health care companies, according to
    "Hospitals are dealing with all kinds of operational issues, and
    they're cutting spending for anything ancillary to patient care,"  
    Viswanathan said.
    Enacted by the U.S. Congress in 1996, HIPAA establishes national
    standards meant to ensure privacy in electronic health care
    transactions. The legislation, which is enforced by the Department of
    Health and Human Services (DHHS), affects health care providers,
    health plans and private physicians.
    Since it was enacted, HIPAA has pushed hospitals and other health care
    organizations to shift from older, mainframe technology and
    paper-based processes to more efficient and secure systems that
    improve patient confidentiality.
    Providers were supposed to comply with HIPAA regulations regarding
    medical transactions and code-sets, which indicate what type of
    procedure was performed on a patient, by last Wednesday. Organizations
    that were not in compliance with HIPAA rules by the deadline were
    required to apply for an extension by mailing or e-mailing a form to
    the DHHS before midnight Tuesday.
    There was a rush of applications from affected companies for one-year
    extensions just before last week's deadline, said Allan Carey, program
    manager at market researcher IDC in Framingham, Massachusetts.
    Compliance with HIPAA guidelines on patient privacy is required by
    April 14, 2003.
    Despite the effects of the tough economy on hospitals and physicians,
    however, the need to comply with certain HIPAA regulations, especially
    those concerning patient privacy, is expected to keep demand for
    certain HIPAA IT and consulting services strong.
    "The biggest issue for providers is privacy. Accreditation
    organizations like JCAHO (the Joint Commission on Accreditation of
    Healthcare Organizations) as well as the Office of Civil Rights are
    going to be very concerned with (privacy). It's also a major market
    for ambulance chasers," said Viswanathan, referring to attorneys who
    will use violations of HIPAA rules by doctors, hospitals and insurance
    providers as the basis for patient lawsuits.
    For companies that sell HIPAA-related IT consulting services, the
    report finds good prospects for products that address high-value HIPAA
    compliance areas, according to Viswanathan.
    For example, companies selling electronic medical record (EMR)  
    products to secure patient data and electronic data interchange (EDI)  
    products that streamline billing and reimbursement are likely to find
    a willing market among hospitals looking to comply with HIPAA rules.
    "We see the EMR business taking off as a gateway application,"  
    Viswanathan said. "Hospitals can use it to measure an audit trail,
    measure a log, measure user authentication and issue biometric access
    passes if needed."
    "With EDI, we were surprised to find that hospitals that typically
    remit payment information to clearinghouses are looking to take that
    process in-house. They want to see where their transactions are
    Beyond that, Viswanathan recommends that companies delivering HIPAA
    services focus on training in areas such as privacy -- a service that
    is desperately needed, but that won't break a hospital's budget.
    "Privacy issues are among the least understood areas of HIPAA. They
    generate the most questions and loopholes, and are the area of largest
    liability," Viswanathan said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Oct 22 2002 - 04:42:19 PDT