Hip hip hooray for HIPAA? What you need to know about the new Health Insurance Portability and Accessibility Act.

Author:Sibley, Lara
Position::Health Care

It's a mammoth task that experts are calling the Y2K of the health-care industry. It could come with a price tag as high as $40 billion. And it must be addressed within the next two years.

It's the Health Insurance Portability and Accessibility Act (HIPAA), and it has many in the health-care and insurance industries on edge.

The far-reaching and complex HIPAA legislation mandates that any organization that handles patient medical information--hospitals, insurance carriers, medical clinics, doctor's offices and even employers--make significant upgrades to administrative procedures and data transmission and storage technologies to ensure compliance with stringent privacy and security standards. The ultimate goal is to protect all patients' personally identifiable information and give those individuals control over how their health-care information is shared and used.

HIPAA's privacy regulations took affect in April, starting a two-year countdown to the compliance deadline of April 15, 2003. The bottom line: companies that have not started preparing for HIPAA may already be behind the curve. But those who begin developing HIPAA compliance strategies today can help ensure a healthy prognosis for their businesses for years to come.

Time consuming

HIPAA compliance is a three-step process (see box). For large health-care providers, insurance companies and clearinghouses that work with large volumes of patient information daily, this three-step plan can be time-consuming and complicated. Achieving compliance will often be less complex for smaller providers and employers, but they are still well-served by following a similar process to assess and implement changes needed for HIPAA compliance.

Many businesses, especially those that have not yet begun compliance efforts, are likely to turn to outside HIPAA consultants to assist with assessment, analysis and implementation of necessary upgrades.

When considering third-party assistance, businesses should carefully evaluate a provider's expertise, reputation and reliability, as well as its ability to assess and implement services to address all aspects of HIPAA legislation. Many consultants provide little more than recommendations, leaving businesses on their own for the real work--implementation and testing of upgrades.

Though a daunting task, HIPAA also brings good news for providers and insured individuals. The U.S. Department of Health and Human Services forecasts a net industry savings of...

To continue reading