By Rich Eichacker
Vibrance Technology Corporation
HIPAA, or the Health Insurance Portability and Accountability Act, was passed in 1996 under the Clinton administration. The law was designed to standardize healthcare-related administrative transactions; insure the security of computer systems, software and networks; and to insure the privacy of healthcare data. The law applies to organizations that use or produce healthcare data, such as hospitals, HMO/PPO providers, and physicians.
Two HIPAA deadlines are fast approaching for healthcare organizations. By October 2002, the electronic transaction and data formatting standards must be in place and by April 2003, the privacy portion of the law must be in place. A one-year extension can be filed on the electronic transaction implementation.
The electronic transaction standards were designed to increase the efficiency of data exchanges and reduce costs and errors. Before these standards were created, data storage and transmittal was left up to individual organizations, resulting in patient privacy concerns and increased costs because of incompatible data exchanges. The new regulations should streamline the billing process, resulting in reduced billing cycles and fewer mistakes. They will also eliminate the delays in getting updated data as well as reducing the amount of paper consumed by the healthcare industry. With the new standards, any healthcare organization should be able to communicate with any other healthcare organization without any compatibility issues.
The privacy portion of the law guides what type of information may be stored about a patient and also mandates that the transmittal of patient-related correspondence and data be secure. For example, e-mail is not a secure way to transmit confidential information. In the healthcare industry, this fact exposes a liability regarding patient privacy. LANs, WANs and other network interfaces must also be secure. HIPAA also restricts the types of patient data that can be exchanged. While this may protect patients' privacy, it may also impair analysis on disease trends.
Short-term, HIPAA is creating some headaches for healthcare organizations who are trying to meet the terms of the law and the compliance dates. However, in the long-term, these regulations will hopefully play a part in improving the US healthcare system.
Additional resources:
Summer 2002 -Volume 12, Number 3