HIPAA news
HIPAA advisory
HIPAAdvisory > HIPAAnews > Current News Phoenix Health Systems
news
regs
action
tech
views
wares
alert
live
notes
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

Survey Finds Health Plans Preparing for HIPAA

Washington, D.C. (January 16, 2001) - A major study released today by the American Association of Health Plans (AAHP) removes much of the uncertainty about how America's health plans will react to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The study, conducted by and Long Beach, California-based First Consulting Group, Inc., found that most plans are actively pursuing strategies to meet the electronic data interchange (EDI) and security components of HIPAA even in advance of final regulations, although about a third are deferring certain steps until final requirements are known. At the time the survey was conducted, the federal government had also not issued its final privacy rules, and a number of significant issues about these requirements remained unknown.

Many of the plans are combining EDI and e-health initiatives and view HIPAA as an opportunity to accomplish strategic objectives in addition to regulatory compliance. And while most are in the early stages of HIPAA compliance, the study found some have moved further into planning and even implementation in some areas.

Of the 27 health plans that responded to the survey, one-half are national plans, one-third are local and the remainder are regional. The sample offers an opportunity to understand HIPAA compliance in the large plans that serve much of the U.S. population as well as to identify any significant differences in how plans of different sizes are approaching HIPAA.

Health plan executives responding to the survey identified the most daunting challenges:

  • organizational readiness
  • security/confidentiality
  • staff resources/necessary skill sets
  • funding availability

Least important is the ability to demonstrate return on investment. The likely explanation is that compliance is mandated, not optional, and therefore, examining ROI is only of use in comparing approaches. Overall, respondents are quite confident about meeting the listed challenges. Relatively speaking, they raise the greatest concern about mustering sufficient resources, both staffing and funding; this is especially true of the smaller plans.

"Use of electronic technology in healthcare, from the Internet to the electronic medical record, offers exciting new opportunities to improve how healthcare is delivered and coordinated in the Untied States," said AAHP President Karen Ignani. "Implementing HIPAA smoothly will be a major step in achieving that potential, and we are very active in supporting our plans' compliance efforts and assessing the impact on consumer premium dollars," she added.

"The intent of HIPAA is to establish a common foundation for the eventual full electronic interchange of healthcare information, while enhancing security and ensuring privacy," said Luther Nussbaum, FCG's chairman and CEO. "With the many challenges health plans face today, the full benefits of HIPAA can only be achieved over time rather than immediately. HIPAA readiness must be fully integrated with other IT projects," he added.

Other conclusions of the study:
  • HIPAA efforts are being organized largely at the corporate, rather than the departmental, level. Accountability most often rests with the CIO or VP of regulatory affairs for all components of HIPAA: compliance with EDI transaction standards, privacy and security.
  • Plans have been very active in early activities of building awareness and doing assessments of systems and processes. HIPAA compliance may not in the end be a neat, sequential process, because all organizations will have to "cycle back" as more information on requirements becomes available.
  • Plans are assessing a variety of technical approaches, and most have further work to do to complete this. The plans that have completed assessments indicate they are considering significant changes to legacy systems or are relying entirely on a clearinghouse or storing provider ID as information only.
  • As might be expected at the time of the survey, health plans have made more progress in the early steps of HIPAA readiness--the thinking parts--than on actual implementation. Moving ahead will require overcoming challenges of resource availability.

The complete study is available in PDF from the FCG web site at:
http://www.fcg.com/webfiles/pdfs/HealthPlans_HIPAAReadiness.pdf

Go to TOP