Home
Up

FOR IMMEDIATE RELEASE

Atlanta Business Chronicle - December 2, 2002
http://atlanta.bizjournals.com/atlanta/stories/2002/12/02/focus1.html

 

From the November 29, 2002 print edition

arrowMore Print Edition Stories

HIPAA hysteria

Health-care providers and insurers struggle to understand new privacy and security regulations

Julie Bryant   Staff Writer

What was to be a simple federal rule, designed to lift the health-care industry out of antiquated paper-based systems and into the bright, organized world of high-speed technology, has instead spawned hysteria, predatory opportunists and outright befuddlement.

And, as doctors, hospitals and health-care insurers and vendors are discovering, the big, bad Health Insurance Portability and Accountability Act, otherwise known as HIPAA, is nothing more than yet another tangle of red tape.

"We have gotten so much hype about HIPAA," said Dr. Cynthia Rudert, founder and president of the Atlanta Women's Medical Alliance and owner of a small practice.

"We were getting stuff in the mail weekly from people who had courses offering to instruct us about HIPAA, everything from CD-ROMs to books you could buy," Rudert said. "Quite honestly, I threw my hands up."

HIPAA regulations have been coming since the act was passed in 1996, leaving plenty of time for the creation of legions of "HIPAA consultants" — some helpful and some simply predatory — that are charging thousands to bring health-care administrators up to HIPAA speed.

But despite a massive outpouring of pricey educational assistance, there is still confusion.

HIPAA is essentially three-pronged, said Tracy Field, an attorney with Arnall Golden Gregory LLP who was hired by the Medical Association of Georgia (MAG) to try to explain the new regulations to doctors around the state.

In the beginning, the government recognized that the health-care industry's medical insurance claims business was fraught with inefficiencies, largely because it was still a paper-based system, Field said.

So regulations were formed that would require that all medical insurance claims be submitted electronically. Sounds good in theory, but then the government realized that by transmitting sensitive medical data differently, the door was open to new ways of misusing that data.

Enter HIPAA privacy regulations. Under these rules, health-care providers, vendors and insurers will need to adopt new methods of protecting electronic patient information. Finally, to make sure that computer systems now carrying and transmitting this data are secure, HIPAA security regulations were passed, Field said.

In theory, these regulations are fairly straightforward.

But the reality of trying to renovate a mammoth industry known more for its bedside manner more than its technical savvy has been anything but straightforward.

HIPAA urban myths have blown a cold wind through break rooms and caused a thin sheen of sweat to form on the brows of otherwise hardy administrators.

Doctors' offices have gone so far as to purchase restaurant-style beepers, handing them out to patients for fear that calling names out in a crowded waiting room might violate HIPAA privacy regulations, said Paige Joyner, who formed her own HIPAA consultancy service, Compliance + LLC, after helping a physician friend through HIPAA compliance.

Sign-in sheets have been hastily tossed, medical charts have been yanked from the doors of patient rooms and filing cabinets containing medical charts have been shielded Fort Knox-style.

Such extreme measures are nothing short of unnecessary, said local attorney Derrick A. Pope, a member of the Georgia Strategic Implementation Process, an organization set up to help Georgia health-care leaders with HIPAA compliance.

The Center for Medicare and Medicaid Services (CMS), the federal department responsible for implementing HIPAA regulations, issued modifications to its original rules to reassure health-care administrators that privacy regulations require merely common-sense protective measures, Pope said.

And, following an onslaught of public outcry over HIPAA deadlines, the federal government moved them, not once, but a number of times. The deadline for moving over to electronic transactions came and went in October. But the government has allowed for a yearlong extension on the deadline.

The final deadline for privacy regulation compliance stands at April 14, for now — and security regulations have been published, but no deadline set.

"HIPAA is basically just best practices," said Gina Ballard-Reese, HIPAA coordinator for Atlanta's Saint Joseph's Health System Inc.

The regulations make sense and are going to be better for the health system in the long run, Reese said. The problem lies in accepting what will be an expensive process, she said.

Saint Joseph's estimates it will spend more than a half-million dollars on software upgrades alone to meet regulations. But the real cost lies in employee training, Reese said.

"Even the janitors have to be HIPAA-trained," Reese said.

If employees likely will come into contact with a patient's medical information, they must be trained to handle that encounter properly, she added.

And much of HIPAA is still less than crystal-clear.

"My assistant kept saying, 'Don't worry, a letter [from CMS] will come to explain all of this, just wait,' " Rudert said. "But that letter never came."

Hospitals and doctors' offices have been left to purchase HIPAA software from vendors who may not be familiar with all of the nuances of HIPAA regulations, Joyner said.

And a lot of the lawyers and consultants who charge $5,000 to $10,000 a pop to teach HIPAA compliance aren't fully up to snuff either, said Joyner, who charges clients in the ballpark of $1,000.

Besieged already with a landslide of bureaucratic red tape, a lot of doctors in private practice are ignoring HIPAA altogether, Pope said. Between haggling with insurance companies over medical claims and trying to see patients, doctors have little time to deal with more paperwork.

But ignoring HIPAA won't make it go away, Pope said. There is no longer the fear that doctors or hospital administrators will be led away in handcuffs for not complying with HIPAA regulations, but hefty fines can be levied and the government has indicated it intends to vigorously enforce these new rules, he said.

Doctors also are in for a nasty shock when they try to submit paper medical claims to insurers after the deadline has passed, Pope said. After October, those paper claims will be dinosaurs, he added.

HIPAA is designed to be a patient-complaint-driven system, and there are already measures in place allowing patients to complain to the government if they feel their medical information has been mishandled, Field said.

To help health-care entities reach compliance goals, the Southern HIPAA Administrative Process, a 13-state consortium, is expected to hold an open meeting in January in Atlanta that will focus specifically on the new patient procedure codes that hospitals must adopt in order to be reimbursed for services, Field said.

Reach Bryant at jbryant@bizjournals.com.



© 2002 American City Business Journals Inc.

 

 

 

For More Information Contact:

Compliance +, LLC
P.O. Box 720381 Atlanta, GA 30358
Tel: 678.570.5422
FAX: 888.303.2936
Internet: info@complianceplusllc.com

 
Send mail to webmaster@complianceplusllc.com with questions or comments about this web site.
Copyright © 2008 Compliance +, LLC
Last modified: 08/26/09