Tech headache Costs of HIPAA compliance could dwarf Y2K

Keith Russell For the health care industry, Y2K turned out to be a lot like an Iraqi Scud missile: a big dud that scared more than it hurt.

But before health care executives are able to wipe their brows and relax, a perhaps more costly information technology challenge is looming on the horizon that may threaten to explode upon the health care scene in a way Y2K doomsayers never dreamed.

What is this new bombshell? HIPAA: shorthand for the Health Insurance Portability and Accountability Act, legislation passed by Congress in 1996 and an acronym many health care executive board rooms across the country are just now learning.

Oversimplified, what HIPAA will do is dramatically impact the way nearly every facet of the health care industry will operate in the future.

Central to the legislation's ramifications are requirements that those who operate within the health care delivery system -- providers, payers and even those on the periphery such as employers, third-party administrators and attorneys -- must move toward the electronic handling of health care information, and fast.

Organizations must do so using uniform standards set forth by the federal Department of Health and Human Services. The standards cover such tasks as payment transactions, coding and numerical identification of providers, payers and employers. Moreover, health care players must latch onto technology in a way that is secure and protects patients' rights to privacy. Noncompliance with HIPAA's mandates risk, substantial fines and, in intentional cases, even prison terms.

And the kicker? Businesses will be required to meet most of HIPAA's standards by mid-2002, giving them little time to lose.

HIPAA standards will also be costly to implement. At least one industry study estimates costs related to complying with new HIPAA regulations could run as high as $43 billion. Justin Krumelow, executive vice president and chief technology officer for Digital Medical Systems, a Nashville-based Internet company which develops IT infrastructures for health care clients, says that number may be conservative.

"HIPAA will make Y2K look like child's play," Krumelow says.

By statute, more efficient health care Krumelow made his remarks in front of nearly 300 local health care executives who attended a Jan. 25 discussion hosted by the Nashville Health Care Council on HIPAA's implications.

The high turnout was an indication of the seriousness with which health care professionals are now viewing HIPAA's impact -- and of how little they still know about it.

To illustrate that point, Lawrence Voyten, national health care practice director for Boston-based Keane Inc., an international consulting company, told his Health Care Council audience of his conversations with other health care executives about their efforts to plan for HIPAA.

"After I taught them how to spell `HIPAA' I could tell where they were," Voyten said.

Not that HIPAA is all gloom and doom. In fact, it might actually benefit the industry in the long run by trimming fat out of health care's current paper-based and often Byzantine way of doing business.

Lee Barrett, vice president of global health care for Detroit-based consulting firm Complete Business Solutions Inc., was heavily involved in the development and passage of HIPAA. At the Health Care Council seminar, Barrett told his audience that HIPAA's requirements could help payers reduce their claims processing costs from $6 to $8 per claim to less than $1 each through electronic processing. Providers can also benefit from lower administrative costs and reduce the time it takes for them to receive payments, Barrett said.

But, cautions Digital Medical Systems' Krumelow, even if a health care organization does what it takes to comply with HIPAA, the effort won't end there.

"Y2K was really an acute problem. It had a definite end," Krumelow says. "HIPAA isn't an acute problem. It's a chronic problem. As soon as you have to be compliant you have to be compliant forever and it's something you are going to have to work on day in day out."

http://www.amcity.com/nashville/stories/2000/02/28/focus1.html

-- Martin Thompson (mthom1927@aol.com), February 28, 2000