| About HIPAA |
 What is HIPAA?
What is HIPAA's Administrative Simplification?
What is the estimated industry cost for HIPAA compliance?
What are the HIPAA compliance dates?
Where can I find out more about HIPAA on the Web?
|
|
The Department of Health and Human Services (HHS) contends that HIPAA’s Administrative Simplification
provision will "create the most sweeping changes in the health industry since Medicare."
|
In 1996, President Clinton signed the Health Insurance Portability and Accountability Act into
law (public law 104-191). Originally called the Kennedy-Kassebaum Act, the law was
formed with the general objectives to:
|
Guarantee health insurance coverage for all employees.
Reduce health care fraud and abuse.
Introduce and implement methods to simplify the US health care system.
Protect the health information of individuals.
|
|
|
From the perspective of healthcare or business organizations, the most significant
requirements fall under the provision of Administrative Simplification. These requirements
will be phased in over the next 5-10 years, with required implementation of the first
regulation in April 2003. Administrative Simplification is divided into four major areas,
each of which contain rules or standards that covered organizations and their business
associates must comply with:
|
|
Privacy Standards - The privacy rule provides the first comprehensive federal
protection for the privacy of health information. The rule restricts organizations that
collect, maintain, or distribute health information (in either electronic or paper form)
to a strict set of limitations on how that information can be utilized and distributed.
Organizations must be compliant with the Privacy Standards by or after 4/14/2003.
|
|
Security and Electronic Signature Standards - The rule defines new security
standards to protect an individual’s health information, while also mandating a new
electronic signature standard for transmission of standard HIPAA transactions.
|
|
Electronic Health Standards - The rule defines common code sets for healthcare
transactions and information exchange. Affected organizations are required to use
these standards as the language for common transactions such as plan enrollment,
premium payments, and claims status. Large organizations must be compliant with the Electronic Health Standards by or after 10/16/2003.
|
|
Unique Identifiers - The identifiers rule will define unique and universal
identifiers for health care plans, providers, and clearinghouses.
|
|
|
|
Given the broad and deep nature of the regulations, and the limited time with which
to become compliant, the industry costs for HIPAA are projected to be similar to that
of the Y2K effort in both cost and scope. The Department of Health and Human Services
conservatively estimates the ten-year cost for compliance by healthcare organizations
to be around $3-4 billion; yet other non-governmental organizations have projected the
ultimate cost of compliance to be more around $32 billion, or 3-4 times that of
Y2K remediation.
|
|
|
For more information about HIPAA, check our HIPAA resources page.
For more information about our HIPAA Privacy Accelerator product, see our HPA product page.
|
