HIPAA interest, expertise leads to job expansion

It’s a wonderful fit’

While providing headaches to many health care professionals across the nation, the challenges of HIPAA implementation led to a promotion and career expansion for at least one access services director.

When discussions began several years ago about the provisions of the Health Insurance Portability and Accountability Act (HIPAA), Gillian Cappiello, CHAM, director of access services at Chicago’s Swedish Covenant Hospital, was reporting to the hospital’s vice president of information systems (IS).

"He later left, but in the meantime he was actively getting me involved in early discussions regarding HIPAA," she says. Cappiello, the IS vice president, and others went to a three-day workshop in November 2001 sponsored by a law firm that later formed a coalition to provide HIPAA consulting.

Soon after, the group did a gap analysis for the hospital, she notes. "So I’ve been involved [in HIPAA preparations] from day one."

When the information systems VP left, he wasn’t replaced, but his responsibilities were assumed by the senior director of information systems, Cappiello explains. "We have a legal counsel on staff, and between the three of us, we kept things rolling [toward HIPAA compliance]. We were the beginning of a steering committee to which we added nursing and a facilities person."

When it came time to designate a chief privacy officer — a requirement of the HIPAA privacy standard, she adds, "I was deemed an appropriate person." The new position included a promotion. Cappiello now is senior director of access services and chief privacy officer. (See job description)

"It’s a wonderful fit," she says, not only because of her early involvement in the HIPAA process, "but because I’ve always had kind of a passion for privacy." She was the one, Cappiello says, who habitually reminded employees to safeguard the information on their computer screens to protect patient confidentiality.

"Access interacts with all the hospital departments, anyway," she points out, "and are the start of data collection. So many of the things HIPAA requires — such as providing notice of privacy practices and giving patients the right to opt out of facility directories and request confidential communication — are handled in access."

"If we’re beginning the process," Cappiello adds, "why not see it all the way through?"

In addition, she notes, "One of the key involvements access has with the [Oakbrook Terrace, IL-based] Joint Commission for Accreditation of Healthcare Organizations is on the privacy issue. "If surveyors do come through your department, that’s what they ask about. So it’s always been something dear to my heart."

Keeping access strong

When she talked with the hospital’s senior vice president of finance about her new position, Cappiello says, "he was emphatic that while he wanted me to do that, he didn’t want access [to suffer] as a result." The department was in good shape, she notes, reducing claim denials and successfully implementing a new collection procedure.

Very much a hands-on access director, Cappiello took steps to delegate at least some of her access duties, she says. "I did some internal promotions, and my folks took on more day-to-day responsibility."

"I was doing a lot of quality assurance and [staff] training myself, and that has changed a little," Cappiello adds. "I’m still directing those things, but have someone else to put them into place."

Balancing the two areas of responsibility in the new position, which she assumed in January as the April HIPAA deadline approached "has been a stretch," she notes. "There were a lot of procedures to finalize."

Adding to the mix, Cappiello says, was the learning curve for the access manager who had been promoted from supervisor, and the training required for the new supervisor who replaced her.

Serving as chief privacy officer has given Cappiello and her staff the opportunity to be much more involved in the rollout of HIPAA policies throughout the organization, she says. "We have a heads-up on the rest of the hospital."

HIPAA guidance at Swedish Covenant, she explains, was organized around a steering committee, with seven subcommittees. Each steering committee member took on the leadership of one or more of the subcommittees, she says, which covered such topics as privacy notices, documentation, transaction code sets, facilities, education and training, and business associates. An Individual Practice Association subcommittee created a HIPAA manual for all the physicians, Cappiello says.

"There was a lot of fact-finding, finding out things from different departments that you didn’t know they did," she notes. "You have to know the entire information flow — how it comes in, what you do with it, and how it leaves your hands."

"Again, it fits so perfectly with access," she adds.