HHS offers four steps to aid HIPAA compliance

If hospitals have not already requested an extension for the transaction and code sets required by the Health Insurance Portability and Accountability Act (HIPAA), now is the time to do so, says Donna Eden, senior attorney with the Department of Heath and Human Services (HHS). "There is no downside to submitting an extension," she says. "There are no costs involved."

Eden says providers should pay close attention to the extension form and sit down with the people in their organization who are responsible for actually making the HIPAA transition happen, because the form provides concrete signposts, goals, and check-off points. "If you have had trouble getting the attention of your upper management, this form should help," she adds.

Here are four more steps Eden says will assist providers preparing for HIPAA compliance:

  • Work with your IT staff and vendors. Eden says HHS is hearing complaints about vendors that claimed to be HIPAA-compliant two years ago but are not. "Two years ago, everybody was running around with little rubber hippos and saying their products were HIPAA-compliant’ before the final rules were published," she notes. Many of those vendors, it now turns out, are not able to offer HIPAA-compliant software. "Put pressure on them to get the job done right," she advises.
  • Contact your trading partners. Eden says hospitals also should contact all of the entities they exchange health information with to coordinate their various schedules. "Start working out the details so that you will be ready to test by April 2003," she says.
  • Support your standards development organizations (SDOs). According to Eden, SDOs also welcome participation. SDOs are volunteer groups chartered by the American National Standards Institute that are responsible for maintaining the actual standards that were adopted as the HIPAA national standards, she explains. "They love volunteers," she says, adding that working groups offer hospitals multiple opportunities to participate.
  • Use this delay time to reach compliance. Finally, Eden says, providers should keep in mind that it really is happening. She reports that she is now hearing from many institutions that have implemented a significant portion of the HIPAA transaction requirements.

"They find not only does it actually save money, but it also improves the quality of care," she says. "There are unexpected benefits from making this transition."