Radiology Plus-A Primer on HIPAA

By Julie Crawshaw

The health insurance portability and accountability Act (HIPAA) of 1996 requires everyone in the health care industry to overhaul their methods of handling medical records electronically—and the effects are likely to be much more costly and far-reaching than the Y2K problem.

HIPAA includes regulations that standardize all electronic data interchange of health information and require protection of the security of electronic medical records. The standards, part of the administrative simplification portion of the act, apply to any health care provider or health plan that electronically maintains or transmits health information.

The U.S. Department of Health and Human Services (HHS) is expected to issue final rules for HIPAA compliance by June. Providers will be expected to be in full compliance within two years after the final rules are issued.

Spokespeople for HHS have said that HIPAA will create the most sweeping changes in the health care industry since Medicare. The agency predicts that the cost of HIPAA compliance may exceed the cost of fixing the Y2K problem.

"HIPAA will have a significant effect on every player in the health care industry," says Bill Braithwaite, PhD, senior adviser on health information policy at HHS.

HIPAA will set standards for health care providers who use electronic data interchange (EDI) solutions for common administrative functions. The rules will set out regulations for transactions and coding, national provider identifiers, national employer identifiers, and security. HIPAA does not mandate electronic data transmission, but providers who use EDI must follow the act’s standards or risk heavy penalties.

The law is intended to encourage development of standardized electronic transactions among all segments of the health care industry and to improve the efficiency and effectiveness of the health care system. Currently, more than 20 cents of every health care dollar is spent on administrative overhead, according to General Accounting Office estimates. HIPAA aims to cut those costs.

When the standards are in place, health care providers will be able to submit a standard transaction to every health plan, whether it’s to check eligibility of a patient, authorization for treatment, request for a referral, or a claim. This means your clinical, billing, and financial applications should be simplified, and the cost of doing business should be cut.

In fact, providers should expect to save $9 billion annually and the health care industry as a whole can save $26 billion a year by using EDI, predicts the Workgroup on Electronic Data Interchange, an industry association located in Reston, VA, appointed to help HHS develop EDI standards.

Under HIPAA, all health care organizations will have to make changes in the technology they use to exchange electronic health care transactions. The rules to be issued by HHS will set national standards for administrative and financial transactions, procedure and diagnosis code sets, and unique identifiers for providers, employers, and health plans. New security rules will be issued to ensure that individually identifiable health information and records are accessible only to authorized people.

If you don’t understand HIPAA and the implications it will have for your practice, you’re not alone.

When Jim Klein, director of compliance services for Plano, TX-based information technology service firm EDS, talks to provider groups, he always asks how many people in the audience have heard of HIPAA. The results are not encouraging. Usually only one or two out of 50 people raise their hands.

"People simply aren’t aware of what they’re going to have to do," says Klein.