The trusted source for
healthcare information and
Research firms may warn of providers stuck at the starting gate trying to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Many hospital-based participants in a recent survey, however, say they will complete their enterprise HIPAA impact/gap assessments by year’s end.
A recent Gartner survey that found that 85% of health care providers have yet to complete assessments or gap analyses. Gartner is a research and advisory firm based in Stamford, CT.
But according to a different survey, more than three-quarters of the hospital-based respondents say they expect to be done this year. This survey was a collaborative effort conducted by Phoenix Health Systems in Montgomery Village, MD, and the Health Information Management Systems Society in Chicago. Nearly 15% of respondents say they already have completed assessments.
These results are based on 925 responses to the late-July survey. Sixty-three percent of these respondents work in provider organizations; 42% of the provider staff work in hospitals. Respondents also were close to the HIPAA playing field: Just under 80% of all respondents reported that they have official HIPAA roles within their organizations.
Phoenix Health Systems began taking the quarterly surveys in early 2000. This latest installment is the first time the industry has reported that it is focusing more on compliance assessment and implementation than on the preliminary step of creating HIPAA awareness within its organizations, says D’Arcy Guerin Gue, executive vice president of Phoenix Health Systems.
The step of creating an overall awareness of HIPAA has been successful for most. About 75% of senior managers and 55% of department heads industrywide were judged as having moderate to high knowledge of HIPAA and its implications. However, respondents stated that 6% of all senior managers, and 7% of provider senior managers still have little or no knowledge of HIPAA — representing no change since the April survey, and little change from January survey results.
The providers that have moved on to conducting assessments are looking at all parts of the HIPAA regulations. Respondents from hospitals with more than 400 beds reported that 75% are conducting assessments, primarily in compliance with the transactions and privacy requirements of the regulations; one-half also are doing security and identifiers assessments. Fourteen percent have completed their assessments; 33% expect to be done within three months; and another 33% expect to finish within six months.
In hospitals with 400 or fewer beds, two-thirds are conducting transactions, privacy, and identifiers assessments with one-third doing security assessments. Eleven percent of 400-bed hospitals have completed assessments; 32% expect to be done within three months; and another 37% at the end of the year.
In addition to impact and gap assessments, respondents say that HIPAA project planning and implementations are under way across the industry, as well. Two-thirds of hospitals, payers, and clearinghouses and more than half of vendors are doing project planning.
Among hospitals with more than 400 beds, participants reported that two-thirds are preparing transactions, privacy and security project plans; one-third are already working on implementation. Half of respondents from hospitals with 400 or fewer beds are doing transactions and privacy project plans, with less emphasis on security. Twenty-five percent are working on implementations, again primarily in transactions and privacy.
About a third of hospitals and half of payers, clearinghouses, and vendors have even begun implementing the HIPAA regulations. Even physician practices and other providers, historically behind in HIPAA awareness, are moving forward: Of nearly 200 respondents, about half have begun doing assessments, and more than one third are working on project planning and implementation.
Many providers aren’t making their compliance efforts totally by themselves, the survey found. Among hospitals, 45% of respondents said they are using outside consultants to support HIPAA compliance; 83% of these to conduct or support assessments; 47% for project planning; and 27% for implementation.
Overall, the great majority — about three-quarters of all respondents — hope to tie their compliance efforts to organizational strategic plans (including exceeding HIPAA requirements, in many cases) and reap the potential benefits associated with HIPAA, Gue says. "Given this proactive approach, it is not surprising that about two-thirds of all providers agreed that their organizations will have to be HIPAA-compliant in order to execute their e-health strategies."
The complete results of this quarterly survey have been forwarded to several administration and Congressional offices, at their request, Gue says. Recipients include leaders of the Department of Health and Human Services, members of the House Ways and Means Committee, and other Capitol Hill leaders who want to better understand factors in the health industry’s compliance progress.