The trusted source for
healthcare information and
Providers are tired of waiting — they want the final Health Insurance Portability and Accountability Act (HIPAA) of 1996 rules now.
Several expressed their frustration in a recent collaborative survey conducted by Phoenix Health Systems in Montgomery Village, MD, and the Health Information Management Systems Society in Chicago. (For more on the survey results, see "Here comes a flurry of compliance assessments," in this issue.)
"The most dangerous barrier is the unknown legislation," one hospital senior manager told the surveyors. "It both delays definitive action on what exists [why waste time if it’s going to change] and causes you to do substantial rework as the interpretations are printed."
The Department of Health and Human Services (HHS) has moved toward clarifying at least part of the HIPAA regulations through its first privacy guidance, published in early July. One advisor doesn’t anticipate any dramatic changes or delays in the remaining guidances.
"I’m sure that sometime in the next few months, by the end of this year at the latest, [HHS] will probably go through the normal NPRM [Notice of Proposed Rulemaking] process of submitting some suggested changes. I don’t think they will be significant or dramatic," says Joseph L. Pokorney, vice president of Phoenix Health Systems. "I believe [HHS] will want to get that process completed so that it does not impact the April 2003 date."
Providers also should not expect to see much difference between the proposed and final security rule provisions, according to a report that Bill Braithwaite, senior HHS advisor on health information policy, made to Phoenix Health Systems on July 27. "The basic philosophy of the final security rule is unchanged from the NPRM," he said, according to Phoenix. The final rule should reduce redundancies and excessive micromanagement. He also told the company that the electronic signature standard would not be included in the final security [rule], but would be addressed later in another rule.
Pokorney sees the possibility that when the security regulation is published, HHS might make a move via a change in regulation to make all the effective dates the same. "That could also take the form of just relaxed enforcement as opposed to an official changing of the compliance date."