HIPAA Update: Are You Ready?
It had long been assumed that many medical practices (including podiatric practitioners) were lagging behind in complying with then-forthcoming HIPAA regulations. The actual figures released after the recent October deadline confirm those assumptions. The Centers for Medicare and Medicaid Services (CMS) indicate about 550,000 health care organizations filed for a one-year extension to delay HIPAA compliance. “It had previously been estimated that there were more than 2 million physician practices and other clinical Level 1 entity groups impacted by the law,” according to Dr. David Marcinko, MBA, CFP. “A dismal response to the first major milestone in implementation of electronic transmission standards shows how unprepared many physicians and covered entities are for meeting HIPAA requirements,” continues Dr. Marcinko, CEO of Marcinko Advisors and Associates, partners in the referral exchange and educational portal Medical Business Advisors. “There was such a low turnout (that) everyone’s wondering whether those (other doctors) think they’re compliant or are they still so confused that they don’t know what to do,” says Raymond Posa, founder of R. Francis Associates, a Belmar, N.J.-based medical consultancy. “Everybody’s taking a wait and see attitude. Part of the problem is that, because this was phased in over time, in pieces, practices might think, ‘I don’t have to comply. The whole thing’s not in effect yet.’ And they’re wrong.” The fate of those who did not file is still unclear. “CMS is prohibited by law from accepting any more requests for extensions and has even removed the extension application from its Web site,” notes Dr. Marcinko. “In theory, physicians who did not file for an extension were required to be in compliance with the new standards after Oct. 16, 2002.” Paying The Cost Of Compliance The cost of complying with HIPAA regulations is often cited as a primary reason why many practices have been so reluctant to move forward. “Working with physicians, and in the health care industry as a whole, I’ve found they typically don’t like to spend money on things like this,” says Kevin Beaver, founder and President of Principle Logic, LLC, a security consultancy. “As a result, they are usually a good bit behind the technology curve.” “HIPPA will be so much more costly than realized,” maintains Dr. Marcinko. “Of course, the full cost of this regulation is unknown, but according to several of our private strategic alliance partners, it is expected to exceed the cost of Y2K compliance by fourfold, in the aggregate. This breaks down to about $15,000 to $20,000 the first year, or considerably more than the $1,500 to $3,700 cited by (the Department of Health and Human Services) for each ‘doctor of medicine.’” Marcinko considers this cost to be more than a little ironic, considering the initial goals associated with HIPAA. “One of the primary goals of HIPAA is to reduce the 17 percent administrative cost of healthcare through the standardization of electronic transactions into a single format,” he notes. “The primary goal of HIPAA is not necessarily security, although it certainly is an objective. Not very facetiously, since more than 50 percent of DPM Medicare reimbursement is for toenail debridement, one might conclude that all these security measures are a bit much for the delivered service.” A Brief History On The Origins Of HIPAA With so much controversy swirling around compliance, some might have forgotten how and why HIPAA regulations came about. Initially, the Health Insurance Portability and Accountability Act of 1996 gave Congress until August 1999 to pass comprehensive health privacy legislation. When no such law was passed in the allotted time frame, HIPAA provided the Department of Health and Human Services (HHS) with the authority to draft such rules, in conjunction with recommendations submitted to Congress by the Clinton administration in 1997. “The HIPAA concept is not new, although the act itself became law in 1996,” notes Dr. Marcinko. “The Federal government and HCFA have planned a shift to electronic data interchange (EDI) for more than a decade. How ironic that it is also known as the Healthcare Administration Simplification Act?” Indeed, administrative simplification was one of the primary goals of the legislation, along with insurance portability and fraud enforcement.