HIPAA compliance in health care
HIPAA contained a provision that gave Congress until 21 August 1999, to pass comprehensive privacy legislation. When Congress did not enact privacy legislation by that date, the law required the Department of Health and Human Services (HHS) to craft such protections by regulation.
HHS published the final Privacy Rule on 28 December 2000. The final rule took effect on 14 April 2001. This rule gives patients greater access to their own medical records, and more control over how personal health information is used. The rule addresses the obligations of health care providers and health plans to protect information. By law, covered entities (health plans, health care clearinghouses, and health care providers who conduct certain financial and administrative transactions electronically) have until 14 April 2003 to comply. Small health plans have until 14 April 2004.
The HHS Office for Civil Rights (OCR) has implementation and enforcement responsibility for the Privacy Rule. OCR will conduct extensive outreach to consumers and health care providers to explain what the rule means for them. OCR will also provide technical assistance and guidance to health care providers and other covered entities to help them comply.
On6 July 2001OCR issued the first guidance materials answering some of the questions about requirements for doctors, hospitals, other providers, health plans and health insurers, and health care clearinghouses. It also clarifies some of the confusion regarding the meaning of key provisions of the rule. The guidance and other technical assistance materials are posted on the OCR Privacy Web site at http://www.hhs.gov/ocr/hipaa .
But as often happens, a good idea has gone wacko. The cost of implementation for the privacy and portability issues required by this legislation are cost-prohibitive for most private physician practices. Most practices are just filing the required extension since most of them cannot afford the cost of compliance. In many offices there is one set price for medical services, but many different amounts to be paid for each service as is set by each individual insurance carrier and third party provider. It is not unusual for 60% of all charges to go uncollected, and for third party payees of medical bill to take 45 to 90 days to pay for a service. An average of 43% of the expense at a medical practice is related to administrative costs related directly to dealing with compliance issues and payment issues.
So, for the foreseeable future, compliance with the provisions of HIPAA will be postponed until an uncertain future date.
