HIPAA Compliance Still Elusive

The legislation was adopted almost a decade age, but physicians, hospitals and vendors are still on an odyssey to become HIPAA-compliant.

Originally signed into law in 1996, the Health Insurance Portability and Accountability Act (HIPAA) was initially intended to be phased-in gradually over the following few years. The legislation is supposed to facilitate a transition into secure, electronic patient health insurance claims.

Still, about eight years later nearly all the relevant parties in the health care system are continuing to struggle to become universally HIPAA-compliant. Thats according to an analysis of data from the IT consultancy Phoenix Health Systems and industry group Healthcare Information and Management Systems Society study by consultant Helene Guilfoy.

Vendors of health care IT have been projecting that all their products will be HIPAA-compliant for the last few years. But they have yet to reach that goal. Current projections peg July as the date when all vendor offerings will be fully compliant.

Health insurance clearinghouses, which sit as intermediaries between health care providers and insurance providers as well as other payers, have also been projecting complete readiness for the last few years. Similar to vendors, clearinghouses are now aiming for this July for full HIPAA compliance.

July of this year is hardly a random date. As of the beginning of July, the Medicare and Medicaid system will still process non-HIPAA compliant claims but will significantly delay them. And if a claims form needs to be forwarded to another payer from a particular agency, the receiving payer will no longer do so as of that date if its non-HIPAA compliant.

Health care providers, such as small- and medium-size physician practices as well as hospitals, are hovering at a rate of slightly less than 60 percent with HIPAA-compliant forms and processes in place.

Even with a system thats fully HIPAA compliant, health care providers are still adjusting to the process. In an institutional billing system only about 60 percent of the data thats supposed to be collected actually goes into the system. That leaves an estimated 40 percent of required HIPAA information that remains uncollected on average.

Data collection in physician practices fares slightly worse, with only about 56 percent of HIPAA-compliant data actually captured electronically and 46 percent remaining either exclusively on paper or completely unrecorded.

Payers, including health insurers and government programs such as Medicare, are becoming increasingly strict and are starting to edit submissions for complete HIPAA-compliant information. Payment is subsequently being delayed or denied accordingly. Payers have been fully HIPAA compliant for some time.

In April of last year, the privacy provisions and patient access portions of HIPAA were supposed to be in full effect. Its been a painful process so far; the Agency for Healthcare Research and Quality noted almost 5,000 consumer complaints over information misuse, disclosures, or inability to gain access.

April of next year is the target date for the security provisions of HIPAA to become mandatory. HIPAA dates have been highly flexible to accommodate the massive, intricate nature of the health care system. But seemingly small disciplinary measures, like delaying payment or reducing it fractionally in penalty, will be increasingly used by health care payers to enforce complete HIPAA-compliance. These incremental penalties will be increasingly significant to health care providers who cannot afford to have a systematic slowing of reimbursement.