As confusion mounts for agencies and businesses required to comply with the security and privacy provisions of the Health Insurance Portability and Accountability Act, a key health care industry group is asking the federal government to revisit the regulations.
The request comes even as vendors continue to roll out services aimed at helping enterprises deal with the daunting task of abiding by the standards.
Citing concerns about cost, an "aggressive implementation schedule" and the impact on patient care, the American Hospital Association last week asked the federal Department of Health and Human Services to reopen the act for comment on its privacy provisions. Compliance with the key security, privacy and electronic data interchange provisions of the rule will cost the health care industry between $4 billion and $22.5 billion, according to the AHA, in Washington.
"HIPAA is such a huge beast that people are still trying to work their way through it," said Aimee Wall, attorney for the National Association of Public Hospitals and Health Systems. "There will be some cost for everyone. But its something that everyone puts a high value on. Its not like its coming in a vacuum."
Regulations implementing HIPAAs privacy provisions were published in December, the standardization process is well on its way, and final compliance with the law is scheduled for February 2003.
In a recent survey by Gartner Group Inc., of Stamford, Conn., only 15 percent of respondents had even completed the initial budget estimates to meet their obligations under the 1996 act.
One of the latest services launched to help sort through the HIPAA rules comes from SBC Communications Inc. A comprehensive consultancy service, the San Antonio-based company draws heavily from the expertise of its subsidiary, Sterling Commerce Inc., of Dublin, Ohio.
The service begins with a consultation to identify the areas of a companys communications systems subject to HIPAA, then helps to choose the best combination of hardware, software and services for upgrades, and finally provides ongoing management.
SBC officials said they can deploy a variety of networking security upgrades to help companies comply with HIPAA, including encryption, firewalls, proactive intrusion detection monitoring and management reporting. The carrier will also provide training to help businesses make changes in administrative and computer safety procedures.