Hip hip hooray for HIPAA? What you need to know about the new Health Insurance Portability and Accessibility Act.It's a mammoth mammoth, name for several large prehistoric elephants of the extinct genus Mammuthus, which ranged over Eurasia and North America in the Pleistocene epoch. task that experts are calling the Y2K See Y2K problem and Y2K compliant. Y2K - Year 2000 of the health-care industry. It could come with a price tag as high as $40 billion. And it must be addressed within the next two years. It's the Health Insurance Portability and Accessibility Act (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ), and it has many in the health-care and insurance industries on edge. The far-reaching and complex HIPAA legislation mandates that any organization that handles patient medical information--hospitals, insurance carriers, medical clinics, doctor's offices and even employers--make significant upgrades to administrative procedures and data transmission and storage technologies to ensure compliance with stringent privacy and security standards. The ultimate goal is to protect all patients' personally identifiable information In information security and privacy, personally identifiable information or personally identifying information (PII) is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person. and give those individuals control over how their health-care information is shared and used. HIPAA's privacy regulations took affect in April, starting a two-year countdown to the compliance deadline of April 15, 2003. The bottom line: companies that have not started preparing for HIPAA may already be behind the curve. But those who begin developing HIPAA compliance strategies today can help ensure a healthy prognosis prognosis /prog·no·sis/ (prog-no´sis) a forecast of the probable course and outcome of a disorder.prognos´tic prog·no·sis n. pl. prog·no·ses 1. for their businesses for years to come. Time consuming HIPAA compliance is a three-step process (see box). For large health-care providers, insurance companies and clearinghouses that work with large volumes of patient information daily, this three-step plan can be time-consuming and complicated. Achieving compliance will often be less complex for smaller providers and employers, but they are still well-served by following a similar process to assess and implement changes needed for HIPAA compliance. Many businesses, especially those that have not yet begun compliance efforts, are likely to turn to outside HIPAA consultants to assist with assessment, analysis and implementation of necessary upgrades. When considering third-party assistance, businesses should carefully evaluate a provider's expertise, reputation and reliability, as well as its ability to assess and implement services to address all aspects of HIPAA legislation. Many consultants provide little more than recommendations, leaving businesses on their own for the real work--implementation and testing of upgrades. Though a daunting daunt tr.v. daunt·ed, daunt·ing, daunts To abate the courage of; discourage. See Synonyms at dismay. [Middle English daunten, from Old French danter, from Latin task, HIPAA also brings good news for providers and insured individuals. The U.S. Department of Health and Human Services Noun 1. Department of Health and Human Services - the United States federal department that administers all federal programs dealing with health and welfare; created in 1979 Health and Human Services, HHS forecasts a net industry savings of approximately $12.3 billion over the next 10 years as a result of lower costs and efficiencies gained through HIPAA compliance. A 3-step process For most businesses, addressing HIPAA compliance is a three-step process: * Step 1: Complete a thorough assessment of all systems and processes that fall under HIPAA guidelines. This process will help you identify the areas of operations that will need adjustments to achieve HIPAA compliance. * Step 2: Conduct a "gap analysis" or review of how your systems and processes work today in comparison with how they will need to operate in a HIPAA-compliant environment. This analysis helps your business pinpoint the scope of your HIPAA needs and to prioritize pri·or·i·tize v. pri·or·i·tized, pri·or·i·tiz·ing, pri·or·i·tiz·es Usage Problem v.tr. To arrange or deal with in order of importance. v.intr. your compliance efforts. * Step 3: Implement upgrades and procedural changes needed for compliance. Technology upgrades can range from adding security features like firewalls to a company network to integrating software applications to allow secure transfer of information. Procedural changes can involve drafting new policies for your employees regarding patient information and training them to ensure compliance. Start-up grants If your budget is modest but your needs are great, the state of Michigan offers options to help promote a healthy worksite. Its Worksite and Community Health Promotion (WCHP WCHP Washington Crossing Historic Park (Pennsylvania) ) program offers grants to help employers increase awareness and help reduce the behavior risk factors that can lead to cardiovascular disease Cardiovascular disease Disease that affects the heart and blood vessels. Mentioned in: Lipoproteins Test cardiovascular disease and other chronic diseases. Start-up grants are awarded to help employers purchase worksite health promotion services like smoking cessation smoking cessation Public health Temporary or permanent halting of habitual cigarette smoking; withdrawal therapies–eg, hypnosis, psychotherapy, group counseling, exposing smokers to Pts with terminal lung CA and nicotine chewing gum are often ineffective. clinics and weight management to help employees change their behavior. While all worksites in Michigan are eligible to apply for grant money, WCHP gives special consideration to small companies (defined as having fewer than 500 employees), those that are less likely to start wellness programs without financial assistance and those with employees at higher risk of cardiovascular disease. For more information about worksite grants, contact the Michigan Department of Community Health Promotion Clearinghouse at (800) 537-5666 or the Southeastern Michigan Health Association, which administers the programs in the Detroit area, at (313) 873-6502. Worth noting Annual health-core costs for employees with high-risk behaviors high-risk behavior Public health A lifestyle activity that places a person at ↑ risk of suffering a particular condition. See Safe sex practices. are $272 to $960 higher than for employees with low-risk behaviors. Source: Journal of Occupational Medicine Lara Sibley is national marketing director for health care at SBC (1) (SBC Communications Inc., San Antonio, TX, www.sbc.com) A large, national telecommunications company that grew from a multitude of local and regional companies, including Southwestern Bell, Pacific Bell and Nevada Bell, into a single, unified brand by 2002. Communications Inc. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion