HIPAA Moving Towards Achievement of Long-Term Benefits

Results of the HIMSS and Phoenix Health Systems’ US Healthcare Industry HIPAA Winter 2006 Survey

SAN DIEGO – February 13, 2006 – A decade after its passage, the focus of the Health Insurance Portability and Accountability Act (HIPAA) is evolving from patient privacy and security to the achievement of long-term benefits, such as lower healthcare costs, reduction of medical errors, and the development of wide area healthcare information networks, according to the recent results of the twice-yearly US Healthcare Industry HIPAA Survey.

Sponsored by the Healthcare Information and Management Systems Society (HIMSS) and Phoenix Health Systems, the Winter 2006 survey marks the seventh consecutive year of tracking and reporting on the status of HIPAA compliance within the healthcare industry. The survey is being released at the 2006 Annual HIMSS Conference & Exhibition, with respondents that included providers, such as hospitals and physician practices, and payers, such as insurance companies. “Although there is still progress to be made on implementing HIPAA privacy, security, and transactions standards, we see a fairly high degree of compliance among providers and payers,” said Darin LeGrange, President and CEO of Phoenix Health Systems. “Now the industry is focusing on the original intent of the law, which looked to the long-term benefits that could be achieved through the safe electronic communication of healthcare transactions nationwide.”

Providers have begun implementing return on investment (ROI) initiatives, including:

• adoption of computerized practitioner order entry (CPOE) – placing orders directly into the computer, instead of handwriting them, which can lead to misinterpretations and mistakes;
• conversion to electronic medical records (EMRs), meaning a paperless medical record for each patient; and
• transacting directly with payers rather than through clearinghouses.

One percent of providers have begun ROI implementation and another 21 percent have plans to do so.

For the first time, survey participants were asked about the specific benefits of HIPAA. Providers and payers both ranked “greater attention to patient privacy by staff” first among the benefits achieved. Also ranked high were increased patient privacy,” “more effective systems and processes” and “increased consumer confidence.” Fewer than five percent of all survey participants saw no benefits as a result of HIPAA.Another first was the survey’s tracking of the progress of the National Provider Identifier (NPI) Rule, which requires compliance by May 23, 2007. According to this recent HIPAA rule, healthcare providers are required to obtain and use a unique identifier when filing electronic claims to streamline related electronic processes. The survey found that 39 percent of providers said their organizations already have applied for their NPI. In addition, 18 percent have started to identify the systems, software and process changes that will be required for an NPI and eight percent have begun internal testing.Establishing a National Patient Identifier, providing a unique identifier to each patient, continues to be controversial: while 30 percent of providers and 45 percent of payers said they thought the benefits would outweigh the negatives, 23 percent of providers and 28 percent of payers disagreed. About one-quarter of each group expressed no opinion. Other findings of the Winter 2006 survey:

Security Compliance: Still an Issue

Compliance with security standards remains an issue: 55 percent of healthcare providers report they are compliant with security standards (up from 43 percent in the Summer 2005 survey) as do 72 percent of payers (down from 74 percent). Security breaches continue, as well. In the previous six months, 24 percent of providers and 28 percent of payers experienced between one and five security incidents, compared to 32 percent and 27 percent respectively, as reported in the Summer 2005 survey. Further, 13 percent of providers and seven percent of payers experienced between six and 11 incidents, both up from four percent for both groups, as reported in the Summer 2005 survey.

Privacy Compliance: A Significant Holdout

Regarding the privacy rule, 80 percent of providers and 86 percent of payers report that they have met requirements, which is consistent with survey findings reported the past two years. This suggests that a significant group or providers – one fifth – is either unable or unwilling to implement privacy requirements. The larger organizations appeared to be most compliant: among providers, hospitals with more than 400 beds were the most compliant (85 percent) as were payers covering from 501,000-1.5 million lives (100 percent).

Electronic Transactions: Although They Can Comply, Many Don't

Compliance with the Transactions and Code Sets (TCS) rule includes implementation of all necessary policies, procedures, processes and systems in order to test and then conduct the standard HIPAA transactions required for healthcare business functions. Compliance has remained steady during the past year, with 84 percent of providers and 73 percent of payers saying they were fully compliant, which they interpreted as being “ready to conduct” or "capable of conducting" transactions. However, only 46 percent of providers and 67 percent of payers said they were actually conducting all the necessary standard transactions for their organizations. According to both groups, the problem often is on the receiving end, e.g., their trading partners are not able to process the transactions. "The survey results reflect that providers and payers continue to inconsistently comply with HIPAA rules and regulations, yet on the positive side, that they are starting to look ahead to the real benefits of HIPAA," said Jeff Collman, chair of the HIMSS Privacy and Security Steering Committee and associate professor at Georgetown University Medical Center, Washington, DC. "The beginning of the implementation of ROI and the significant number applying for an NPI are encouraging trends. All of this is good news for the healthcare field in general and patients specifically."

The survey was conducted between January 8 and January 23, 2006, and included a total of 324 healthcare industry representatives. Among the participants, 81 percent were providers and 19 percent were payers.

Visit http://www.hipaadvisory.com/action/surveynew/results/winter2006.htm to access the entire survey report and graphical comparisons.

About HIMSS

More than 23,000 people are expected to attend the 2006 Annual HIMSS Conference & Exhibition in San Diego, and the society will host 840 exhibitors featuring the latest in healthcare IT. HIMSS (Healthcare Information and Management Systems Society) is the healthcare industry’s membership organization exclusively focused on providing leadership for the optimal use of healthcare information technology and management systems for the betterment of human health. Founded in 1961 with offices in Chicago, Washington, DC, and other locations across the country represents approximately 17,000 individual members and more than 270 member corporations that employ more than 1 million people. Visit www.himss.org for more information.

About Phoenix Health Systems

Founded in 1987, Phoenix Health Systems provides state-of-the-art healthcare information technology solutions to hospital organizations nationwide. Services include comprehensive IT department outsourcing, interim IT management, clinical and business transformation, data security and privacy solutions, and a wide breadth of strategic and technical IT consulting services. For additional information, visit www.phoenixhealth.com.