Get on target: Feds should speed action on HIPAA

Slow action in writing the rules required by the Health Insurance Portability and Accountability Act makes getting into compliance even harder.

Editorial. Sept. 17, 2001.

Confronting the regulations created by the Health Insurance Portability and Accountability Act of 1996 is often likened to the Year 2000 computer changeover. It is a complex, often costly undertaking and one certainly not to be ignored by anyone with an interest in staying in business after HIPAA deadlines take effect. At least the computer programmers working on the Y2K problem had the advantage of being absolutely certain of the target they were trying to hit. Not so with HIPAA. The details of the "final" rule on HIPAA patient privacy provisions -- effective date April 14, 2003, for most covered entities -- still may be fine-tuned. Most of the crucial final rules on electronic data transfer have yet to be released. The intertwined elements of patient privacy guarantees and data transfer are what will make it possible for HIPAA to achieve its goal of standardized electronic transactions. In doing so, HIPAA is expected to more than pay its way. For physicians, HIPAA's promise is to get rid of the current crazy quilt of differing filing requirements involved in getting paid electronically. However, for all the good expected from HIPAA, delays in finalizing those rules will add to the cost, hassle and frustration of the already considerable task of getting into compliance. The AMA recently joined others in the health care arena in calling on the government to respond to this issue appropriately. The Association was one of 86 signers of a letter to Health and Human Services Secretary Tommy Thompson, seeking that revisions of the final privacy rule be completed as soon as possible. The signers represented a broad spectrum, from numerous medical specialty societies to business and managed care trade organizations. That such strange bedfellows speak with one voice on this issue underscores the scope of the problem. Recently HHS offered written guidance on how to interpret the privacy rule (http://www.hhs.gov/ocr/hipaa/). It was a welcome move. (An example: Does the rule require the doctor's office to be soundproofed so conversations cannot be overheard? No.) However, some revisions remain under consideration. As the AMA has made clear in its comments to the government, some improvements to the rule are much needed. They should be made as soon as possible. Current thinking is that they may not come until April 2002 -- only a year before the rule goes into effect. That's very little time to become adequately prepared for this rule, more than 1,500 pages long, that covers individually identifiable health information in electronic, written and even oral form. Meanwhile, rules on electronic data exchange -- including electronic transactions, identifiers, code sets, security and so on -- are moving along slowly. The AMA has joined with other organizations representing physicians, health plans and others in supporting Congressional passage of a new deadline schedule that would put the electronic data exchange standards into effect two years after the entire suite of rules is finalized. The National Governors Assn. is also supporting the change in the law, knowing that even their own government systems cannot efficiently cope with the delays and confusion the piecemeal regulations cause. The government expects all those involved in health care to implement the provisions of HIPAA in an orderly and timely manner, and has put stiff penalties in the law to guarantee that they do. It's sad to see that the government itself has trouble living up to quite the same standard. Back to top