Although HIPAA was enacted in part to simplify administrative processes and reduce costs associated with claims transactions, implementation of the act initially will result in increased operating costs for most institutions and individuals. A large portion of these increased costs will be due to consulting and legal fees, additional operations personnel, and information systems development and integration. Once the requisite processes and integrated information systems are in place, however, healthcare organizations should begin to enjoy the intended administrative-simplification benefits of HIPAA.
By contrast, the continuing efforts required to ensure compliance with the HIPAA privacy standards, unlike the efforts to meet the Act's administrative-simplification requirements, represent significant costs to healthcare organizations for implementation and ongoing maintenance of compliance systems and processes that may not necessarily be offset by future savings.
The HIPAA standards also may impede the flow of information because of the limits they impose on access to information. Moreover, the need to comply with the new standards will add complexities to ensuring the free flow of information among certain healthcare professionals and institutions trying to coordinate patient care.
Another difficult challenge involves ensuring the HIPAA compliance of the individuals and business partners and associates with which healthcare organizations often must share patient information (eg, vendors, attorneys, and consultants). It will be very difficult for healthcare organizations to monitor or influence the compliance of these outside entities even though they will have the potential to create compliance problems for the healthcare organizations. To address this concern, healthcare organizations will need to craft written contracts governing privacy issues where none may exist today. Moreover, numerous amendments to existing contracts will have to be effected to ensure compliance. New terms and conditions will have to be negotiated, and legal counsel will need to be consulted.
Among the most difficult issues to be addressed will be the requirements that covered entities provide individuals with effective notice and an accounting of all disclosures and submit to requests by individuals to amend or correct their information. Meeting these requirements could be a herculean administrative task, especially if compliance must extend to e-communications.
Finally, the implications of the proposed standards for e-health companies are particularly significant. Telemedicine, videostreaming, e-connectivity, and other e-health activities would be affected in that e-health companies that provide such services to covered entities are likely to be called upon by those entities to warrant that they are HIPAA-compliant and to enter into written agreements obligating them to abide by HIPAA's requirements.
The privacy standards seek to provide necessary protections for individuals with respect to personal information about their health status and other health-related concerns. The hope is that such protections will facilitate the free flow of information without being unreasonably obtrusive. One of the biggest challenges ahead may be to ensure that these much-needed protections do not interfere with the standardization, consistency, and sharing of information that healthcare providers require to ensure the provision of effective care.
- DeMuro, Paul & Andrew Gantt; HIPAA privacy standards raise complex implementation issues; Healthcare Financial Management; Jan 2001; Vol. 55; Issue 1.
Reflection Exercise #5
The preceding section contained information about implications for practice for HIPAA privacy issues. Write three case study examples
regarding how you might use the content of this section in your practice.
Ethics CEUs QUESTION 9
What will be a challenge concerning healthcare organizations ensuring HIPAA compliance?
Record the letter of the correct answer the