Medicare Compliance & Reimbursement

HIPAA:

Final Enforcement Rule Nails Violators With Costly Penalties

Privacy, security and EHR compliance are still problems, survey reveals.

A final rule, plus revealing survey results, reflects that the Health Insurance Portability & Accountability Act is on the move.

The Department of Health and Human Services issued a final rule Feb. 10 that extends key enforcement provisions in HIPAA to the administrative simplification regulation. The final rule made its debut in the Feb. 16 Federal Register.

The final rule regulates the enforcement process from beginning to end. Enforcement issues that begin as complaints and compliance reviews may conclude in either an informal resolution, a no-violation finding or a violation finding. Upon a violation finding, HHS will seek a civil money penalty based on the number of violations. Such penalties are subject to challenge through a formal hearing and appellate review process. Whereas the proposed rule based the number of violations on a list of "variables," the final rule "clarifies that the method for determining the number of such violations is grounded in the substantive requirements or prohibition violated." The final rule goes into effect March 16.

HIPAA Survey Suggests Shift Toward Long-Term Benefits

HIPAA's focus is evolving from patient privacy and security to the achievement of long-term benefits, such as lower health care costs, medical errors reductions and the development of wide-area health care information networks, according to the most recent U.S. Healthcare Industry HIPAA Survey. The survey's sponsors, the Healthcare Information and Management Systems Society and Phoenix Health Systems, released the survey results Feb. 13 at the 2006 Annual HIMSS Conference & Exhibition.

"Although there is still progress to be made on implementing HIPAA privacy, security and transactions standards, we see a fairly high degree of compliance among providers and payers," Darin LeGrange, Phoenix Health Systems president and CEO, says in a statement. "Now the industry is focusing on the original intent of the law, which looked to the long-term benefits that could be achieved through the safe electronic communication of healthcare transactions nationwide."

Many providers indicated that they've begun rolling out ROI initiatives including computerized practitioner order entry, conversion to electronic medical records and direct transactions with payers. The survey also shows that the National Provider Identifier rule is successfully encouraging providers to apply for an NPI; all providers must obtain and use an NPI by May 23, 2007. So far, 39 percent of providers who participated in the survey have applied for an NPI.

Nevertheless, the NPI initiative is still stirring up mixed feelings among the health care industry--while 30 percent of providers and 45 percent of payers said they thought the NPI's benefits would outweigh the negatives, 23 percent of providers and 28 percent of payers disagreed. About one-quarter of each group expressed no opinion.

The survey also reveals payers and providers still find compliance a significant challenge. Although a greater percentage of health care providers is security compliant today compared with six months ago, the number is still only slightly more than half. Plus, the percentage of security compliant payers actually decreased slightly over the past six months.

In addition, about one-fifth of payers and providers are unwilling or unable to implement privacy requirements, the survey shows. The Transactions and Code Sets rule also had compliance inconsistencies. Although 84 percent of providers and 73 percent of payers report they're "ready to conduct" or "capable of conducting" fully compliant electronic transactions, only half as many providers are actually conducting such transactions.
 
"The survey results reflect that providers and payers continue to inconsistently comply with HIPAA rules and regulations, yet on the positive side, that they are starting to look ahead to the real benefits of HIPAA," states Jeff Collman, HIMSS Privacy and Security Steering Committee chair and associate professor at Georgetown University Medical Center. "The beginning of the implementation of ROI and the significant number applying for an NPI are encouraging trends. All of this is good news for the health care field in general and patients specifically."