HIPAA Deadline Fast Approaches: Are You Prepared?

 

The original deadline for compliance with the Administrative Simplification Act transaction and code set requirements was October 16, 2002.  However, in December 2001 the compliance deadline was extended one additional year till October 16, 2003.  In order to qualify for the extension, covered entities must submit a compliance plan by October 15, 2002 that explains how they plan to be in compliance.  The extension does not apply to small health plans whose original deadline is still October 16, 2003. If you do not file for an extension by the due date, you must be compliant with all the requirements of the transaction and code sets.  

 

To obtain further info on the extension, please refer to 45 C.F. R. 160.103 or 162.103 or simply read further in our newsletter. 

 

The compliance plan should state the reason for filling the extension and the expected budget for compliance.  According to DHHS, the HIPAA implementation strategy should consist of three phases: (1) HIPAA Awareness, (2) Operational Assessment, and (3) Development and Testing. 

 

The HIPAA Awareness phase should involve developing programs to educate employees and perhaps business associates regarding the HIPAA standardized transactions and code sets or TCS. 

 

Under the Operational Assessment phase, the covered entity should review all internal processes against the standards.  The assessment could be a gap analysis (see below for a sample Gap Analysis) that can be part of a larger business impact analysis. The next step is to develop a workplan to address gaps.  Do not forget to examine vendor and other relevant business associates compliance.

 

Under the Development and Testing phase, relevant systems may require extensive software development, patches, crosswalk tables, and training programs.  Many vendors are rapidly developing middleware software products to assist healthcare organizations with HIPAA TCS compliance.  The legislation requires that testing begin no later than April 16, 2003.

 
Gap analysis 101

A HIPAA Gap analysis for the Administrative Simplification TCS should include the following steps:

  1. Review and assemble all supporting documentation on standards that you must comply with HIPAA.
  2. Define the scope of the necessary compliance with the HIPAA transactions and code sets.
  3. Assemble the organization policies and procedures manual, EDI manual, claims and managed care contracting manual, or other vendor systems documentation.
  4. Take an inventory of systems affected by the HIPAA changes in functional and data specifications.
  5. Conduct structured interviews with relevant personnel.
  6. Develop a document repository to collect and catalogue results and other findings. There are many off the shelf products intended for this purpose.
  7. Compare current practices against the standard or other desired benchmark to elicit gaps.
  8. Based on a decision process, weight the gaps based on likely risk.
  9. Determine, based on a combination of gaps and weighting, and prioritize fixes.
  10. Examine the costs and labor involved with remediation steps.
  11. Prioritize based on Steps 9 and 10.

 

Project Staffing

Begin by assigning key personnel and at least one project manager to the process.  The project manager should report to senior management and be high enough in the organization to solicit meaningful and candid interaction with all key personnel including senior management.  The person should be familiar with the principles of project management.  The project manager should assemble a task force or committee from each of the affected departments to begin the process. 

 

HealthCIO HIPAA Services

 

HealthCIO can assist covered entities and other healthcare organizations with HIPAA compliance in three areas:

 

  1. Develop awareness and training programs and operational assessments including Gap analyses.
  2. If project managers are lacking for short-term HIPAA related projects, we can supply skilled healthcare project managers for 3-6 month assignments.
  3. HealthCIO will draft the necessary compliance plan for organizations to request the one-year extension.

 

 

Please call HealthCIO (877) 414-5294 toll-free or email to mailto:info@healthcio.com and ask about our HIPAA programs. Member of the New England HIPAA Workgroup, Chair Education Subcommittee and author of the "HIPAA IT Handbook: Strategies to Protect Health Information" published by Opus Communications.

 

 

Please note, the opinions provided in this newsletter represent only the views of the individuals who author the newsletter. HealthCIO Inc newsletters are not actual professional consultations and should not be construed as such.  HealthCIO makes no guarantees or warranties as to accuracy or completeness of or the results to be obtained from accessing and using information published at the HealthCIO.com. HealthCIO shall not be liable to any user of the site or anyone else for any inaccuracy, error or omission, regardless of cause, in the HealthCIO.com website or for any damages resulting therein.

 

 

 (c) Copyright 2002 HealthCIO Inc. All rights reserved. You may forward or reproduce copies of this newsletter with Copyright intact.

 

last update: April 2, 2002