Presentation is loading. Please wait.

Presentation is loading. Please wait.

Countdown to Compliance

Published by钗 葛 Modified over 5 years ago

Similar presentations

Presentation on theme: "Countdown to Compliance"— Presentation transcript:

1 Countdown to Compliance
For HIPAA Results of the Winter Industry HIPAA Survey conducted by HIMSS and Phoenix Health Systems Tom Grove, Vice President

2 17th! Healthcare Industry Quarterly HIPAA Survey
Conducted in collaboration by Phoenix Health Systems and HIMSS Participants completed online survey during early January 2004, at website HIPAAdvisory.com Expanded coverage of transactions readiness Respondents completed survey anonymously

3 Who Participated? 631 industry representatives across the nation responded Providers - 70% of total respondents: Hospitals represented 51% of the total Remainder were physician practices and other providers 30% of respondents were payers and vendors, and a few clearinghouses

4 Who Participated? Almost 90% of respondents
have an official role in HIPAA at the organization 52% CIOs or senior department managers 28% specific role in compliance or security

5 Transactions and Code Sets: Key findings
Less than one-half of respondents are ready to conduct all HIPAA standard transactions Only 50% have completed external testing Eighty-five percent of Payers continued to accept non-compliant transactions into January 34% will stay on this course for at least three more months 34% until the Centers for Medicare and Medicaid Services (CMS) ends its Contingency Plan

6 Ready for All Transactions
Ready Now Within 3 Months Do Not Know Providers 45% (up from 18%) 18% 21% Payers 56% (up from 53%) 17% 10% Vendors 40% (down from 47%) 16% 12% Clearinghouses (4 responses) 50% 0% Balance reported 3-10 Months

7 Focused Efforts Transaction Provider Payer 837 78% 85% 835 68% 82%
276/277 41% 72% 270/271 63% 834 19% 55% 820 8% 38% None 2% 0%

8 Obstacles: We have met the enemy, and the enemy is us
Providers 1. Payers are not ready to accept standard Transactions 2. Payers are not ready for testing 3. Cannot get needed information from Vendors, Payers, Clearinghouses Payers 1. Providers are not ready for testing 2. Providers have not captured the data required for standard Transactions 3. Cannot get needed information from Vendors, Providers, Clearinghouses

9 Obstacles: We have met the enemy, and the enemy is us
Clearinghouses 1. Payers are not ready for testing 2. Payers are not ready to accept/transmit standard Transactions 3. Providers have not captured the data required for the standard Transactions Vendors 1. Ambiguities exist in Implementation Guide specifications

10 Contingency Plans Over half of Providers and one-third of Payers felt that CMS should maintain its Contingency Plan for up to 90 days 32% of Providers and 50% of Payers want it extended up to six months or longer

11 Contingency Plans What’s Plan C?
Providers 1. Direct Data Entry and/or Paper 2. Clearinghouse Payers 1. Accept paper processing 2. Continue to accept non-compliant transactions Vendors 1. Advise Providers to use a compliant Clearinghouse Clearinghouses 1. Use compliant clearinghouse

12 Interesting Comments Provider: “Clearinghouses and Payers were not ready – and some still are not.” Provider: “Various of our Payers tell us that they are ready, however they provided the wrong PIN, lost our Trading Partner Agreements, fail to return phone calls, lost our test files….” Payer: “We are currently capable of accepting and sending compliant transactions. We are awaiting our Provider/Clearinghouses to be ready.” Payer: “…We are only able to accept the 837 transaction from our largest Providers. The smaller ones … are too small for the Clearinghouse to have reached them on their testing schedule.

13 Interesting Comments Clearinghouse: “Our challenges lie in our trading partners’ misinterpretation of the Implementation Guides, reduced or non-existent claim-level acknowledgement responses, and their general issues associated with implementing a new X12 system.” Clearinghouse: “Inconsistent interpretation of the implementation guides by the Payers, [is] causing more Payer-specific customization in all translator programs than anticipated.”

14 Privacy Progress

15 Privacy: Key findings Twenty percent of Providers and 14% of Payers reported that they remain non-compliant with the Privacy Rule, nine months after its effective date. Even among “compliant” organizations, compliance gaps remain in such areas as establishing Business Associate Agreements and monitoring internal Privacy compliance. An average of 56% of Provider and Payer respondents reported that their organizations had experienced one or more privacy breaches since April 2003.

16 Detailed Spot Check of “Privacy-Compliant” Organizations
Privacy “Spot-Check” Detailed Spot Check of “Privacy-Compliant” Organizations Areas of Privacy Compliance Providers Payers Obtain Patient Authorizations for use and disclosure of PHI 99% 97% Enable mandated patients’ rights (review, amend, restrict records) Post and distribute Notice of Privacy Practices 98% 93% Obtain acknowledgement of receipt of Notice of Privacy Practices N/A Provide ongoing Privacy training 95% 100% Use “Minimum Necessary” Restrictions 94% Document Privacy policies and practices Maintain Accounting of Disclosures 96% Implement security protections as required under the Privacy Rule 89% Provide overall workforce Privacy training updates 85% Monitor organizational compliance with Privacy regulations 76% 87% Have obtained all required Business Associate Agreements 73%

17 Privacy Breaches are Happening

18 Formal Complaints (HIPAA and Civil action)

19 Security: Key Findings
Initiatives for Security Rule compliance are moving slowly – over half of Providers and Payers reported they will not be fully compliant until 2005. An average of 24% of Providers, Payers and Clearinghouses reported that their organizations had experienced one or more data security breaches from October to December 2003.

20 Security Progress

21 Data Security Breeches
24% of respondents reported that their organizations had experienced one or more data security breaches from October to December 2003 The vast majority reported experiencing no breaches at all Possible biases: Desire not to report, breeches unknown to the reporter, or breeches unknown to the organization

22 Consultant Support 49% of participants reported using outside consultants: Payers and large hospitals are most likely to engage outside assistance Most contracted for HIPAA Assessment and Implementation Planning and/or Implementation Support Security Risk Analysis also popular Survey results for Winter 2003 showed that 42% of respondents across the industry are currently using outside consultants to support HIPAA initiatives. (similar to last survey) The biggest users of consultants are larger hospitals (50%) and Payers (61%). Respondents indicated that the majority of consulting support is being used for awareness, assessment and project planning (60%). Utilization of consultants for implementation efforts has slightly increased since Fall 2002 from 16% of respondents to 18%. Nineteen percent of consulting support is focused on training and other HIPAA-related objectives.

23 HIPAA Budget Highlights
Across the industry, HIPAA budgets for 2004 are lower than for 2003 Payers showed the most dramatic drop as they wind up transactions spending Payers and Clearinghouses should need to spend comparatively less on security compliance Hospital budgets for HIPAA compliance in 2003 are generally higher than 2002 HIPAA budgets. Hospitals with less than 100 Beds: 39% will spend less than $30K in 2003, just over 20% will spend between $30K and $50K, about 19% between $50K and $100K, and 12% between $100K and $250K. Hospitals with 100 to 400 Beds: 25% will spend less than $50K, 38% between $50K and $100K, 22% between $100K and $200K, 9% between $200K and $500K, and 7% over $500K. Hospitals with 400 or More Beds: 10% have budgeted between $30K and $50K, 8% between $50K and $100K, 23% between $100K and $200K, 25% between $200K and $500K, 17% between $500K and $1 million, 11% between $1 million and $2 million, and 5% $2 million+. Payer budgets for 2003 are somewhat higher, and 2003 Vendor budgets are significantly higher than 2002 budgets. A graphical comparison of hospital, Payer and Vendor HIPAA budgets, by year, is offered below.

24 Summary The main focus is on Transactions compliance, with Security compliance a secondary priority Privacy compliance is better, but still not complete A significant number of those reporting complete still have issues Complaints are a real force All parts of the industry have transactions barriers, and each believes the other parts are major barriers Security compliance is a year off for many Spending on HIPAA is dropping CONCLUSIONS: The Winter 2003 HIPAA Compliance Survey Results suggest that on-time healthcare industry readiness for HIPAA compliance remains a serious concern. While 75% of Provider respondents (17% of which represent small physician practices), and 30% of Payers, Clearinghouses and Vendors reported that they will be ready for the Privacy deadline, only 9% of Providers and 5% of Payers have actually completed Privacy remediation. Even though 90% of respondents have applied for the extension of the Transaction and Code Sets deadline, only 37% expect to be ready for testing at the expected check point in April 2003. Compliance with the Security Rule remains an additional concern with 60% of respondents still doing gap and risk analyses, suggesting that the majority are waiting for the final rule. Clearly, much remains to be done.

25 Complete Survey Results
Survey information is be published at -- compare results with previous surveys! Identify where they can pick up full survey

26 Questions About Survey
For further information about the Quarterly Industry HIPAA Surveys, contact: Phoenix Health Systems 9200 Wightman Road, Suite 400 Montgomery Village, MD 20886 / Fax:

Download ppt "Countdown to Compliance"

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Centers for Medicare and Medicaid Services Administrative Simplification Compliance Act (ASCA) and CMS Readiness Karen Trudel.

Centers for Medicare and Medicaid Services Administrative Simplification Compliance Act (ASCA) and CMS Readiness Karen Trudel.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Presents: Weekly HIPAA Teleconference Revised 10-16-02.

Presents: Weekly HIPAA Teleconference Revised
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Building a Medical Records Compliance Program for Your Office: Charles B. Brownlow, OD, FAAO December 17, 2012.

Building a Medical Records Compliance Program for Your Office: Charles B. Brownlow, OD, FAAO December 17, 2012.
Segment Five: Provider Communication Idaho ICD-10 Site Visit Training segments to assist the State of Idaho with the ICD-10 Implementation January 26-27,

Segment Five: Provider Communication Idaho ICD-10 Site Visit Training segments to assist the State of Idaho with the ICD-10 Implementation January 26-27,
1 healthcare IT solutions Copyright Phoenix Health Systems, Inc. 2004. All rights reserved. Countdown to Compliance For HIPAA Results of the Winter 2004.

1 healthcare IT solutions Copyright Phoenix Health Systems, Inc All rights reserved. Countdown to Compliance For HIPAA Results of the Winter 2004.
WHAT'S AHEAD? Kathy Whitmire Dale Gibson February 15, 2011 HIPAA 5010, ICD-10, ACO's, VBP, HIGLAS, PECOS.

WHAT'S AHEAD? Kathy Whitmire Dale Gibson February 15, 2011 HIPAA 5010, ICD-10, ACO's, VBP, HIGLAS, PECOS.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Similar presentations

Ads by Google