Exclusive Reports
From the January 5, 2001 print edition
Net privacy standards will cost
health-care industry plenty
Troy May
Lifeguard, a San Jose-based HMO, installed technology on its newly launched Web site
last month to ensure that patient medical records are kept confidential when claims
are filed electronically.
But Lifeguard may have to do some costly surgery on the system now that new federal
privacy regulations have been released.
Keeping such information private has become a political and technological issue as the
health-care industry moves toward a paperless system, with more people filing claims
over the Internet. To ensure that such information remains confidential, the federal
government has set national standards for all organizations that exchange personal
medical information over the Internet.
Meanwhile, the industry has chosen not to wait, putting systems in place for online
claims filing.
The industry now has about two years to upgrade its computer systems to conform to
the new federal standards. The cost will be some $1 billion, according to government
estimates.
Lifeguard and others could move ahead because in August the federal government
released format standards. But privacy is a different issue that's expected to evolve
during the next few years.
"For the last 10 years, we wanted to do this," says Holly McCann, vice president and
chief legal officer at Lifeguard. "But this process has been slow because everyone used
a different format."
To solve the problem of every health-care organization using a different electronic
format to exchange medical information, the industry asked Congress to create a
standard format. The result was the Health Insurance Portability and Accountability
Act of 1996.
HIPAA also required health-care organizations to install technology ensuring that all
medical information sent electronically will be kept confidential.
The U.S. Department of Health and Human Services released privacy regulations in
December. Within two years the regs must be implemented by any organization that
transfers patient medical information electronically.
"Until those final regulations come out, we don't know what we are dealing with,"
says Dan Rode, vice president of policy and government relations at the American
Health Information Management Association in Chicago.
As the Internet replaces the old system of mailing in claims, it creates administrative
efficiencies. But it also creates opportunities for high-tech thieves.
Still, the Net is expected to be the primary means of sending medical information
among health-care providers, governments and managed-care plans.
In 1998, about 62 percent of medical information was transmitted electronically, up
from 47 percent in 1996, according to the federal government.
The U.S. Office of Management and Budget estimates it would cost the health-care
industry about $3.8 billion over five years once regulations for meeting the proposed
privacy standards are issued. What drives up the cost is the technology, combined with
hiring experts to maintain the evolving systems.
This year alone, Lifeguard installed a $28 million system to allow medical providers to
submit claims over the Internet.
"It's costing a lot of money in the short term, but over time it should save us money,"
Ms. McCann says.
Dr. Larry Bonham, CEO of Santa Clara County IPA, says HIPAA privacy regulations
could add at least 5 percent to the administrative cost of health care.
The IPA had to purchase new equipment and software, and hire experts to oversee the
revamping of its computer system.
Lifeguard still has a lot of work to do on privacy, says Ms. McCann. That includes
detailed administrative work such as reviewing all contracts with providers to make
sure privacy standards are included.
Mike Reandeau, chief information officer for Lifeguard, says health-care companies
likely will use some form of biometrics -- such as fingerprint or retinal scans -- to
identify computer users.
bizjournals.com
steve |
