Federal clock ticks down on deadline for implementing HIPAA

Article

The race to implement patient privacy requirements mandated by Congress has only just begun, yet time is already running out. Healthcare institutions have less than two years to get their programs running, but many have barely begun the complex and

The race to implement patient privacy requirements mandated by Congress has only just begun, yet time is already running out. Healthcare institutions have less than two years to get their programs running, but many have barely begun the complex and expensive process, said an industry executive speaking at the annual meeting of the Society for Computer Applications in Radiology in Salt Lake City.

Institutions have been stuck in administrative fibrillation due largely to the change in political administrations, according to Mark Hunter, general manager of WamNet. The implementation of regulations developed under the Clinton administration to protect patient privacy came into question when the pro-business Bush administration failed to embrace them immediately. Pundits wondered whether the privacy regulations associated with the Health Insurance Portability and Accountability Act would ever take effect. That uncertainty vanished, however, when the Bush administration set April 14, 2003, as the effective date for HIPAA requirements.

Of the four areas covered by HIPAA, patient data security has been the most controversial. Some providers have argued that these regulations, if fully incorporated, will impair patient care by hindering routine but critical data transactions. Similarly threatening has been the cost associated with their implementation. Estimates range from a low of $3.8 billion, as determined by the Department of Health and Human Services, which enforces the act, to as much as $40 billion by some in the private sector, Hunter said.

“This is Y2K plus, plus, plus,” he said. “The impact of HIPAA is much broader because it affects how people act in an analog

environment.”

Protecting against the illegitimate use of patient data may require fundamental changes not only in common practices but in everyday attitudes. Privacy and security provisions, for example, might require that people viewing electronic medical records refrain from doing so in a setting where an unauthorized person might gain access by looking over the viewer’s shoulder.

The root of any plan to incorporate HIPAA privacy provisions will be education, Hunter said. This must be followed immediately by detailed assessments, implementation stages, and an audit to make sure the integrated process works.

The good news is that as many as 75% of healthcare providers may at least be aware of the law, if not of the detailed requirements, according to a survey quoted by Hunter. This survey also showed that 80% of hospitals plan to assess their HIPAA needs within the next six months. The bad news is that not all institutions are ready to bear the costs. Smaller institutions are particularly vulnerable.

The survey quoted by Hunter noted that 55% of hospitals with 400 or fewer beds had budgeted $100,000 or less for HIPAA compliance. Larger hospitals showed a stronger commitment, but not much. Some 28% had budgeted $100,000 or less, according to Hunter.

“One hundred thousand dollars won’t get you off the ground,” he said.

An effective implementation plan will require resources, support at the top, a clear plan, and time.

“Eighteen to 24 months is a good solid schedule, but in many cases it will take a lot longer,” he said.

With just 23 months left, the healthcare industry would appear to be running out of its most precious resource-time.

Recent Videos
Study: MRI-Based AI Enhances Detection of Seminal Vesicle Invasion in Prostate Cancer
What New Research Reveals About the Impact of AI and DBT Screening: An Interview with Manisha Bahl, MD
Can AI Assessment of Longitudinal MRI Scans Improve Prediction for Pediatric Glioma Recurrence?
A Closer Look at MRI-Guided Adaptive Radiotherapy for Monitoring and Treating Glioblastomas
Incorporating CT Colonography into Radiology Practice
What New Research Reveals About Computed Tomography and Radiation-Induced Cancer Risk
What New Interventional Radiology Research Reveals About Treatment for Breast Cancer Liver Metastases
New Mammography Studies Assess Image-Based AI Risk Models and Breast Arterial Calcification Detection
Can Deep Learning Provide a CT-Less Alternative for Attenuation Compensation with SPECT MPI?
Employing AI in Detecting Subdural Hematomas on Head CTs: An Interview with Jeremy Heit, MD, PhD
Related Content
© 2025 MJH Life Sciences

All rights reserved.