Email:
monthly newsletter on medical billing best practices

Home > Medical Billing Resource Center > Hipaa Implementation

Making HIPAA Happen
by Bill Bysinger, for Healthleaders.com, Oct. 10, 2001

SUMMARY (full story below)

HealthLeaders.com member Bill Bysinger says he's amazed there is still debate in the media and healthcare industry over whether HIPAA will become a reality. He says the answer is not difficult: HIPAA must happen.


FULL STORY

I have been writing about HIPAA for the last five years, and I am amazed at how there is still debate in the media and in the industry around "Will HIPAA become a reality?" The answer is not difficult. Rather than an answer, it is a statement that is a wake up call: "HIPAA must happen."

HIPAA is not about government mandates. It is about industry survival. It is about quality healthcare. It is about the cost effective delivery of care. It is about the migration to eHealth. It is about the responsibility of an industry to comply with standards, deliver better patient information, and be able to measure the effectiveness of the care delivered.

HIPAA success is difficult

We are beyond education on HIPAA. There is more available on the Internet than all the seminars anyone can attend. There are great websites, like www.wedi.org/snip, that provide all the information necessary to understand the rules and implications of HIPAA and are free to use and peruse.

The action plan for HIPAA is about implementation. The first rules, Transaction Sets, have to be in place in October 2002. So what is the hold up?

Project Initiation, Project Sponsorship, Project Launching, Project Team Commitment, and Project Management all contribute to the problem of getting started.

Why is there a problem?

Because HIPAA is about the total enterprise, not just a technology issue like Y2K. HIPAA impacts all of the stakeholders in the continuum of care: payers, providers, employers, patients, vendors, clearinghouses and government.

Information Systems cannot lead a HIPAA initiative to success because the process involves administrative, clinical, inter-operational, and external partner processes. There is more process redirection, modification, and reorientation than there is technology acquisition. There are more business decisions that need to be made over the enterprise and with external partners than there have ever been in healthcare.

HIPAA is about the continuum of care, many times called the "Chain of Trust" in the HIPAA rules. This collaboration between all of those who are part of the care delivery and billing process are the critical elements to making HIPAA happen.

This "Chain of Trust" holds all the responsibility for making sure that the information flows in the standardized formats and that it remains secure and private.

So going back to the basics, these are the success points or the roadblocks to beginning a successful HIPAA implementation:

  • Project Initiation
  • Project Sponsorship
  • Project Launching
  • Project Team Commitment
  • Project Management

First, it appears to be difficult to get a HIPAA project initiated. This seems to be due to no project sponsorship or the organization continuing to take a wait-and-see attitude. The key to moving off dead center on this is to have a senior executive become the evangelist for HIPAA. This evangelist has to be convinced that HIPAA is critical to the organization, imperative for the business, and will create value.

If a sponsor/evangelist is found and the project can be launched, the next obstacle is normally forming the right team and gaining commitment. The team should include the following:

  • A Project Sponsor (must be a sufficiently high level executive - CEO, COO, CFO, chief medical officer, medical director).
  • A Project Manager (best to secure from the outside because the individual will be unbiased and can navigate easier through the multiple players involved)
  • Medical quality and compliance representatives (critical)
  • Staff physician representatives
  • Network physician participation (will help on information exchange)
  • Nurse representative
  • Administrator
  • Representatives from billing, records, information systems, registration/admitting, ancillary services (lab, radiology, pharmacy)
  • Vendors (should be invited to participate - especially billing and medical records vendors)
  • Payers who are interacted with on a regular basis should be included in the billing data/transaction interchange component of the project

The team members must commit to make this a priority for the duration of the project, be available to attend all meetings and be able to deliver on all tasks they are assigned. The sponsor must make sure these commitments are understood and supported by senior management.

Make sure the organization has the HIPAA project identified as strategic and it is launched as the beginning of the eHealth initiatives for the future success of the institution/organization.

Primary keys to a successful HIPAA project

The key to success of this multiple month, probably multiple year project is having the discipline of a project management methodology. The Project Manager should provide this methodology.

During my visits to healthcare organizations over the last 20 years, I have not seen project management or project management methodologies as being the strong suit of the industry. In fact, in most instances, projects are undertaken by individuals or small departmental groups more motivated by time than task management.

HIPAA implementation projects are multi-disciplined and enterprise-oriented, and in most instances they involve outside partners. Therefore, the discipline of a project plan that is diligently managed by a seasoned project manager is what will make the difference in failure or success.

To pick a good Project Manager, the following should be considered:

  • Track record of successful management of enterprise projects
  • A proven methodology for managing the project
  • A process of tracking success and mitigating problems
  • The ability to arbitrate issues and arrive at swift conclusions
  • Clear written and oral communication skills for communicating to senior executives
  • Enterprise project management references

The second component to a successful HIPAA project are the tools that are becoming available in the market. These tools address various aspects of HIPAA implementations, such as:

  • Assessment
  • GAP Analysis
  • Policy and Procedures
  • Project Planning
  • Program Management
  • Compliance beyond HIPAA

Here is a partial list of tools and the companies offering them. Details about each can be found by searching on the Internet either by tool name or company name:

  • CPRI Toolkit by CPRI
  • HealthFlash by HealthFlash
  • HIPAA Basics by Corporate Compliance Services
  • HIPAA Calculator by Privacy Security Services
  • HIPAA Early View by NCHICA
  • HIPAA Monitor by Flextech
  • JAWZ by HIPAA-U
  • Niku HIPAA Solution by Niku Corporation
  • Superior Survey by Superior Consultant
  • PrivaPlan by Timberline Technologies
  • RiskDoctor by Ratheon
  • RiskWatch by Riskwatch
  • APTUS by Compliance Gateway
  • Security Self Eval byAFEHCT

When picking a tool, always consider the following:

  • Does the tool company have an established and ongoing support capability staffed
  • by people who know HIPAA as well as the tool?
  • Does the tool include final rules and updates?
  • Does the tool have an easy-to-use user interface and language?
  • Does the tool provide a breakdown of requirements into components?
  • Does the tool deliver a baseline beginning and library of changes and updates to the baseline?
  • Is the tool too expensive? (Rule of thumb, less than $25,000)
  • Validate the credentials of authors of the tool.
  • Does the tool provide a project plan that imports easily to a project-planning tool like MSProject?

Project Management expertise, methodology, and good tools can make the process of implementing HIPAA successful.

However, they key to making it happen is to begin the process.

HIPAA is not easy, it is not a destination, and it is a journey -one that every healthcare institution and stakeholder must undertake to create the new healthcare environment that finally delivers the promise of quality care for good value. In addition, it creates the secure environment for healthcare information that is critical to the industry's ability to command patient confidence.

The road to HIPAA must be traveled immediately, and the entire industry must be lined up to support the need to make it the launching pad for eHealth.

HIPAA is a means, not the end to healthcare quality and cost effectiveness.

Bill Bysinger, a healthcare entrepreneur, technologist, consultant, and market watcher, has been involved in healthcare for 15 years and in technology for over 30 years. Bill has spent the last eight years heavily involved in administrative and clinical systems for healthcare networks as well as the HIPAA legislative process.

He has visited over 300 healthcare organizations and spoken to thousands of healthcare leaders on a variety of topics from managed care viability to using the Internet to create healthcare value, and he has presented scenarios for the future of healthcare in the 21st century.

Bill sees himself as a frustrated patient and a willing participant in the process of change in the delivery of care. Bill is a consultant to both healthcare technology companies and healthcare organizations. He is on the board of the Workgroup for Electronic Data Interchange in Healthcare, which has been instrumental in working with the Department of Health and Human Services in developing the HIPAA guidelines.

You may contact Bill by phone at (360) 981-0173 or by e-mail at wgbysinger@earthlink.net.




> Return to the Medical Billing Resource Center

 
 
Services | About Us | Case Studies | Medical Billing Resource Center | Contact Us | Links
All Rights Reserved. Copyright © 2004 G&G Advanced Medical Consulting, Inc.