More than half the hospital executives polled in a recent survey said they have an active project under way to tackle compliance with data-management mandates in the Health Insurance Portability and Accountability Act of 1996.
Another third of the survey respondents have budgeted some money for the task of developing a response to regulations implementing the law, which either have been or are being completed by HHS. About one in 10, however, has no current plans to begin implementing HIPAA mandates (See chart).
The survey of 53 senior executives, released late last month, was conducted by Atlanta-based Porter and Associates, a business-to-business market research organization, for First Consulting Group, a Long Beach, Calif.-based healthcare information services consulting firm.
Of those who have an active project under way, several said in written comments that their initiatives started back in 1998.
"We have been tracking HIPAA in accordance with evolving standards for the past two years," said one respondent. Identities of respondents were not disclosed to the press. "From an organizational perspective, there is an enormous amount of internal resources dedicated to HIPAA, and we have a third-party consultant who is an expert on HIPAA regulations to help us with our oversight," the respondent added.
Another respondent wrote, "We have had a HIPAA task force organized for two years; it is multidisciplinary. HIPAA is being treated as both a process and an (information technology) opportunity. The business units own the process, and the IT department owns the security, confidentiality, authorizations -- those kinds of key topics -- as well as EDI (electronic data interchange)."
EDI is a component of healthcare e-commerce as well as a key focus of the HIPAA provisions on administrative simplification. Those two areas of information technology surfaced as the top two priorities for the surveyed organizations during the next 12 to 18 months.
Fully half said e-commerce and e-health were a top priority, while 45% cited HIPAA as a top-three concern. Another 36% said they were focused on improving return on investment in their IT operations.
Those concerns supplanted others in importance: Computer-based patients were a top priority for only 25%, while patient safety and error reduction were mentioned by 11% of respondents. A mere 2% saw outsourcing part or all of IT as a priority.
Respondents were asked to select three from the list of seven priorities.