Most senior healthcare managers first heard of the Y2K crisis through the plaintive cries of their information services managers.
By contrast, the impetus for carrying out the provisions of the Health Insurance Portability and Accountability Act of 1996 is likely to come from the top down, according to a poll of healthcare providers, payers, claims clearinghouses and vendors.
Across all healthcare sectors, senior managers are becoming increasingly aware of the stiff challenges inherent in the law's provisions for administrative simplification. At the department-head level, however, knowledge of HIPAA's mandates is not nearly as advanced (See chart).
The survey asked respondents to rate knowledge about HIPAA on a scale of 1 to 5, with 5 being the most-informed. Twenty-six percent of respondents rated senior management a 4 or 5. Only about 15% of those respondents rated department-head knowledge as high.
The online poll, which drew 468 respondents, was conducted by Phoenix Health Systems, a Montgomery Village, Md.-based consulting and outsourcing services firm, through its Web site, HIPAAdvisory.com. Results were published on the site in October.
Compared with a previous survey conducted in June, senior managers have increased their awareness but haven't been able to get the word to the front lines of their organizations.
About 60% of respondents rated the knowledge level of their department heads a 1 or 2 in both the June and October surveys. Among providers, the awareness level at the department level was even worse: 72% reported little or no knowledge of HIPAA among department heads by October.
Meanwhile, only a third of respondent organizations reported such low awareness among senior managers in October, an improvement from 40% in June.
"That's exactly what we expected it to be," says D'Arcy Guerin Gue, senior vice president of Phoenix Health, about the stages of awareness. Someone within an organization may have been the first to "discover" the HIPAA issue, but senior managers are being alerted early because the impact is organizationwide and requires an executive-level strategy from the start, Gue says.
And unlike the Y2K challenge, which involved responding to a technical glitch with organizational consequences, the HIPAA issue involves compliance with a federal law, she adds.
The law's requirements for standard insurance-related transaction sets and uniform medical billing codes were hammered into final form in August and must be implemented by most healthcare organizations by October 2002.
Other final rules covering privacy and security of patient-identifiable information and standard identification numbers for providers, payers and employers are yet to become final. Healthcare-related organizations will have two years to comply with each rule after it's completed.
Once executives are up to speed on the multiple requirements of the law, a task force can be mobilized to educate department heads, bring key middle managers into the project assessment process and mobilize the entire organization, Gue says.
That won't be easy, judging from online comments such as this one: "It's tough to deal with HIPAA when only you and your boss understand it, and everyone else gives you the doe-in-the-headlights look when you mention it."
Another provider says, "We will not be taking a look at the HIPAA regs until 2001. We need to complete other pressing issues this year."
The perception that HIPAA is an issue that can wait is reflected in budgeting for 2001--or rather the lack thereof.
Of 183 hospitals responding to the survey, 99, or 54%, disclosed their HIPAA budgets for 2001. "We have to assume they either don't have budgets or they don't know what (the budgets) are going to be," Gue says. Considering the tight time frame for compliance, that's cause for concern, she says.
Among hospitals with fewer than 400 beds that disclosed their budgets, nearly half indicated they will spend less than $100,000. Another 40% said they would spend between $100,000 and $500,000.
At larger hospitals of at least 400 beds, nearly half have budgeted between $100,000 and $500,000 for 2001, and 14% have set spending levels at more than $1 million.
The rollout of the first final regulations has pumped up the sense of urgency to comply with HIPAA mandates, but providers lag vendors and clearinghouses in feeling that urgency (Oct. 23, p. 4).
Publication of the first rules has affected 38% of vendors "quite a lot" or "greatly," but only 11% of providers reported that level of urgency. Conversely, 50% of providers said they were "a little" or "not at all" affected, while a third of vendors reported the same reaction.