Most of that whopping number represents annual time consumption. The exception is for roughly 619,000 hours of “new burdens associated with the final rule” issued by HHS this January to reflect the amendments to the two acts in the American Recovery and Reinvestment Act of 2009.
These numbers of truly historic proportions are contained in a notice from the HHS Office for Civil Rights and published in the Federal Register. The civil rights office is the chief federal enforcement agency for the HIPAA privacy and security rules.
The biggest new time sink under changes to the rules wrought by the ARRA are the estimated 350,000 hours it will take 300,000 organizations to comply with the requirement for “Documentation of Security Rule Policies and Procedures and Administrative Safeguards” for business associates of HIPAA covered entities, according to the OCR notice.
But many centuries of time—nearly 35 centuries, in fact, or just short of 30.7 million hours—will be devoted each year by healthcare providers and patients for the dissemination to patients and their acknowledgement of HIPAA notices of privacy practices for protected healthcare information, HHS estimates. Even at just 3 minutes apiece, with 613 million of these routine privacy notices to be delivered, signed and stored, the time adds up.
The estimates in the notice were submitted to the Office of Management and Budget for its review and approval in compliance with the Paperwork Reduction Act of 1995.
Follow Joseph Conn on Twitter: @MHJConn