HIPAA:
Final Enforcement Rule Nails Violators With Costly Penalties
Published on Thu Feb 02, 2006
Privacy, security and EHR compliance are still problems, survey reveals.
A final rule, plus revealing survey results, reflects that the Health Insurance Portability & Accountability Act is on the move.
The Department of Health and Human Services issued a final rule Feb. 10 that extends key enforcement provisions in HIPAA to the administrative simplification regulation. The final rule made its debut in the Feb. 16 Federal Register.
The final rule regulates the enforcement process from beginning to end. Enforcement issues that begin as complaints and compliance reviews may conclude in either an informal resolution, a no-violation finding or a violation finding. Upon a violation finding, HHS will seek a civil money penalty based on the number of violations. Such penalties are subject to challenge through a formal hearing and appellate review process. Whereas the proposed rule based the number of violations on a list of "variables," the final rule "clarifies that the method for determining the number of such violations is grounded in the substantive requirements or prohibition violated." The final rule goes into effect March 16.
HIPAA Survey Suggests Shift Toward Long-Term Benefits
HIPAA's focus is evolving from patient privacy and security to the achievement of long-term benefits, such as lower health care costs, medical errors reductions and the development of wide-area health care information networks, according to the most recent U.S. Healthcare Industry HIPAA Survey. The survey's sponsors, the Healthcare Information and Management Systems Society and Phoenix Health Systems, released the survey results Feb. 13 at the 2006 Annual HIMSS Conference & Exhibition.
"Although there is still progress to be made on implementing HIPAA privacy, security and transactions standards, we see a fairly high degree of compliance among providers and payers," Darin LeGrange, Phoenix Health Systems president and CEO, says in a statement. "Now the industry is focusing on the original intent of the law, which looked to the long-term benefits that could be achieved through the safe electronic communication of healthcare transactions nationwide."
Many providers indicated that they've begun rolling out ROI initiatives including computerized practitioner order entry, conversion to electronic medical records and direct transactions with payers. The survey also shows that the National Provider Identifier rule is successfully encouraging providers to apply for an NPI; all providers must obtain and use an NPI by May 23, 2007. So far, 39 percent of providers who participated in the survey have applied for an NPI.
Nevertheless, the NPI initiative is still stirring up mixed feelings among the health care industry--while 30 percent of providers and 45 percent of payers said they thought the NPI's benefits would outweigh the negatives, 23 percent of providers and 28 percent of payers disagreed. About one-quarter of each group expressed no opinion.
The survey also reveals payers and providers still find [...]
