What Should I invest In HIPAA?


Medical Information Regulations Create More Jobs
by John Rossheim
Monster Senior Contributing Writer
Return Main Page

Summary
  • HIPAA regulates privacy, security and exchange of medical info.
  • Compliance systems are expected to cost billions of dollars.
  • Jobs are being created in and outside healthcare organizations.



    Why should job seekers care that after troubled baseball star Darryl Strawberry checked into a New York-area hospital, hundreds of the facility's workers amused themselves by surfing his medical records?

    Because such confidentiality breaches have spawned federal regulations that will force healthcare and allied industries to shore up the privacy and security of medical information on individuals, while streamlining systems for coding and transmitting such records. And this effort -- variously projected to drive $17 billion to $42 billion in spending over five years -- could change your current healthcare job or even create your next career opportunity if you're not a medical professional.

    Organizations Affected by HIPAA
    •  Healthcare plans
    •  Hospitals
    •  Physicians' offices
    •  Billing agencies
    •  Information systems vendors
    •  Health information clearinghouses
    •  Life insurance companies
    •  Public health authorities
    •  Universities
    •  Other employers
    Key Security and Privacy Technologies for HIPAA Implementation
    •  Digital signatures
    •  Disaster recovery
    •  Fax server
    •  Firewalls
    •  Intrusion classification
    •  Intrusion detection
    •  P3P (Platform for Privacy Preferences)
    •  PGP (Pretty Good Privacy)
    •  PKI (Public Key Infrastructure)
    •  Proxy server
    •  Security protocols
    •  Smart cards
    •  VPNs (Virtual Private Networks)
    •  Wireless

    Source: HIPAAdvisory
    		  

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) together with revisions proposed by President George W. Bush's administration set severe civil and criminal penalties for noncompliance. "HIPAA's got a sting to it," says Robert Cimasi, president of Health Capital Consultants in St. Louis. Given that sting and the scope of the changes mandated by HIPAA, thousands of affected organizations are already working hard to comply with the regulations, which are due to take effect in 2003.

    New Opportunities

    The challenge of complying with HIPAA is multifaceted. Healthcare companies need project managers to develop new policies and procedures, and to create "chain of trust" agreements with vendors and other outside organizations to meet emerging standards for privacy, security and electronic interchange of individually identifiable healthcare information.

    Information systems departments must use staff or IT outsourcers to bring infrastructure into compliance, and in some cases purchase and implement new systems. These tasks could require the services of privacy officers, programmers, analysts, quality assurance professionals and so on. "Project directors, quality people and others are seeing a pretty significant increase this year in hiring for HIPAA," says Cimasi.

    In addition, medical and human resource departments must train staff to abide by regulations that are tricky to implement because of the need to balance privacy rights against the timely provision of medical care.

    More Training and Manpower Needed

    For example, pharmacologists who identify a potentially harmful interaction among a patient's prescriptions may not automatically be permitted to tell a prescribing physician about all the medications a patient takes. The additional paperwork and time spent explaining the new privacy rights could create even greater demand for sought-after pharmacologists, according to a report prepared for the US Department of Health and Human Services (HHS).

    Hospital nurses may need to obtain permission before discussing a patient's condition and treatment with friends or even family sitting with the patient. Many will need training to navigate the rocky terrain of confidentiality created by HIPAA.

    To make matters even more complex, the final form of some HIPAA rules is subject to HHS's proposed revisions. "This whole concept has been a game of hurry up and wait," says Jim Passey, director of compliance and risk management at Valley Health System in California. But Passey believes the approaching deadlines make it unwise for healthcare organizations to wait for all aspects of HIPAA to be finalized before launching a compliance program.

    Outsourcing HIPAA Compliance

    Valley, for one, is already working on HIPAA compliance with a vendor of hospital admit-discharge-transfer systems. In this case, the career opportunities are with the vendor. Makers of HIPAA compliance systems and services include Extol International Inc. of Franklin Lakes, New Jersey, Syntel Inc. of Troy, Michigan, Business Applications Outsourcing Technologies of Plainview, New York, and Exstream Solutions Inc. of Cambridge, Massachusetts.

    Some healthcare companies don't expect to devote a lot of spending or people to HIPAA. "We're using all internal people to implement HIPAA," says David Silver, vice president of human resources at Gentiva Health Services Inc. of Melville, New York, one of the largest providers of home healthcare services in the United States. Gentiva has planned no increase in staffing to handle HIPAA, according to Silver.

    But Passey and many others believe that HIPAA compliance will be another project on the scale of Y2K or larger for healthcare organizations over the next few years. If they're right, boning up on HIPAA could improve your career's health.