September 2000

Task Force Structures National Approach to HIPAA Compliance


Standards for electronic transmission of transactions released

With the Department of Health and Human Services’ recent release of standards for the electronic transmission of transactions, code sets and identifiers, mandatory compliance with the electronic data interchange portion of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 is just over two years away. To ensure the most efficient and effective use of resources, Catholic Health Initiatives is developing a national approach to HIPAA compliance. "We have created a National HIPAA Task Force that will structure Catholic Health Initiatives’ approach to compliance," said Kevin Lofton, chief operating officer for Catholic Health Initiatives. The work of the task force, led by Bill Mitchell, MD, vice president of medical informatics for Catholic Health Initiatives, will be supported by a National HIPAA Program Office. "We are extremely fortunate to have someone of Bill’s talent and experience in both clinical and information technology environments to lead this effort," said Lofton. The task force includes representatives from market-based and national operations, including clinical, legal, information technology, finance, corporate compliance, advocacy, medical records, ethics, operations, nursing, communications and risk management. "HIPAA affects all aspects of health care, so our task force represents all aspects of Catholic Health Initiatives," said Mitchell. Simplification is the goal The electronic data interchange portion of HIPAA standardizes transaction code sets to enable easy data exchange between all health care providers. "The idea is to simplify the administration of health care through standardization, thereby reducing costs," said Mitchell. To enable every market-based organization to become compliant with the HIPAA standards, the National HIPAA Task Force will:
  • Educate market-based leaders on HIPAA and the compliance effort.
  • Lead an organization-wide gap analysis to determine where systems are already compliant and where updates in procedures, systems or software may be required.
  • Create remediation strategies and compliance plans.
  • Guide market-based organizations through the implementation of those plans.
Mitchell noted that some aspects of HIPAA are already in place, with other compliance issues to come. "HIPAA’s provisions for eligibility and coverage as well as fraud and abuse are already in effect," he said. "Components yet to come include standards for data security and privacy; national identifiers for providers, employers and individuals; and enforcement standards. There won’t be an ‘end’ to HIPAA compliance — it will be an ongoing project because there will always be opportunities to further simplify the administration of health care." HIPAA compliance handled as a national project At this point, all market-based organizations should have a designated compliance officer to lead HIPAA activities locally and work with the National Program Office. "We strongly recommend that market-based organizations do not engage external consultants to assist in HIPAA compliance efforts," said Mitchell. "We can accomplish this work much more efficiently and effectively as a national project. We would essentially have to undo any work that local consultants did in order to accomplish an organization-wide approach. Later on, the National HIPAA Task Force may engage consultants to tactically assist us with remediation strategies."The National HIPAA Program Office, under the supervision of Mitchell and Tracy Thomas, the new HIPAA project director for Catholic Health Initiatives, will establish regular communications with market-based HIPAA leaders as each step of the compliance process unfolds.