HOME HELP FEEDBACK SUBSCRIPTIONS ARCHIVE SEARCH TABLE OF CONTENTS		QUICK SEARCH:   [advanced] Author: Keyword(s): Year:  Vol:  Page:

This Article Abstract Figures Only Full Text (PDF) Submit a response Purchase Article View Shopping Cart Alert me when this article is cited Alert me when eLetters are posted Alert me if a correction is posted Services Similar articles in this journal Similar articles in PubMed Alert me to new issues of the journal Download to citation manager Citing Articles Citing Articles via ISI Web of Science (3) Citing Articles via Google Scholar Google Scholar Articles by Turner, S. Articles by Foong, S. Search for Related Content PubMed PubMed Citation Articles by Turner, S. Articles by Foong, S.

Shiloh Turner, MPA and Serena Foong, MPH

Shiloh Turner is with Health Data Improvement, The Health Foundation of Greater Cincinnati, Cincinnati, Ohio. Serena Foong is with Healthcare Consulting Practice, PricewaterhouseCoopers, Los Angeles, Calif.

Correspondence: Requests for reprints should be sent to Shiloh Turner, MPA, Health Data Improvement, The Health Foundation of Greater Cincinnati, 3805 Edwards Rd, Suite 500, Cincinnati, OH 45209-1948 (e-mail: sturner{at}healthfoundation.org).

	ABSTRACT

TOP ABSTRACT INTRODUCTION THE COLLABORATIVE EDUCATION AND... LESSONS LEARNED AND KEY... NEXT STEPS HIGHLIGHTS Resources References

 

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has a profound impact on safety net providers. To help agencies afford expert consultation and provide the opportunity for collaboration, a regional health foundation has created the first model in the nation to bring together safety net providers to work toward implementation of the HIPAA.

	INTRODUCTION

TOP ABSTRACT INTRODUCTION THE COLLABORATIVE EDUCATION AND... LESSONS LEARNED AND KEY... NEXT STEPS HIGHLIGHTS Resources References

 
THE HEALTH INSURANCE Portability and Accountability Act of 1996 (HIPAA) is the most sweeping federal legislation to affect health care since the creation of Medicare in 1965. Title II, Subtitle F—Administrative Simplification—strives to improve efficiency in health care delivery through standardized electronic data interchange and to protect the confidentiality and security of health information through enforceable standards.¹

The Administrative Simplification provision of the HIPAA comprises 4 main components, each with its own rules, standards, and implementation dates: (1) transactions and code sets, (2) privacy, (3) security, and (4) unique identifiers.

The health care industry is working hard to meet implementation dates for the transaction and code set regulations (which, given the proper extension filing, will be October 16, 2003) and for the privacy regulations (April 14, 2003). The final security rule was published on February 20, 2003, with a compliance date of April 21, 2005. Even before its publication in final form, health plans, clearinghouses, and certain providers were preparing for security rules based on the proposed regulations. The only unique identifier rule that is in final form is the employer identifier rule, which was published on May 30, 2002, with an implementation date of July 30, 2004.²

View larger version (16K): [in this window] [in a new window]   Figure 1—— Estimated cost savings of a collaborative regional approach toward implementing the Health Insurance Portability and Accountability Act of 1996.

The Department of Health and Human Services (DHHS) estimates that implementation of the transactions and code set rules will save the industry $29.9 billion over 10 years, while the privacy rule is estimated to produce net costs of $17.6 billion over 10 years.³ The DHHS therefore expects the administrative simplification standards to generate a net savings to the health care industry.

While the rules and regulations are mandated by the DHHS, no funding is provided to help organizations to come into compliance. Safety net providers, who are struggling on a daily basis to provide care to the community, are especially hard hit. They are unable to afford individual consultation to help their organizations with the compliance process.

	THE COLLABORATIVE EDUCATION AND ASSESSMENT PROCESS

TOP ABSTRACT INTRODUCTION THE COLLABORATIVE EDUCATION AND... LESSONS LEARNED AND KEY... NEXT STEPS HIGHLIGHTS Resources References

 
Recognizing the problem, the Health Foundation of Greater Cincinnati, a regional foundation that awards grants to community health organizations, developed a collaborative work group to assist local safety net providers with the HIPAA readiness process. Because all of the safety net organizations were constrained by limited staff and financial resources, the foundation decided that working toward HIPAA implementation as a region offered the best chances of success.

This effort began in May 2001 with the convening of the safety net provider leadership of the foundation’s 20-county service area, which is in southwest Ohio, southeast Indiana, and northern Kentucky. The 28 participating organizations included federally qualified health centers, local public health departments, providers of mental health and substance abuse treatment, and mental health boards. In the participants’ evaluation of the regional approach, 4 key benefits were identified: financial savings, shared discussions, focused time, and a structured process.

The Health Foundation released an invitation for work in October 2001, which requested assistance in assessing 2 final regulations: privacy and transactions and code sets. A provider review panel evaluated several responses and selected a consulting firm, which proposed a hands-on collaborative approach to guide the organizations through the education and assessment process.

Organizations agreed to pay a sliding scale participation fee based on the number of their employees: $400 for 1 to 20 employees, $800 for 21 to 50 employees, and $1200 for over 50 employees. Most of the consulting expenditures were paid through an operating program of the Health Foundation of Greater Cincinnati.

On the basis of the consultants’ estimates, obtaining individual consultants for the 28 organizations would have cost the region an estimated $800 000. The collaborative education and assessment process resulted in savings of nearly $500 000.

Kickoff Meeting
A meeting held in January 2002 introduced the 10-week collaborative assessment process. The 28 safety net organizations signed a memorandum of agreement, which stated that they understood all time commitments and expectations.

Education Session
The 1-day education session began with an overview of the HIPAA. Participants then broke up into smaller groups for detailed discussion of the privacy rule and its implications for safety net providers. The entire group reconvened for the transactions and code sets session. HIPAA content was reinforced with activities and games. This session established a knowledge base, which allowed each participant to begin an organizational assessment.

Participants received assessment document templates and QuickStart Guides (a set of plain-language explanations) to the privacy and transactions and code sets.

Gap Analysis
The gap analysis (an assessment of an organization’s policies and procedures compared with HIPAA’s administrative simplification rules) was divided into 2 sessions. The first session educated each organization about the HIPAA self-assessment process and introduced each assessment tool. These tools assisted with the documentation of current operations as it relates to HIPAA compliance. The second session provided a forum to discuss and review participant input.

Participants received a privacy tool, a business associate tool, a transactions tool, and a code sets tool. All of these tools are available on the Health Foundation’s Web site, http://www.healthfoundation.org (search under "HIPAA").

Individual Sessions
The individual sessions, which took place over a 2-week period, provided individual advisory services to each organization. The participants discussed their progress and gained a clearer understanding of organizationspecific issues related to the HIPAA assessment and tools.

Participants received individual consultation advice and discussion, clear explanations of organization-specific issues, and guidance for the completion of assessment tools.

Checkpoint 1: Project Definitions
Participants came together to review individually identified gaps as well as "common gaps"—those identified by many of the participants. This process identified opportunities for organizations to collaborate in the areas where similar HIPAA compliance issues exist. Organizations were presented with an initial template of compliance projects. Participants then added customized projects to the list. The teams then began developing specific tasks for each project.

Each participating organization received a list of the common gaps. This list was then developed into specific workshops to further address each common topic.

Checkpoint 2: Cost Model
During this half-day session, participants were introduced to a cost model that allowed organizations to develop a high-level resource estimate and begin planning their implementations. Organizations reviewed their project definitions, sequenced their major projects, and estimated the human and miscellaneous resources that would be required for implementation. They continued to identify similarities in projects and areas for collaboration.

Participants received a cost model tool and a project sequencing tool. (The Utah Health Information Network has created an additional cost model resource that is available at http://www.uhin.com.)

Checkpoint 3: Implementation Plan
The final checkpoint was a 6-hour working session to develop the first draft of an implementation plan. It focused on identifying initiatives, projects, task responsibility, and completion time frames. The teams also discussed implementation "keys to success" that were learned from this process and the potential for shared projects.

Participants received an implementation plan draft, a collaborative project listing, and a commitment statement.

	LESSONS LEARNED AND KEY SUCCESS FACTORS

TOP ABSTRACT INTRODUCTION THE COLLABORATIVE EDUCATION AND... LESSONS LEARNED AND KEY... NEXT STEPS HIGHLIGHTS Resources References

 
Throughout the process, the regional work group identified elements leading to success, as well as where improvements could be made to benefit others using the process. They included the following:

• A collaborative community effort. If participants are not willing to share their information, or to share possible solutions as they are developed, a regional work group approach has little value.
  
• A documented, organized effort. This helps move the group along at a reasonable pace and also allows all parties to have the same understanding of time and resource expectations. For this process, a detailed memorandum of agreement was created and signed by participants.
  
• A convener. This role is essential, as the convener provides the ongoing structure to the process. Tasks include providing meeting space, material production, and communication; serving as a community leader to spearhead the collaborative effort; and identifying and contracting all expert advisory services. In the case described here, the convener also provided funding for the effort.
  
• Knowledgeable advisory services. When choosing experts, one should consider not just their knowledge of the HIPAA but also their ability to work with safety net providers and their awareness of additional legislation (both federal and state) that may contradict or supersede HIPAA legislation.
  
• Leadership support from within each organization. Leaders of participating organizations need to understand that HIPAA compliance is not simple. Implementation is not a one-person job, and while there is a deadline for compliance, the rules are evolving—therefore responses will also evolve.
  
• Multiple, consistent representatives from each organization. Continuity in the regional HIPAA process is essential to its success.
  
• An accelerated gap analysis. Through this group’s hard work, other groups can now share in their learning by streamlining their gap analysis sessions. While there were template projects that served as a foundation, this group devoted much time to tailoring the projects to their specific needs as a diverse community of safety net providers and boards. Other groups who have not begun the HIPAA assessment process, those who are just beginning, and those who have reached a roadblock in advancing their HIPAA initiatives can take advantage of this work and shorten the time from the beginning of the process to implementation.
  

	NEXT STEPS

TOP ABSTRACT INTRODUCTION THE COLLABORATIVE EDUCATION AND... LESSONS LEARNED AND KEY... NEXT STEPS HIGHLIGHTS Resources References

 
With the support of each other and of external advisory services, these safety net organizations continue to press forward with HIPAA implementation efforts. Monthly workshops tackle shared projects, which include the following: HIPAA training, individual authorization development, notice of privacy practices development, accounting of disclosures development, business associate policy and procedure development and contract development, provider communication/patient communication, code set implementation and systems preparation, and state regulatory guidance for preemption issues.

In terms of the security regulations, the group described in this report does not plan extensive regional efforts for assessment and implementation, as most of these issues will be specific to the particular organizations. The main collaborative effort in this area will be to develop appropriate policies and procedures and to ensure that they are adequately integrated with privacy policies and procedures.

As part of the region’s commitment to ongoing collaboration, safety net providers are considering various shared service arrangements, including billing, and a shared HIPAA compliance officer. The organizations understand that noncompliance with the HIPAA, in addition to subjecting them to civil and criminal penalties, could also jeopardize continued grant funding and revenue.

The Health Foundation’s regional collaborative effort has enabled safety net organizations to effectively work toward implementing the HIPAA. Others across the country are encouraged to use this model to help them accelerate their implementation.

	HIGHLIGHTS

TOP ABSTRACT INTRODUCTION THE COLLABORATIVE EDUCATION AND... LESSONS LEARNED AND KEY... NEXT STEPS HIGHLIGHTS Resources References

 

• By working collaboratively, the agencies saved almost $500 000 in potential consulting costs.
  
• Participants evaluated the process very favorably and were enthusiastic throughout the process.
  
• The group decided to continue meeting regularly to share ideas and work together on implementation projects.
  

	Resources

TOP ABSTRACT INTRODUCTION THE COLLABORATIVE EDUCATION AND... LESSONS LEARNED AND KEY... NEXT STEPS HIGHLIGHTS Resources References

 

1. The Health Foundation of Greater Cincinnati Web site. Available at: http://www.healthfoundation.org. Accessed April 7, 2003.
   
2. Healthcare Consulting Practice page. PricewaterhouseCoopers Web site. Available at: http://www.pwcglobal.com/healthcare. Accessed April 7, 2003.
   

	Acknowledgments

 
We acknowledge the support of the following people in writing this article: Jeffrey Fusile, partner, Health Consulting Practice, PricewaterhouseCoopers; Todd Hall, director, Healthcare Marketing, PricewaterhouseCoopers; Ann McCracken, director of evaluation, The Health Foundation of Greater Cincinnati; Randy Notes, Endeavor Health Group; Pat O’Connor, vice president, The Health Foundation of Greater Cincinnati; and Karen Rogers, communications specialist, The Health Foundation of Greater Cincinnati.

	Footnotes

 
Contributors
S. Turner wrote the initial draft of the manuscript and initiated the idea and the work for the collaborative implementation process. S. Foong contributed additional information and designed and implemented the group process.

Peer Reviewed

Accepted for publication April 3, 2003.

	References

TOP ABSTRACT INTRODUCTION THE COLLABORATIVE EDUCATION AND... LESSONS LEARNED AND KEY... NEXT STEPS HIGHLIGHTS Resources References

 
1. Centers for Medicare and Medicaid Services. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). Available at: http://cms.hhs.gov/hipaa. Accessed April 7, 2003.

2. Dept of Health and Human Services. Administrative Simplification Standards. Available at: http://www.hhs.gov/ocr/hipaa. Accessed April 7, 2003.

3. Dept of Health and Human Services, Office of the Secretary. 45 CFR Parts 160 and 164: Standards for Privacy of Individually Identifiable Health Information. Federal Register. December 28, 2000;65:82760.

This Article Abstract Figures Only Full Text (PDF) Submit a response Purchase Article View Shopping Cart Alert me when this article is cited Alert me when eLetters are posted Alert me if a correction is posted Services Similar articles in this journal Similar articles in PubMed Alert me to new issues of the journal Download to citation manager Citing Articles Citing Articles via ISI Web of Science (3) Citing Articles via Google Scholar Google Scholar Articles by Turner, S. Articles by Foong, S. Search for Related Content PubMed PubMed Citation Articles by Turner, S. Articles by Foong, S.