banner ad

Jack Ahern

The Health Information Portability and Accountability Act (HIPAA) was passed in August 1996. A great deal of information has been circulated on the legal, ethical, and functional aspects of living with HIPAA. One question that has not been adequately addressed is: how much will HIPAA cost the average dialysis facility or nephrology practice? This article looks into some of the major financial implications of HIPAA, both positive and negative, with an aim to managing the "cost of compliance."

A Brief History

Since the passage of this legislation, much work has gone into translating this complex act into regulations that are enforceable by the government. Reacting to input from industry representatives, the Department of Health and Human Services (HHS) agreed that the original version of HIPAA was overly burdensome and created some practical and ethical conflicts for providers, who are now referred to in HIPAA lingo as "covered entities." Therefore, HHS introduced adjustments to the regulatory aspects of HIPAA, attempting to reduce impracticalities or unnecessary hindrances to the day-to-day operations of players in the healthcare arena. The resulting "Simplification" was published on December 27, 2001, as the Administrative Simplification Compliance Act (ASCA, Public Law 107-105). On March 27, 2002, HHS proposed modifications to portions of HIPAA addressing privacy issues, and, on August 14, 2002, the final revised "privacy rule" was issued.

Other than filing for an extension, for the renal community dealing with the practical implications of HIPAA, it has so far been a project somewhat undefined, but definitely in the "out there" in the reality of the future.

For those providers who submitted a compliance plan in accordance with ASCA, the Centers for Medicare and Medicaid Services has extended until October 16, 2003, the deadline for compliance with HIPAA's electronic transactions standards. However, no extension whatsoever has been granted for the April 4, 2003, deadline for full compliance with the revised privacy standards.

Dialysis Providers MUST Comply with HIPAA's Privacy Standards by April 4, 2003!

By April 14, 2003, both dialysis facilities and nephrology practices will need to ensure that they are fully in compliance with the privacy requirements of HIPAA. This will mean having a written privacy policy that is provided to each patient, integrating the elements of this policy into daily operations and developing specialized HIPAA records relating to disclosure of "Protected Health Information," commonly referred to in HIPAA-speak as "PHI."

What is PHI?

Since all of HIPAA's privacy standards center on the protection and management of PHI, its definition must be clearly understood: PHI is defined as any type of information that identifies an individual and is transmitted or stored in any form or medium.

As of April 14, "HIPAA records" and logs must be kept for at least six years, proving that PHI has been used and disclosed in accordance with HIPAA regulations.

What is HHS Really Trying to Accomplish with HIPAA?

As with all major legislation, the federal government has multiple goals, not all of which are obvious at first glance or by simply reading the label. Broadly speaking, HIPAA has two goals:
  1. It is designed to protect private sensitive healthcare information from unauthorized usage; and
  2. it sets forth universal standards for the transmission and storage of electronic healthcare information.
The uniform standards set forth in HIPPA have the dual intent of both protecting health information while also facilitating less expensive and more efficient billing and payment systems for healthcare services. There can be no doubt that, with respect to the protection of sensitive healthcare information, HIPAA creates a structure of accountability and awareness within the healthcare organization. However, it remains to be seen if increased efficiencies in the billing and payment process will result in tangible savings for dialysis providers.

The "Cost of Compliance"

In an informal survey, I found that multi-unit dialysis providers have already committed to, or spent, an average of $35,000 for externally-provided HIPAA-related services. HIPAA has clearly created multiple new documentation and record-keeping tasks as well as a unique oversight function..

View FULL PDF version of this Article

Jack Ahern, MBA, is a seasoned Healthcare Executive, Instructor, and Financial Manager, with 20 years 20 years of expertise gained by managing finances for an academic medical center, and providing guidance to physicians, hospitals, HMO�s and major academic medical centers on issues pertaining to physician and hospital billing, hospital administration, strategic planning, renal dialysis reimbursement, HIPAA, ethics, regulatory issues and compliance.

See Jack Ahern's Listing on

©Copyright - All Rights Reserved