To Ogawa, it was far preferable for Children's to go it alone rather than rely on its software vendors to provide HIPAA updates. It was also important to start early. "We couldn't just rely on what the vendors might do at some point," he says. "Like Y2K compliance, we knew we would be at their mercy if we waited."
Because HIPAA rules sometimes add new information and require new form fields, a gateway isn't enough. Remediation may be necessary so that old back-end systems can address the new fields. New applications are also necessary on the front end. Children's built a separate application to track privacy disclosures throughout the hospital, so that a patient who signs HIPAA forms in the reception area won't have to sign the same forms later. It wasn't optimal to build functions into existing apps for disclosure tracking; not all employees use the same apps, and some vendors prohibit alterations to their code.
North Carolina's Medicaid program chose to migrate to an IBM DB2 relational database from an old VSAM (virtual storage access method), which provided direct access to files. It added a gateway to translate inbound transactions into formats that the existing back end would understand and outbound transactions into standard formats. It also altered the back end because it couldn't accommodate the multitude of transaction types associated with Medicaid. Medicaid covers more treatments than commercial insurers usually do, including social work services, disabled day-care services and long-term care, says Cathy Waters, an EDS systems director who oversees North Carolina's Medicaid systems. EDS processes all of the state's Medicaid transactions, totaling $7 billion last year. Some 38 states contract with fiscal agents for Medicaid processing.
There's a movement afoot to eliminate local codes and standardize on a national system, which would impose a new burden on IT. Meantime, health-care IT managers should pay careful attention to HIPAA lawsuits. Experts say many of the regs leave implementation details open to interpretation. "The litigation piece will drive the next wave of what IT has to do," Peck says. "Until litigation is brought, courts make their decisions and then [Congress] goes back to clarify; it will be a constant change-and-update environment for the next few years. ... People who say they're 100 percent HIPAA-compliant are fooling themselves." --David Joachim
Related Stories
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
