Are You Hip to HIPAA Or Behind the Curve?

Rishi Sood

Although the Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996, the effects of this monumental legislation are only now being felt across the nation.

With Congress providing additional legislation and imposing compliance deadlines in 1999, HIPAA is a major priority for public and private health care organizations. There is now an April 2003 deadline for health care organizations to be compliant with the privacy components of the bill.

Consequently, a few analysts have likened HIPAA to the year 2000 computer problem, requiring massive expenditures to bring organizations into compliance with the legislation.

The major tenets of HIPAA are clear: improve health care delivery by providing standardized processes and formats for data exchange, and develop strict security measures for privacy and accessibility of patient information. The legislation is aimed at offering administrative simplification through data standards and electronic dissemination, development of unique patient identifiers, creation of privacy layers and boundaries for patient information, and penalties and enforcement procedures for those organizations that are not compliant after the deadlines have passed.

Clearly, HIPAA's biggest impact in the state and local government marketplace will be within departments of health. These agencies are responsible for the vast majority of health-care-related tasks in the public-sector marketplace. In particular, HIPAA will affect the two largest public-sector programs: Medicaid and Medicare.

However, the HIPAA footprint extends well beyond these two blockbuster programs and into other key agency areas, such as mental health, alcohol and substance abuse, and children's health services. The legislation also will affect other public-sector entities, from corrections to youth services to education.

Despite the impact HIPAA legislation will have on government entities, there has been relatively little progress to ensure compliance. A survey conducted last spring of officials within state and local departments of health revealed the majority of public-sector organizations (70 percent) characterized their progress as just starting or uncertain. A handful of survey respondents (5 percent) indicated they have completed or are nearing completion of the first wave of deadline requirements. Only 25 percent indicated they are actively involved in compliance procedures.

Still, a number of states appear to be making gains. A consortium of seven departments of health are working together to share best practices, research and processes for technology remediation, consulting and privacy guidelines. States such as Washington and Connecticut have developed an organized strategy to address the standardization, privacy and unique identifier issues of HIPAA.

Washington, for example, has devoted significant space online to build a community of HIPAA participants, holds readiness forums and is developing outreach services to help local government compliance efforts. Connecticut also has established a coordinated procedure for participation across state agencies and estimates that HIPAA may affect more than 30 state departments.

The public sector is not the only one moving slowly. Early data from private-sector organizations shows 85 percent of health care providers have yet to complete readiness assessments or gap analyses. More surprisingly, 84 percent of private-sector organizations expect vendors to supply compliance services under maintenance contracts.

Additional data reveals 55 percent of health care organizations believe a one-year extension followed by a six-month transition period will provide enough buffer to facilitate compliance.

Given this market dynamic, the true market size for opportunities related to HIPAA is unclear. The timing of these opportunities may be even less certain. In many respects, there has been a major uptick in legal action to delay and limit the HIPAA footprint.

Despite these issues, there will be numerous requests for proposals by government agencies seeking assistance with HIPAA over the next two years. But the questions remain: Is HIPAA a tidal wave, and when will it hit the shore?

Rishi Sood is a principal analyst with Gartner Dataquest in Mountain View, Calif. His e-mail address is

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • VIDEO: Explore the 2019 M&A Trends

    Editor Nick Wakeman interviews Kevin DeSanto of the investment bank KippsDeSanto about the highlights of their annual M&A survey and trends driving acquisitions in the federal space. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman and senior staff writer Ross Wilkers discuss the major news events so far in 2019 and what major trends are on the horizon. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.