Are You Hip to HIPAA Or Behind the Curve?

Rishi Sood

Although the Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996, the effects of this monumental legislation are only now being felt across the nation.

With Congress providing additional legislation and imposing compliance deadlines in 1999, HIPAA is a major priority for public and private health care organizations. There is now an April 2003 deadline for health care organizations to be compliant with the privacy components of the bill.

Consequently, a few analysts have likened HIPAA to the year 2000 computer problem, requiring massive expenditures to bring organizations into compliance with the legislation.

The major tenets of HIPAA are clear: improve health care delivery by providing standardized processes and formats for data exchange, and develop strict security measures for privacy and accessibility of patient information. The legislation is aimed at offering administrative simplification through data standards and electronic dissemination, development of unique patient identifiers, creation of privacy layers and boundaries for patient information, and penalties and enforcement procedures for those organizations that are not compliant after the deadlines have passed.

Clearly, HIPAA's biggest impact in the state and local government marketplace will be within departments of health. These agencies are responsible for the vast majority of health-care-related tasks in the public-sector marketplace. In particular, HIPAA will affect the two largest public-sector programs: Medicaid and Medicare.

However, the HIPAA footprint extends well beyond these two blockbuster programs and into other key agency areas, such as mental health, alcohol and substance abuse, and children's health services. The legislation also will affect other public-sector entities, from corrections to youth services to education.

Despite the impact HIPAA legislation will have on government entities, there has been relatively little progress to ensure compliance. A survey conducted last spring of officials within state and local departments of health revealed the majority of public-sector organizations (70 percent) characterized their progress as just starting or uncertain. A handful of survey respondents (5 percent) indicated they have completed or are nearing completion of the first wave of deadline requirements. Only 25 percent indicated they are actively involved in compliance procedures.

Still, a number of states appear to be making gains. A consortium of seven departments of health are working together to share best practices, research and processes for technology remediation, consulting and privacy guidelines. States such as Washington and Connecticut have developed an organized strategy to address the standardization, privacy and unique identifier issues of HIPAA.

Washington, for example, has devoted significant space online to build a community of HIPAA participants, holds readiness forums and is developing outreach services to help local government compliance efforts. Connecticut also has established a coordinated procedure for participation across state agencies and estimates that HIPAA may affect more than 30 state departments.

The public sector is not the only one moving slowly. Early data from private-sector organizations shows 85 percent of health care providers have yet to complete readiness assessments or gap analyses. More surprisingly, 84 percent of private-sector organizations expect vendors to supply compliance services under maintenance contracts.

Additional data reveals 55 percent of health care organizations believe a one-year extension followed by a six-month transition period will provide enough buffer to facilitate compliance.

Given this market dynamic, the true market size for opportunities related to HIPAA is unclear. The timing of these opportunities may be even less certain. In many respects, there has been a major uptick in legal action to delay and limit the HIPAA footprint.

Despite these issues, there will be numerous requests for proposals by government agencies seeking assistance with HIPAA over the next two years. But the questions remain: Is HIPAA a tidal wave, and when will it hit the shore?

Rishi Sood is a principal analyst with Gartner Dataquest in Mountain View, Calif. His e-mail address is

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.