Virtually immune to recession
Demand for health care IT services unaffected by the slow economy<@VM>New Market Drivers<@VM>Unrealistic Deadlines<@VM>Helping Hand<@VM>The Money Trail<@VM>A HIPAA primer<@VM>Bioterrorism defense to drive local spending<@VM>ACS leads landmark health claims project
- By William Welsh
- Apr 11, 2002
Integrators are getting a HIPAA-related boost as state spending increases to comply with the federal mandate. North Carolina HIPAA director Karen Tomczak estimates compliance will cost her state nearly $200 million.
"I've never seen as many opportunities in the state health care business in the last 30 years." | Harvey Braswell, group president of government services for ACS
While a shift in national priorities or a dip in the economy might spell trouble for some sectors of the government information technology market, the demand for health services and solutions never falters. When the economy's up, government customers want contractors to help them improve the delivery of health services. When it's down, they want contractors to help them cut or contain costs.
"The only thing that changes is the flavor of the request," said Frank Abramcheck, vice president of business project management for Electronic Data Systems Corp., Plano, Texas.
The sector is so steady and predictable that companies specializing in health care solutions are virtually immune to a recession, said David Mastran, president and chief executive officer of Maximus Inc., Reston, Va.
"As the economy gets worse, the opportunity gets better," he said.
Health services is the fastest-growing sector in the state and local government IT market, outstripping administration and finance, criminal justice and human services, according to Gartner Dataquest of Stamford, Conn. The market research firm reports the sector is growing at an annual rate of 10.5 percent and will increase in size from $4.6 billion in 2002 to $6.2 billion in 2005.
Health and human services combined are expected to account for 30 percent of all state and local spending by 2003, according to the market research firm Input Inc. of Chantilly, Va.
State and local integrators are bidding on a mix of traditional and emerging health care IT opportunities that include decision support systems, fiscal agent services for processing Medicaid claims, immunization registry and tracking, pharmacy benefit management and Health Insurance Portability and Accountability Act planning and implementation.
Two giants in the sector, Affiliated Computer Services Inc. of Dallas and EDS, handle most of the Medicaid contracts in the nation. EDS has 20 of these multimillion-dollar contracts, while ACS has 13.
Both companies include Georgia on their lists, where the contract will transfer Dec. 1 from EDS to ACS. On that date, ACS will launch the first phase of a groundbreaking contract, known as the Georgia Health Partnership, that will consolidate the administration of health claims for Medicaid, state employees and uninsured children into a single program.
ACS derives $300 million of its $2 billion in annual revenue from IT related to health services, said Harvey Braswell, group president of government services for ACS. For its part, EDS derives 8 percent, or $1.7 billion, of its $21.5 billion annual revenue from health and human services solutions for the public and private sectors globally.
"I've never seen as many opportunities in the state health care business in the last 30 years," Braswell said.
"The consulting work is booming." | David Mastran, president and CEO of Maximus Inc., which is working on nine HIPAA projects
Looking ahead, industry officials see growth in the health services market driven by two major opportunities. One is helping state and local governments counter and respond to bioterrorism attacks; the other is helping various components of state health care operations comply with HIPAA.
Spending on bioterrorism defense has already begun. Congress approved $2.5 billion in the fiscal 2002 defense appropriations bill, and in January approved another $2.9 billion, of which $1.1 billion will go to the states. President Bush has requested an additional $5.9 billion for bioterrorism defense in fiscal 2003.
While integrators struggle to get a grasp on the vague requirements for IT work related to bioterrorism defense, they also are eyeing more tangible business in helping the states comply with HIPAA regulations.
Congress passed HIPAA in 1996 to standardize the electronic transmission of data within the field of health care. Any organization in the private or public sector that handles medical records must comply with rules for electronic data interchange, privacy and security. The EDI rules become effective Oct. 16, while the privacy rules become effective April 14, 2003. The security rules are not out yet.
The bulk of HIPAA compliance work at the state level involves Medicaid systems. The effort to upgrade the systems and bring them into compliance with HIPAA is being coordinated by the Department of Health and Human Services' Centers for Medicare and Medicaid Services.
States are expected to spend about $3 billion on HIPAA compliance, according to government and industry officials. State officials in North Carolina, one of the states farthest along in the process, estimated it will cost $199 million for implementation, said Karen Tomczak, HIPAA director for the North Carolina Department of Health and Human Services.
Although new HIPAA business for integrators is not expected to fully materialize until early 2003, many are already providing consulting services to the states, helping them prepare for implementation.
"The consulting work is booming. ... We are seeing a big rise in our [consulting] work," said Mastran, adding that Maximus has nine HIPAA jobs in various stages of progress.
HIPAA has attracted both small and large integrators as well as companies that aren't typically associated with the state and local market.
The defense contractor Raytheon Co. of Lexington, Mass., is looking for opportunities with federal agencies in the Department of Defense and elsewhere in the federal government that must comply with HIPAA. The company has developed an automated survey-based tool called Risk Doctor that simultaneously performs gap analysis and risk assessment. The solution is deployed at the University of North Carolina.
"Our goal is to test it in the private sector and make sure we have a tight package before taking it to the public sector," said Harold Frohman, Raytheon program manager for Risk Doctor. He said the company is looking for opportunities for HIPAA consulting with federal agencies.
While Raytheon is leveraging its federal expertise, other companies are touting their expertise with either year 2000 solutions or the health sector as key qualifications for HIPAA planning and implementation.
Keane Inc. of Boston is introducing a full-service HIPAA compliance solution April 15, and is marketing it heavily to the states. The company sees a significant business opportunity in HIPAA planning and assessment, compliance and compliance management, said Larry Vale, Keane's vice president of corporate communications.
"We wouldn't launch unless we saw a very significant opportunity," he said.
Although the company has completed HIPAA risk assessments for Connecticut and North Carolina, the timing wasn't right until now to promote it. "We thought it was too early in the process, because the regulations were still in flux and there wasn't a hard deadline," Vale said.
Some agencies and organizations initially think they can handle it themselves, but once they fully appreciate the scope of the project and the short timeframe they have for implementation, they will be looking for integrators to assist them, he said. "[This year] you will find more entities going out to integrators," Vale said.
So far virtually all of the work being done is consulting as opposed to the actual implementation of the rules, Mastran said.
ACS and EDS both have HIPAA consulting practices and expect to do brisk business in the states where they are responsible for Medicaid management. Some states will build new Medicaid management information systems from the ground up that are HIPAA compliant, while others will use other approaches, said Susan Calzoncit, principal consultant in the health care global industry group at EDS.
"There is a very strong agreement by [the Centers for Medicare and Medicaid Services] that translators, clearinghouses and middleware are viable approaches to compliance," she said, noting that the majority of EDS' customers are taking such approaches.
While states are struggling to comply with the act, they should stay focused on the benefits it will provide once it is implemented, she said. The implementation will enable everyone to use the same electronic language for claims processing, eligibility requests and payment transfers.
"Pushing that kind of efficiency into the system ? that's what HIPAA is all about," she said.
"There was a lot more sharing in general [with Y2K] and a sense of working together to comply. I don't get the sense that the federal government is doing that [with HIPAA]." | Richard Varn, chief information officer for the state of Iowa
"There are a lot of states that haven't been able to get started because of budget constraints. ... A lot of states will miss the deadlines because they don't have the money for it." | Karen Tomczak, HIPAA director for the North Carolina Health and Human Services Department
While no one in state government disputes the wisdom of standardizing health information for electronic transmission and protecting patient confidentiality, state technology officials are exasperated that Congress would pass such a law without providing the funds necessary to cover the cost of implementation.
Iowa Chief Information Officer Richard Varn, in fact, said the states were "betrayed" on multiple counts by Congress and the Clinton and Bush administrations over HIPAA.
Federal officials are issuing the three rules with separate deadlines rather than a single deadline as requested by the states, Varn said. They didn't coordinate the initiative with the same zealous commitment they applied to the year 2000 problem. They refuse to provide funding for affected state health systems other than Medicaid.
Varn said the one-year extension of the deadline for EDI rules granted earlier this year created a false sense of relief among federal officials.
"Now they have the expectation that what they've done will allow us to complete the project on time," he said.
Varn said several factors will make it difficult for states to meet the HIPAA deadlines. These include the size and complexity of the task, the absence of the security regulations and extremely tight budgets.
"Anyone who has ever done IT knows that you get all of your customer requirements first, or it will cost you more money in the long run," Varn said. Given the circumstances, Varn said he doesn't think any state will be in full compliance by the deadlines.
Tomczak agreed. "There are a lot of states that haven't been able to get started because of budget constraints. ... A lot of states will miss the deadlines because they don't have the money for it," she said.
John Goggin, vice president for electronic government strategic service at the market research firm Meta Group, Stamford, Conn., said substantial federal funding for HIPAA is highly unlikely at this point. Congress and the executive branch have become disenchanted after years of funding state programs, such as Medicaid and child welfare, that haven't functioned as expected. Add to this the knowledge that states are perfectly capable of handling on their own potentially catastrophic problems, such as Y2K.
"The federal government gave them nothing for Y2K, and the states were able to do it on their own," he said. "What's that tell the federal government about how they want to proceed?"
Varn pointed out, however, that in preparation for Y2K, the federal government appointed a point person who coordinated development of processes and solutions that ultimately led to a specific methodology for the public sector to follow. This has not been the case with HIPAA.
"There was a lot more sharing in general and a sense of working together to comply. I don't get the sense that the federal government is doing that [with HIPAA]," he said.Although Congress didn't provide funding for HIPAA when it passed the law, Health and Human Services provides "enhanced" funding for HIPAA-related changes to Medicaid systems through an existing reimbursement program, said Rick Friedman, director of the division of state systems within the department's Center for Medicare and Medicaid Services. The federal government provides matching funds up to 90 percent of the cost for EDI and security work and 50 percent for privacy work.
The Center for Medicare and Medicaid Services, known as CMS, also is offering some consulting assistance to the states, Friedman said. The organization has developed an assessment checklist to be distributed to the states this month that will assist them in determining their level of capability for implementing HIPAA changes to tier systems and processes.
The center also will visit six to eight states over the next three months and hold workshops to help the states toward HIPAA compliance, Friedman said. CMS and Titan Corp. of San Diego will provide program and technical assistance, respectively, during the workshops, he said. The meetings are only to assist states with their efforts and are not intended to evaluate their progress, he said.
The nation's governors are deeply concerned about the potential cost of compliance. At their annual winter meeting, held Feb. 23-26 in Washington, the governors called on Health and Human Services to provide better guidance to the states on federal programs covered under the act.
The governors also called on Congress to recognize the financial burden of HIPAA implementation and to provide adequate federal funding to assist the states in achieving compliance.
The efforts of CMS and the governors may give state officials the psychological boost they need to meet HIPAA's looming deadlines. With the first deadline less than a year away, integrators are seeing an uptick in HIPAA-related business, said Keane's Vale. This is because states are realizing they need the integrators' help.
"A lot of folks think initially that they can do it themselves. [But] the more people look into it, the bigger they see it is," he said.Staff Writer William Welsh can be reached at firstname.lastname@example.org.
Health-related projects up for bid in the coming yearAlaska Department of Health and Social ServicesProject:
Medicaid Management Information System (MMIS) and Fiscal Agent ServiceTerm:
10 years | Value:
$75 millionRFP date:
Released March 15Summary:
Alaska has a requirement for the development, implementation and operation of an MMIS and fiscal agent services. New York State Department of Health Project: Senior Prescription ProgramTerm:
Five years | Value:
$35 millionRFP date:
Third quarter 2002Summary:
New York has a requirement for the operation of its Elderly Pharmaceutical Insurance Coverage Program that includes help-desk services.North Carolina Department of Health and Human ServicesProject:
HIPAA Implementation and Support ServicesTerm:
TBD | Value:
Third quarter 2002Summary:
North Carolina has a requirement for HIPAA implementation and support services.New Jersey Department of Human ServicesProject:
Automated Child Welfare Information SystemTerm:
Three years with one 1-year optionValue:
$10 millionRFP date:
Fourth quarter 2002Summary:
New Jersey has a requirement for a statewide automated child welfare information system.Vermont Department of Prevention, Assistance Transition and Health AccessProject:
MMIS Core TakeoverTerm:
TBD | Value:
$1.7 millionRFP date:
Fourth quarter 2002Summary:
Vermont has a requirement for interfaces to be designed between the core MMIS and PATH Access systems to provide enhanced functionality between the two systems. Congress approved the Health Insurance Portability and Accountability Act of 1996 to improve the efficiency and effectiveness of the health care system. The law sets standards for the electronic exchange of administrative and financial information related to medical services and, equally important, contains provisions to protect the security and privacy of such information.
The law applies to all health plans, clearinghouses and payers and providers that conduct electronic transactions. It is divided into three sets of regulations: electronic data interchange, privacy and security. The EDI rules become effective Oct. 16, while the privacy rules become effective April 14, 2003.
The Bush administration is offering states a one-year extension on the EDI rules if they file a compliance plan with the Department of Health and Human Services by Oct. 16. The security rules probably will be issued later this year and become effective in 2004, said analysts and industry observers.
States are hiring contractors to help with assessment, planning and compliance in order to meet the deadlines. In developing their strategies, states may choose from several levels of service, ranging from minimum compliance that offers no additional business gains, to maximum compliance that leverages the investment to achieve other goals, such as reducing costs by consolidating paperwork and extending the privacy and security provisions to other agencies.
The compliance process can be roughly divided into three phases. The contractor:
First provides a gap analysis that measures the effort needed to reach compliance;
Helps the client implement the plan;
Monitors internal and external compliance on an ongoing basis.Sources: Centers for Medicare and Medicaid Services and Keane Inc.
While it's unclear how much federal funding for bioterrorism defense will go toward information technology, analysts and industry observers are confident it will generate a wealth of new projects for local governments.
The fiscal 2002 defense appropriations bill included $2.5 billion in supplemental spending for bioterrorism prevention, of which $865 million will go toward upgrading state and local bioterrorism defense, according to the National Governors Association.
The president also signed a $2.9 billion bioterrorism appropriations bill Jan. 10, from which states will get $1.1 billion, the organization said. To receive the funds, states were to submit advance planning documents by April 15 to the Department of Health and Human Services, detailing how the funds will be used.
In addition, the Bush administration's proposed fiscal 2003 budget includes $5.9 billion for bioterrorism defense that would flow through Health and Human Services to local governments.
At this time, the federal government has not issued spending guidelines or specific program requirements, but government and industry experts expect a substantial portion of the funding will help local governments purchase protective clothing, stockpile pharmaceuticals and improve hospital preparedness in response to a bioterrorist attack.
The Centers for Disease Control and Prevention, one of three agencies that will distribute the $1.1 billion to the states, suggests that local governments may want to use some of the funds to develop alert networks that would link local health departments and laboratory response networks.
The alert networks would enhance the ability of these facilities to share information and fund distance-learning initiatives to help educate local public health departments about bioterrorist threats.
"State and local governments are just now determining their bioterrorism weaknesses and where the technology can be applied to improve these situations," said Marcus Fedeli, a state and local analyst with the market research firm Input Inc. of Chantilly, Va.
In the absence of any hard program requirements from the federal government, integrators will have to anticipate the IT needs of local governments in countering the bioterrorist threat, said Costis Toregas, president of Public Technologies Inc. of Washington, a nonprofit organization that supports cities and counties with technology strategy.
This will require companies to "reverse engineer" from the program need backward to their product, he said.Affiliated Computer Services Inc. is developing a single system for three separate government-run health programs in Georgia that could become a national model for the processing and administration of health care-related claims by state governments.
The Georgia Health Partnership, which will bring ACS an average of $80 million per year, combines health claims for state employees, Medicaid recipients and uninsured children. The Medicaid and uninsured children portions will be operational Dec. 1, the state employees portion July 1, 2003, and state university employees portion Jan. 1, 2004.
ACS of Dallas is supported on the project by Computer Sciences Corp., El Segundo, Calif.; IBM Corp., Armonk, N.Y.; GovConnect Inc., Cincinnati; InktelDirect Inc., Miami; Georgia Medical Care Foundation, Atlanta; PrimeWire Inc., Marietta, Ga.; Automated Business Systems Services Inc., Atlanta; and HyperCom Corp., Phoenix.
The new system will address the desire of state officials to consolidate data from multiple legacy systems into one system, said Martin Smith, a Georgia Department of Community Health spokesman. The new system will make it easier for department officials to compare data across program lines and use it for more accurate forecasting and better program management, he said.
ACS is looking to take the approach to other states. "It would give us a system to reference that nobody else has," said Harvey Braswell, group president of ACS government services.