HIPAA hurdles loom as deadline approaches

With the deadline to meet privacy provisions in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) less than a week away, the crowd in the E-Town theater at FOSE today complained about some of the challenges posed by the new rules.

Panelist Sharon Arndt, HIPAA compliance manager with the IT Department of Fairfax County, Va., said e-mail is one of the biggest hurdles of HIPAA compliance. According to HIPAA privacy rules, no longer can doctors or other health care providers write about sensitive patient information such as mental health support in an e-mail message.

E-mail can be FOIA'd, which could violate a patient's right to privacy, said Jon Frey, director of IT for the Health and Human Services Department of Montgomery County, Md. So as of next week, health care providers can no longer put protected client health information in an e-mail.

"You've had doctors who've been doing this for years, e-mailing data back and forth about patients," an audience member said. "How can we make a reasonable effort to comply with this unreasonable law?" he asked.

Organizations are looking at how this e-mail can be encrypted, said Mike Huddleston, a manager with Fairfax County's IT Department. "We're working on getting our e-mail Federal Information Processing Standard 140-certified," he said.

Huddleston says he "was never a big fan of public-key infrastructure. It's incredibly hard to administer all those public keys, when you have an organization with 4,000 employees. I think it was a fad."

"I don't think the original crafters of HIPAA realized the broader implications of it," Frey said.

Montgomery County has 130 applications, 50 of which have implications for HIPAA, Frey said. One good thing that has come out of HIPAA is that the county is consolidating the 50 systems, which will save the county "massive amounts of money." The duplicate data entry that was required for the 50 standalone applications added about 45 minutes of labor to each transaction, he said.

Tom Davy, former Navy HIPAA program manager and now on the staff of George Washington University, said the main challenge of HIPAA is the cultural change at the root of it. "We had staff members who would leave patients' charts hanging with the face up. We need people to subscribe to HIPAA, not just comply with it."

The panelist agreed that HIPAA isn't solely an IT issue, although it's often treated as such.

"HIPAA is as mundane as putting locks on file cabinets," Frey said.

Even answering machines have to change as a result of HIPAA, Huddleston said. "We had two nurses sharing a phone. One would have to listen through the other's voice mail messages to get to hers."

Training is also a daunting issue. Montgomery County is using an online HIPAA module through Maryland's Health Department that provides basic training. Huddleston said his county had to train 700 employees over 500 square miles.

"People out there are running scared," an audience member said.

About the Author

Trudy Walsh is a senior writer for GCN.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.