Projecting the budget impacts of HIPAA - Health Insurance Portability and Accountability Act of 1996

Healthcare Financial Management, Feb, 2002 by Dan Coate, Keith MacDonald

Although the Health Insurance Portability and Accountability Act (HIPAA) of 1996 was meant to simplify and reduce the cost of delivering health care, the initial steps to comply with all areas of the law are projected to be very costly. Healthcare organizations should take the time o figure the cost of HIPAA compliance into heir budgets to avoid costly surprises as compliance measures are implemented. There are several steps a healthcare finance manager can take to manage budget expectations for HIPAA compliance.

Some disturbing projections have been published over the past year with respect to the potential effects of the 1996 Health Insurance Portability and Accountability Act (HIPAA) on the bottom line of healthcare organizations. While the long-term financial intent of the law is to reduce the cost of delivering health care through simplification and standardization of business processes, the short-term financial cost to a healthcare organization could be substantial.

A recent survey by the Gartner Group found that only 32 percent of healthcare organizations were able to estimate their anticipated overall costs of HIPAA implementation. Among these organizations, estimates ranged from $10,000 for a 30-physician group practice to $14 million for one of the nation's largest integrated delivery systems. The mean of these estimated costs, $3.1 million, was far above the $0.45 million mean of healthcare providers' 2001 HIPAA budgets. (a)

In addition, a 2000 American Hospital Association (AHA) study found that hospitals, in aggregate, could spend as much as $22.5 billion in the next five years complying with just three of the privacy provisions of HIPAA- far exceeding the government's original estimate of $3.8 million in costs for compliance with the entire privacy rule across all healthcare entities. (b)

With dire projections such as these, it is imperative that healthcare financial managers be able to predict accurately the budget impact of HIPAA on their organizations. With forethought, discipline, and appropriate caveats, budget impacts can be projected before virtually any HIPAA-specific work actually begins.

ASSESSING THE BIG PICTURE

Before addressing the mechanics of projecting the budget impact of HIPAA, the projection should be put in the overall context of achieving HIPAA compliance. A simple, logical plan to comply with the HIPAA regulations generally is recommended. This plan should contain the following steps: education (at the executive and managerial levels), strategy review, assessment of impacts, planning for remediation, and implementation. During each of these steps, the questions most likely to come up are "What is the bottom line?" and "What will this cost us?" The key is to be able to project reasoned and well-documented cost ranges early in the process. Then, as the organization moves through the assessment and planning process, these early projections can continually be refined.

Another issue is overall HIPAA strategy For each provision of HIPAA, one could choose merely to react with a minimal response or, instead, use HIPAA compliance as an opportunity to automate and standardize all common transactions and processes.

For example, if an organization currently is employing nonstandard electronic transactions, a bare-minimum approach might be to discontinue conducting electronic transactions altogether and revert to paper. Conversely, the transaction-generating systems could be upgraded to allow standard transactions to be generated and received directly by the system. Alternatively, an organization could leave the source system intact and contract with a clearinghouse to standardize transactions before they are sent to or received from payers.

Choosing a strategy directly affects the estimated cost ranges for various levels of responses. Initially, it is recommended that an organization use reasonably broad cost ranges for HIPAA compliance areas where an overall strategy has not been selected. Early projections will help manage expectations of senior organizational leaders, serve as a wake-up call to the organization of the potential costs, and help direct efforts to the areas of highest cost and greatest risk.

BEGINNING AT THE END

The budget exercise should begin with a dear picture of how the final projection should be structured. To develop this picture, financial managers should determine how detailed the projection should be, how capital and operating expenses should be defined and treated, and how staff time will be accounted for. Also key is the organization's knowledge of where it is in the overall HIPAA implementation process. From a budgetary perspective, the organization should realize that projection ranges will be larger earlier in the process.

Organizations should have a clear understanding of budget standards and precedents. Initially, financial managers should juxtapose fiscal years with finalized and anticipated HIPAA timelines to see when in the fiscal year costs likely will be incurred. They also need to define which HIPAA costs will be treated as capital expenses and which as operating expenses. Although HIPAA compliance is quite different from Year 2000 (Y2K) compliance, many organizations apply their Y2K capital-versus-operating assumptions to HIPAA expenditures.