|
Gartner Says Most Healthcare Organizations Unprepared for Newly Signed HIPAA Regulations
|
|
Gartner Announces New Tool to Track Organization's Compliance With HIPAA-Mandated Regulations
|
|
Stamford, Conn., August 15, 2000 — The U.S. Department of Health and Human Services recently announced regulation for standardizing electronic healthcare administrative and financial transactions, but most healthcare organizations are not prepared for these new regulations, according to Gartner Group, Inc. (NYSE: IT and ITB).
|
|
The Administrative Simplification provisions of the 1996 Health Insurance Portability and Accountability Act (HIPAA) mandated the U.S. Department of Health and Human Services to develop regulations that would impose standards on the healthcare industry for electronic transactions and the security and privacy of patient information. The first of those regulations, standardizing electronic healthcare administrative and financial transactions, was finalized and signed by the Secretary of the Department of Health and Human Services, Donna Shalala, on August 11. Gartner expects the regulations on security and privacy to be finalized by the end of 2000. Healthcare organizations have 26 months to comply, once a regulation is finalized.
|
|
"Most healthcare organizations have not finished even the most preliminary stage of preparedness for HIPAA, according to initial research for our five-level HIPAA compliance, progress, and readiness (COMPARE) scale," said Matt Duncan, research director at Gartner and lead analyst in the HIPAA COMPARE scale development. "Organizations that are not well into their Level II (assessment) activities before the beginning of 2001 will require crash programs for compliance, with consequentially higher costs. In their resultant haste to meet deadlines, they will also likely sacrifice the benefits of the opportunistic HIPAA requirements around standardized transactions and the use of Internet technologies."
|
|
Gartner first copyrighted the COMPARE (COMpliance Progress And REadiness) scale in 1997 as a tool for tracking an enterprise's progress with year 2000 compliance. Now Gartner has adapted the COMPARE methodology to create a set of milestones that measure a healthcare organization's progress toward compliance with the HIPAA-mandated regulations.
|
|
This tool will provide the framework for Gartner's reporting on the industry's overall progress. Gartner plans to survey healthcare organizations in all segments of the industry on a quarterly basis during the next three years, to deliver a benchmark for a healthcare organization to compare its progress toward HIPAA compliance.
|
To be considered by Gartner as having attained a particular level of compliance, a healthcare organization must have completed all the tasks defined for that level. The five levels the organization need to reach are as follows:
- Level I — Awareness: An enterprisewide general education and awareness program and a specialized education for clinical personnel including physicians have been completed. An executive sponsor has been identified and a senior-level manager (for example, chief security officer or chief compliance officer) has been appointed to oversee compliance efforts. A HIPAA committee or project team has been staffed, and legal counsel, who is tracking the HIPAA-mandated regulations closely, has been identified.
- Level II — Assessment: A healthcare organization has completed (either internally or with outside assistance) a formal assessment of its vulnerabilities and activities needed to achieve compliance with EDI, security and privacy regulations. Various industry surveys, coupled with Gartner research, indicate that less than 25 percent of healthcare organizations have begun efforts to reach the second level of the HIPAA COMPARE scale, as of July 2000.
- Level III — Strategy Formulation: A healthcare organization has estimated tangible and intangible costs and benefits to realize compliance and used that information to formulate a comprehensive compliance strategy. This strategy will address HIPAA as an enabler for achieving the healthcare organization's overall e-business strategy. Selection is complete for all physical tools needed for EDI and security compliance, including upgrade or replacement of applications when necessary; nothing remains to be planned and nothing is left to negotiate.
- Level IV — Implementation: A healthcare organization has completed, implemented and communicated policies and procedures for achieving compliance to all affected entities, departments and employees. All tools and application enhancements or replacement applications have been implemented.
- Level V — Audit: Testing of new and modified applications is complete and the HCO has conducted internal or external compliance audits, including verification of trading partners. Post-implementation audits have begun for validating the cost/benefit estimates formulated in Level III. For security and privacy, the HCO has benchmarked the industry and has implemented all measures believed necessary to adequately address threats and meet requirements. A formal process is in place to address "evolving" requirements.
|
|
For more information on Gartner's COMPARE scale and Gartner's research, which tracks the progress of the healthcare industry toward HIPAA compliance, contact Gartner's Industry Applications Quick Path at 203-316-1288 or indapps@gartner.com.
|
About Gartner
Gartner provides unrivaled thought leadership for more than 10,000 organizations, helping clients to achieve their business objectives through the intelligent and efficient use of technology. Additionally, Gartner helps technology companies identify and maximize technology market opportunities. Gartner's technology content and strong brand reach IT professionals globally through Gartner Research, its research and advisory unit, Gartner Services, its custom consulting unit; Gartner Events, including Gartner's renowned Symposia; and, at www.gartner.com.
Gartner subsidiary TechRepublic, Inc. (www.techrepublic.com)
is the leading online destination developed exclusively for IT professionals by IT professionals. Gartner, founded in 1979 and headquartered in Stamford, Connecticut, achieved fiscal 1999 revenues of $734 million. Gartner's 3,600 associates, including 1,200 research analysts and consultants, are in more than 80 locations worldwide. For more information about Gartner's industry-leading products and services, please visit us on the Web at www.gartner.com.
|
|
CONTACT:
|
|
|
|
