Don't let HIPAA ruin your life

The U.S. Department of Health & Human Services says it will take healthcare organizations a shade under 33 million hours to comply with the modified HIPAA Omnibus rule published in January.

That's 3,764.5 years. 

Consider: 

  • The U.S. has been an independent nation for 237 years (roughly 6.3 percent of the estimated compliance time).
  • HHS has existed for 33 years (roughly 0.9 percent of the estimated compliance time); 60 years if you count its time as the U.S. Department of Health, Education and Welfare (roughly 1.6 percent of the estimated compliance time).
  • The deadline to comply with HIPAA is just two weeks away (about 0.001018181 percent of the estimated compliance time). 

In other words, providers have a lot of work ahead of them. 

Still, compliance isn't a lost cause. Sure, questions by smaller providers such as physician's groups, nursing homes and home health organizations continue to linger about liability concerns. And yes, it can be hard to predict the behavior of individuals charged with using devices that store protected health information.

But HHS, anticipating those struggles, is offering guidance and technical assistance to covered entities, as well as business associates, with such concerns.

What's more, provider organizations, like the American Medical Association, are publishing guides to help their members understand and navigate the rule.

Shortly after the rule was unveiled, several hospital executives talked to FierceHealthIT about their HIPAA worries. Todd Richardson, vice president and CIO of Wausau, Wis.-based nonprofit health system Aspirus, Inc., said it would be difficult to balance protection of data with an increased call to share that same information.

"The devil is always in the details," Richardson said. "The reality is that all of the information is not under the tight control of the covered entity."

David Holland, vice president and CIO at Carbondale, Ill.-based Southern Illinois Healthcare, however, said he thought the updated guidelines ultimately enhanced the ability for providers to maintain patient trust. "Trust is critical to the work we do, and patient information is critical to the delivery of healthcare," he said. "If we lose that trust, how can we deliver healthcare to them effectively?"

Providers should keep the latter sentiment in mind, even when compliance appears to be an endless uphill struggle. Just staying knowledgeable about the rule and learning about which regulations apply in which situations can go a long way toward ensuring that an organization is on the right track. - Dan @FierceHealthIT