Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

08:38 AM
Greg MacSweeney
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

HIPAA Privacy Regulations Postponed by Bush

After being signed by President Bill Clinton, the privacy provisions contained in the Health Insurance Portability and Accountability Act (HIPAA) will have to wait for at least another 60 days as an order from President George W. Bush in January blocked some of the last-minute executive orders and rules laid down by the outgoing president.

After being signed by President Bill Clinton, the privacy provisions contained in the Health Insurance Portability andAccountability Act (HIPAA) will have to wait for at least another 60 days as an order from President George W. Bush in January blocked some of the last-minute executive orders and rules laid down by the outgoing president.

President Bush's order meant that no new rules can be printed in the Federal Register, thus blocking them because rules cannot become law until appearing in the Federal Register for a stipulated period of time. Bush also issued a 60-day stay on regulations that were published in the Federal Register but have not yet taken effect.

For insurance companies, the stay, at the least, could mean an extra 60 days to prepare IT systems for HIPAA's privacy rules-which are set to take effect in Feburary 2003. Or the stay could mean the rules might go back to the Department of Health and Human Services (HHS) for review, meaning the adoption of the rules could occupy an even longer time frame, says Greg DeBor, partner with Computer Sciences Corp.'s (CSC, El Segundo, CA) Global Health Solutions Practice.

"The privacy rules are a sweeping change in the insurance industry," says DeBor. "Most insurance executives say privacy is a top IT priority."

However, tying privacy to a specific technology is almost impossible to do, adds DeBor. "Many forms of technology come into play," he says. "Document imaging, information security, PKI public key infrastrucutre, encryption, digital certificates and digital or electronic signatures are just a few of the new tools that will be needed to protect an individual's health information once it is stored electronically."

However, it will be hard to quantify the costs because of a number of other privacy initiatives insurance companies must tackle at the same time, says Julie Gackenbach, director of government relations, National Association of Inde-pendent Insurers (NAII, Washington, DC). "I think it is going to be really hard to untangle the technology costs from the costs from privacy provisions in the Gramm-Leach-Bliley Act."

And although HIPAA applies mainly to health insurers and healthcare providers, the privacy rules will impact all lines of insurance, adds Gackenbach. "The rules apply to the generators of information-the doctors and hospitals," she says. However, P&C insurers use the information for claims in certain areas," such as getting a medical report for a workers' compensation policy or a medical record from an injury suffered during an automobile accident.

A major concern for property and casualty insurers is that the claims process may become more complicated. "Health and P&C insurers all have to meet the same standards," says Gackenbach. "If we do not get access to information, we can't move forward on a claim. P&C insurers are going to be pulled into this set of rules anyway."

Under the rules, the holder of the information is required to only provide the minimal amount of information necessary to the entity requesting the health information, says Gackenbach. "The holder of the information has to decide what is minimally necessary," she says. "The companies are going to have a form that is acceptable for an authorization," to release records.

But despite the cost that will be required from insurers and healthcare providers to become compliant with the regulations, the privacy rules have received broad support from the NAIC (National Association of Insurance Commissioners, Kansas City), the NAII and both Republicans and Democrats. For instance, "all 51 insurance commissioners unanimously approved the NAIC proposed privacy regulations," which are similar to the HIPAA rules, says Kathleen Sebelius, president of the NAIC and Kansas In-surance Commissioner.

CSC's DeBor sees the regulations being approved, despite some opposition. "The most organized opposition is the Blue Cross Blue Shield Association and the American Asso-ciation of Health Plans," says Debor. "They have asked for extensions of the deadlines, although they have not taken formal action."

Even with opposition, "I think it is likely the Bush Administration and HHS may review the rules, but it will be passed in some form," says Debor. "The original law was passed by wide margins by both houses of Congress."

Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio

Register for Insurance & Technology Newsletters
Slideshows
More Slideshows
Video
All Videos