health and HIPAA :Implications for healthcare vendors in India
of the Indian vendors typically approach HIPAA as a technology issue,
when it is in reality an enterprise wide issue.
The software houses are hardly conversant with other standards in
the healthcare space such as HL7, DICOM or a host of other industry
related jargon, which is a huge disadvantage
the introduction of the Health Insurance Portability and Accountability
Act (HIPAA) the healthcare delivery system in the United States
is facing the prospect of significant transformation. HIPAA, also
known as Kennedy Kassebaum Bill, enacted in 1996 is primarily intended
to provide continuity of health insurance and enable administrative
simplification in the healthcare industry. By establishing these
standards, HIPAA aims to standardize the electronic transmission
of certain administrative and financial transactions and to protect
the confidentiality of patient information. By making electronic
data interchange more efficient and cost effective than paper processing,
it is expected that the healthcare industry will derive immense
with HIPAA regulations is a critical business initiative for healthcare
providers, payers, clearinghouses and other stakeholders in the
healthcare space that handle protected health information. Estimates
project HIPAA as a business opportunity worth $ 20 to 40 billion.
an enterprise view
affects various aspects of the current business practices followed
by covered entities. Healthcare organizations will have to examine
the regulations from legal, security, human resources, business
process and technological perspectives and arrive at the optimum
solution keeping the corporate goals in view. From an Information
Technology perspective, HIPAA requires compliance in the following
areas. Covered entities that engage in electronic healthcare transactions
should use Standardized Transactions and Code sets. Unique identifiers
that are individually assigned to providers, payers and employers
will eventually be published. Organizations covered by HIPAA security
standards must protect the healthcare information they maintain
or transmit from improper access, alteration or loss. These organizations
must not wrongfully disclose individually identifiable patient health
information. Payers, providers, employers and clearinghouses are
affected, though the nature may vary based on the healthcare transactions
the healthcare industry one of the major benefits of complying with
the regulations is the move towards E-health. Traditionally the
healthcare industry has been lagging behind in terms of adoption
of new technology. The typical healthcare setting is still heavily
dependent on legacy systems and best of breed applications. The
standards are therefore considered to be a major catalyst in propelling
the healthcare industry towards the much-needed standardization.
Standardization of transactions and code sets will be the first
step towards a nationally accepted IT backbone, which will make
way for E health becoming a reality. There are indications that
the industry will save over $ 20 billion in the coming years as
a result of these changes.
The business opportunity
HIPAA market size is estimated to be worth $ 20 to 40 billion. This
has resulted in the mushrooming of HIPAA shops, which reminds one
of the mushrooming of medical transcription units and the resultant
shortcomings in quality of delivery, which added to the lack of
credibility for Indian goods and services in the US market. Incidentally
HIPAA will have an adverse impact on the profitability of medical
transcription industry in India as well.
Indian vendors miss the bus?
fact remains that only very few software vendors have been able
to execute HIPAA projects. Close to 42 per cent of the payer market
has completed the assessment and are in various phases of remediation.
Ironically many of the big players have not been able to make a
dent in the market. My interaction with many of the prospects and
clients in this space points to some of the reasons for this.
of domain knowledge
and foremost among these is the lack of domain knowledge in terms
of the business processes in the healthcare industry. Many of the
Indian vendors typically approach HIPAA as a technology issue, when
it is in reality an enterprise wide issue. The other issue is that
these software houses are hardly conversant with other standards
in the healthcare space such as HL7, DICOM or a host of other industry
related jargon, which is a huge disadvantage. The successful vendors
are the ones, which have been able to demonstrate industry knowledge
in the healthcare domain.
the Y2K days the industry has evolved dramatically and has come
up with smart tools that have resulted in less number of programmers
required for executing a project.
process of automating
will continue and is not good news at all for the IT industry, which
is still focused on providing low end programming services at low
cost. Many software houses still qualify only as large body shoppers
making profits on the salary differentials across the oceans.
is at its all time low as many vendors who have hardly gone heard
the word HIPAA have started to market themselves as HIPAA service
providers. However the customers have become smarter and vendor
evaluation guidelines have become more stringent with many of these
vendors not even getting a chance to present their story.
HIPAA is a huge business opportunity, most of the Indian software
vendors have been pretty unsuccessful in tapping into the market.
Some of the factors that contribute to this are lack of domain knowledge,
the increasing use of tools to automate programming, and a lack
of credibility due to mushrooming of HIPAA shops. The inability
of Indian software industry to capitalize on HIPAA is a pointer
to the slackness that has affected the industry, which was riding
a wave of easy money. Unless corrective measures, primarily aimed
at long-term strategies to stay competitive are not taken the IT
industry may not turn out to the dawn of a rosy future that it is
painted by the industry and media.
author is head, HIPAA Solutions Group, Silverline Technologies.
He can be contacted at firstname.lastname@example.org)