Part 1: Executive Summary

This report examines the impact that the Healthcare Insurance Portability and Accountability Act (HIPAA) will have on the electronic commerce initiatives of healthcare providers and payers (insurance companies and healthcare maintenance organizations) striving to comply with new IT requirements taking effect on October 16, 2002.

There is much more than meets the eye in meeting the requirements of HIPAA. While many organizations in healthcare are anticipating a simple software adjustment to their communications applications, it is now becoming increasingly clear that, in addition to adopting national e-business standards like ANSI ASC X12 transaction sets, HIPAA compliance will also require a significant amount of work on internal enterprise applications.

This report concludes that both the healthcare community and the information technology vendors that support it will need to undertake a significant amount of preparation and education in order to ensure compliance by the HIPAA deadline.

The IT departments of healthcare companies in the United States face an acronym-imposed deadline for the second time in nearly two years, and the consequences of HIPAA may be more far-reaching than Y2K. The reason: where Y2K required organizations to identify and remedy programming code--a labor-intensive but operationally straightforward challenge--HIPAA mandates that by October 16, 2002, healthcare organizations adopt national standards for electronically processing administrative and financial transactions.

The new standards requirements will redefine the exchange of data behind a wide range of healthcare transactions, including:

• Eligibility
• Coverage
• Benefit inquiries
• Benefit information
• Healthcare claim status requests and notifications
• Healthcare services review information
• Payment/order remittance advice
• Benefit enrollment
• Healthcare claim payment/advice

Beyond changing the business applications that healthcare providers and payers currently use to comply with voluntary national standards, it is increasingly clear that many organizations will have to adjust their business conventions--the way they actually operate--to comply with the HIPAA mandate.

For instance, HIPAA will require use of American National Standards Institute's (ANSI's) Accredited Standards Committee (ASC) X12 electronic data interchange (EDI) syntax. The X12 997 Functional Acknowledgment transaction set will be required to identify receipt and accept or reject a transaction based on whether or not transmission conforms to the syntax. But it will also require the X12 824 Application Advice transaction set to report application-level errors to the sending party. In other words, the HIPAA requirement dictates how the transaction set should be processed by the application after it has been translated.