Will HIPAA become another Y2K?

Between the pressures of managed care and improvements in the cost and quality of computer and communications technologies, much of the healthcare information “revolution” has seemed inevitable. HIPAA is no exception. Designed to protect medical records (electronic and otherwise, it turns out) and other personal health information maintained by everyone except the consumer, the Health Insurance Portability and Accountability Act has been hailed as everything from a godsend to a boondoggle since being signed into law in 1996.

Faced with wide-ranging guesstimations of the hefty compliance price tag HIPAA is likely to have, hospitals have been giving HIPAA’s patient privacy rules the “Y2K II” doomsday label for some time. Now that the Bush administration has officially begun implementing the regulations as of April 14, these concerns have become even more palpable.

But what the actual impact of the HIPAA privacy regulations will be is still anyone’s guess or, more exactly, everyone’s guess. The Department of Health and Human Services, which wrote the privacy rules and is responsible for enforcing them, has estimated that it will cost the healthcare field only $3.8 billion to comply with HIPAA-but that HIPAA will actually save healthcare providers $12.3 billion over 10 years. While the privacy regulations are expected to increase costs by $17.6 billion over the next 10 years, HIPAA’s electronic claims processing component should offset this, saving $29.9 billion during the same period, according to federal pundits.

A survey conducted by First Consulting Group for the American Hospital Association resulted in much more dire predictions, however. After interviewing 19 hospital organizations, FCG concluded that the privacy rules will cost hospitals more than $22 billion over the next two years alone. That’s more than U.S. hospitals spent to upgrade and reprogram their computer systems prior to Y2K.

What will actually occur probably lies somewhere between these best and worst case scenarios, but there is one near certainty. The next two years will likely produce a medical information systems boom. In that context, however, we have to be prepared for yet another inevitability. Once most healthcare organizations have met the basic HIPAA requirements, they will likely return to their old habits.