The Objective Observer

 New RSS feed!

Medical

• A Debunking of HIPAA

With a little over a year and a half before the next Presidential election, there are those in the Senate and Congress that are trying to find campaign issues for 2004. One of those issues that keeps popping up is the “out of control”, increasing cost of health care. There are those in the Senate and Congress that point to the alarming increases in the health care industry as proof that a universal, government controlled health care system is necessary. This conclusion is not born out by the facts.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is essentially an outgrowth of the Clinton’s push for a universal, governmental health care system. Therefore, while this plan “failed” it had far-reaching effects on health care legislation and regulation that resulted in a more sanitized and acceptable version, HIPAA, being implemented to address many of the same ills that were proposed to be fixed by having a universal, government system.

One can see this in the original, fundamental push for HIPAA, which is the “Administrative Simplification” portion of HIPAA. This portion of HIPAA seeks to standardize the transactions that occur between health care providers. The theory is that standardizing these transactions will result in significantly reduced health care costs. Unfortunately, these cost savings are just that, theory, and not reality.

Reality is that HIPAA means one and only one thing to the vast majority of medical companies regulated by HIPAA. That one thing is the “Privacy Rule” of HIPAA. The privacy rule within HIPAA is designed to protect the privacy of an individual’s health information. However, the actual effect of the privacy rule is to significantly drive up the costs of medical services, which are, in turn, transferred through to the consumers of those medical services; i.e. the public.

HIPAA, and in particular the privacy rule, without question is the single most significant reason why health care costs are skyrocketing in this country. The HIPAA privacy rule adds a number of costly procedures on top of already manually intensive and costly administrative procedures. In addition, HIPAA lays out significant penalties for not complying with HIPAA regulations. Given the addition of costly administrative procedures and threat of significant penalties and fines, is it any wonder why the cost of health care is “out of control”? Of course not.

To those that might doubt that HIPAA is having such a dramatic effect on the cost of health care in this country I challenge them to explain the increases in costs. One common claim is that medical malpractice lawsuits are driving up medical costs. However, medical insurance costs have increased 113 percent since 1987 but medical malpractice rates have only increased by 52 percent. Another claim is that there has been a reduction in Medicare/Medicaid reimbursements However, during the fourth quarter of 2000, Congress passed the Medicare, Medicaid and SCHIP Benefits Improvement and Protection Act of 2000 ("BIPA") which, among other things, increased Medicare and Medicaid payments to health care providers by $35 billion over 5 years with approximately $12 billion of this amount targeted for hospitals and $11 billion for managed care payers. The bottom line is that there is absolutely nothing else that can be causing these costs to expand at their current rate OTHER than HIPAA and thus we must conclude that given the timing involved, it is HIPAA that is causing these costs to expand.

Therefore, it is disingenuous to point to the rising costs of health care as an excuse for yet MORE regulation, when it is regulation that caused the rising costs in the first place. And, in case there is any doubt about how HIPAA has failed so miserably to create cost savings and will fail on an even grander scale in the future, let us analyze the facts involved.

First, the primary source of cost savings within HIPAA are tied to the standardization of these health care transactions. These cost savings are tied to electronic data transactions between health care providers and organizations. Unfortunately, almost nobody in the heath care industry actually uses electronic data transactions. That is the dirty little secret and hence the reason why HIPAA is a complete and utter failure.

Of course there are those that using electronic data transactions, but their use is generally confined to the larger health care companies. Unfortunately, the vast majority of companies that fall under the regulation of HIPAA are small businesses. These small businesses are, as a whole, incredibly technologically impaired and largely rely on manual administrative procedures. In other words, they rely on people pushing paper, not computers pushing standardized electronic forms.

And these companies have little, if any reason to change. As evidenced by the increasing costs of health care, these companies have little, if any incentive to adopt electronic data transactions in place of manual procedures. There may indeed be cost savings to be had, but only after a substantial initial investment in technology. Health care companies have found that instead of making such costly investments in technology to instead simply increase their charges to their customers to cover the cost of the increased privacy regulations. Since there are little, if any controls related to such increases in costs, this is a much more effective way of compensating for the additional costs related to the increased manual effort caused by the privacy regulations.

Herein lies the fundamental flaw within HIPAA. HIPAA defines standards and penalties related to electronic data transactions, but does absolutely nothing to encourage or force health care companies to actually adopt and use electronic data transactions. Thus, the only result of HIPAA is to actually INCREASE the costs of health care, with dubiously little gained with regard to the actual privacy of individual health information or any other advantages.

And herein lies the core tragedy of HIPAA. The very privacy rule that is causing health care costs to skyrocket amounts to nothing other than an inconvenience to the people who’s privacy it is meant to protect. In fact, where exactly this concern over privacy came from is somewhat of a mystery. But wherever it came from, all it means to the public is irritation and inconvenience. Medical care providers calling a patient at home or at work, using phone numbers provided by the patients, may not leave a message with any machine or person other than the patient that contains any information that it is a medical-related call. Medical care providers cannot say “patient”, “exam”, “procedure”, “medical”, “diagnostic”, “test” or the even company name. A message left with a person other than the patient, or left on an answering machine, may only contain an address and return phone number letting the individual know it is regarding an appointment.

The end result is that a lot of the calls are not returned. Some individuals call back saying that they thought the call was a bill collector, sales call, or had no idea what it was about and called to find out. Patients have three additional pages to read and sign at the time of appointment check in, not to mention the six page explanation they are given to take home to review since it is practically impossible for patients to actually read the six page explanation before signing their agreement.

Thus one is left with a system that costs more and provides a worse service to the consumer, the public. And yet here is this piece of legislation, pushed through by who? Who in the world created such a monstrosity of a bill, and who supported it and passed it through the legislature. What special interest groups, Senators and Congressmen helped shape the bill? Is it a simple case of good intentions gone awry? No other explanation seems rational. But regardless of the reason, it is imperative that something be done to correct this travesty.

It comes as no surprise to anyone within Information Technology (IT) that increased security (privacy) comes at a substantial cost in both money and in the usability of the systems. This inverse relationship between security with respect to cost and usability is mantra in the IT world. Every time you make a system more secure, you lose usability and increase costs. The web is a great illustration of this principle. Overall, the web itself has very little in the way of security. This makes the system accessible to literally everyone with a computer. However, if you want to control who comes and accesses your web site, you must put into place security safeguards such as firewalls, authentication and the like. These elements add security, but also significantly increase the costs associated with these systems and also limit the audience to only those that are authorized.

HIPAA is a fundamentally flawed and worthless piece of legislation, perhaps one of the worst laws ever to see the light of day. It is the reason why health care costs are skyrocketing and will continue to increase. And it is the reason why the health care system is less functional and results in worse service to the public. More regulation equals increased costs and decreased service to the public. And despite what politicians may want you to believe, the answer is most definitely NOT more regulation. The answer is to either repeal HIPAA or simply live with its consequences.