Managed Care Information Center
Home / Inside MCIC / Press Releases

E-mail a Friend
Health Resources Online
* * *
Health Resources Publishing
* * *
Wellness Junction
* * *
Healthcare Intelligence Network
Contact MCIC

Managed Care Information Center
1913 Atlantic Ave., Suite F4
Manasquan, NJ  08736
(732) 292-1100
fax: (732) 292-1111

MCIC Press Release

For more info, contact MCIC:
Phone: (732) 292-1100
Fax: (732) 292-1111

Hot Off The Press

HIPAA Dares Healthcare To Change Its Ways

Manasquan, N.J. -- Changing corporate culture so protected health information (PHI) stays private is one of the biggest challenges of complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), according to experts who took part in the Managed Care Information Center’s HIPAA audio conference.

Under HIPAA, PHI includes "oral information or information recorded, maintained, or transmitted in any form ... that’s created, or received by a covered entity" and relates to an identifiable patient’s past, present and future medical care or payment, said Richard Marks, an attorney with the Washington, D.C., firm of Davis Wright Tremain.

The definition means that common practices — such as keeping PHI in easily accessible charts that can be moved from one place to another — risk breaking HIPAA rules, according to Sybil Ingram-Muhammad, HIPAA engagement manager with Beacon Partners, Boston.

In addition, organizations or sole-practitioners that use off-site transcription services also should be concerned that PHI could be faxed or e-mailed to the wrong office, or kept on an unsecured home computer, she said.

At stake: a penalty of one year in jail and a $50,000 fine.

"It’s a penalty which, in the wrong circumstances, could result in somebody’s being on the wrong end of a criminal indictment when they didn’t think they did anything that they believe was wrong," said Marks.

He suggested that small, all-paper practices shouldn’t think HIPAA doesn’t apply to them because they don’t process data electronically.

"By the time we get to 2003, 2004, it will be so difficult as a practical matter of economics to be submitting claims other than in electronic form that there really is not going to be any opportunity for people in the healthcare business to avoid being part of HIPAA. So, the notion it can be avoided is a pipe dream," Marks said.

Ingram-Muhammad said her assessment of healthcare sites revealed security breaches in which PHI was found in trashbins, in physicians’ lounges and on computer monitors, among other places.

Foresight and Flexibility

Preparing for HIPAA requires foresight as well as a sense of business and an awareness of what can go wrong, according to the experts who took part in the MCIC conference.

For example, Marks said the audit trail the law requires will make it easier for plaintiffs to win lawsuits against negligent providers.

"You have to ask yourself, ‘What sort of operating policies must we prepare,’ and realize that those policies are not just going to guide you in business, but they’re also going to be among the early exhibits in any litigation, so they’ve got to be prepared with that in mind," he said.

On the technical side, "One of the things you’ll want to do is identify where you’re weak [and] where you’re strong. Shore up those areas where you’re weakest and move forward from there," said Ingram-Muhammad.

HIPAA compliance also requires flexibility, according to Mike Safran of Milliman USA.

Strategically, Safran said, you should be able to step back and ask, "O.K., if we were going to start our business today, looking at the environment we’re in, the industry we’re in [and] the competitive forces that are around us, how would we build this business?"

Also, don’t rely on software vendors to make you HIPAA compliant, the experts warned.

"There is no such thing as a HIPAA-compliant product. The entity is what makes itself compliant," Ingram-Muhammad said.

Vendors who tell you they’re HIPAA-compliant don’t know what they’re talking about, said Marks.

Address: The Managed Care Information Center, 1913 Atlantic Ave., Suite F4, Manasquan, NJ 08736; (732) 292-1100,

For more information contact The Managed Care Information Center, 1913 Atlantic Avenue, Suite F4, Manasquan, NJ, 08736, toll-free telephone 1-888-THE-MCIC (1-888-843-6242), fax 1-888-FAX-MCIC (1-888-329-6242), e-mail or online at

# # #

Back to List of Releases

Top | Home

Resource of the Month | Database of MCOs | Publications | News & Industry | Surveys & Research | Free Products | Advertising Arena | Inside MCIC | Managed Care Archives | | For Subscribers | Customer Service

©2002 The Managed Care Information Center