STAMFORD, December 6, 2000 — Payer organizations are significantly ahead of providers in several key early milestones for achieving compliance with the Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification regulations, according to a new study conducted by Gartner.

The Gartner HIPAA report reveals that the majority of payers have appointed executive sponsors, staffed compliance committees, completed organizational awareness programs and assessed their status regarding standardized transactions. On the other hand, provider organizations that have completed those early tasks are in the minority.

Notably, 74 percent of healthcare organizations -- both payers and providers -- expect to require assistance from consulting or systems integration firms to help them complete HIPAA assessment projects.

Despite this need, only 15 percent of those surveyed by Gartner indicate that they have developed preliminary overall budgets for achieving compliance. Of those organizations, spending is expected to average almost $9 million. Slightly more payers and providers (24 percent) have identified their HIPAA budgets just for 2001, and the average for next year’s HIPAA spending is $5 million.

“It is not surprising that payers are being more aggressive than providers in their compliance activities, especially when you realize that they may need to accept standardized transactions before the compliance deadline,” said Matt Duncan, Gartner research director and co-author of the survey. “In addition, payers may not be as able as providers to rely on their software vendors, since many of their processing systems are home-grown.”

According to Gartner, most healthcare organizations, with the possible exception of physician practices, will significantly step up their HIPAA efforts over the next quarter, especially with final rules on security and privacy pending.

Other key findings of the study include:

1. Despite HIPAA receiving much attention as the catalyst for the healthcare industry to embrace e-business, only 22 percent of respondents have actually completed a formal e-business strategy.



2. Less than 10 percent of respondents have completed or are currently involved in estimating their organizations’ expected return on investment for implementing HIPAA-compliant electronic transactions.



3. Of all the final and proposed regulations, respondents expect that addressing two privacy stipulations will cause them their greatest difficulty: “patient’s right to examine and change data,” and “user functions that limit access only to those who need to know.”

"The task of complying with the EDI regulations will likely be significantly easier for providers,” explained Jim Klein, vice president and Gartner’s lead HIPAA analyst.

Klein pointed out that while providers will be replacing dozens of different transactions formats with a single standard, payers must revise back-end processing to accept a single standard transaction rather than the proprietary transactions that the payer designed to meet their specific needs.

According to the survey’s co-author Wes Rishel, research director, payers shoulder a bigger burden because they cannot fully rely on clearinghouses or transaction mapping products for compliance.

Rishel observed, “Payers must revise their adjudication programs to eliminate local codes and use standard identifiers. However, that effort could require a substantial investment that could necessitate special remediation tools and skilled outside assistance.”

Gartner launched its first quarterly HIPAA Panel Study in September 2000, to assess how the healthcare industry is responding to existing HIPAA transaction and pending security and privacy regulations.

The Gartner HIPAA survey seeks to understand how healthcare organizations are responding to the challenges of HIPAA compliance over time by studying a representative sample of randomly selected providers and payers. The survey targeted those individuals designated with responsibility for their organizations’ HIPAA compliance efforts. A total of 225 organizations participated, including 104 payers and 121 providers. Payer participants include both HMO and PPO organizations and private health insurers. Provider participants include representation from integrated delivery systems, hospital networks, stand-alone hospitals and physician groups.

Gartner will continue reporting on the industry’s overall progress with quarterly panel surveys, tracking against its HIPAA Compliance Progress and Readiness (COMPARE) scale. For more information about the survey results, please contact Gartner’s QuickPath at (203) 316-1288, or e-mail at indapps@gartner.com.

About Gartner
Gartner provides unrivaled thought leadership for more than 10,000 organizations, helping clients to achieve their business objectives through the intelligent and efficient use of technology. Additionally, Gartner helps technology companies identify and maximize technology market opportunities. Gartner's technology content and strong brand reach IT professionals globally through Gartner Research, its research and advisory unit; Gartner Services, its custom consulting unit; Gartner Events, including Gartner's renowned Symposia; and, at http://www.gartner.com. Gartner subsidiary TechRepublic, Inc. ( www.techrepublic.com) is the leading online destination developed exclusively for IT professionals by IT professionals. Gartner, founded in 1979 and headquartered in Stamford, Connecticut, achieved fiscal 2000 revenue of $859 million. Gartner's 4,300 associates, including 1,400 research analysts and consultants, are in more than 80 locations worldwide. For more information about Gartner's industry-leading products and services, please visit us on the Web at http://www.gartner.com.