Most experts believe that implementing the new federal privacy
regulations will be difficult, expensive and time consuming. Some believe that the cost
for an "average" hospital could be hundreds of thousands of dollars.
Practically every
healthcare facility and provider, and every health insurer is faced with these
issues, and all of them will need some degree of assistance.
In September, 2000, the Fitch bond rating agency issued a report
warning of the costs. Its conclusions were summarized as follows:
"Hospitals may pay three to four times more for HIPAA compliance than was spent on
the technology needed to prevent Y2K problems, according to a recent report by the Fitch
bond rating agency. Fitch warns, "Health care providers who fail to accurately assess
and budget for the significant requirements associated with HIPAA will place themselves at
risk for possible financial peril. This is a wake-up call. Health care organizations need
to prepare for HIPAA regulations now, especially those that already find themselves in
financial or technological disarray."
The new Fitch report asserts that the severity of the financial and operational impact
will be directly related to the level of disparity between that organization’s
current information technology (IT), security, and communications system and those
required by HIPAA. "The government’s estimate for costs of HIPAA compliance is
$5.8 billion and that is a far to conservative figure," according to Fitch analyst
Rebecca Lageman. "We anticipate [HIPAA] costs to be somewhere between three to four
times the amount of expenditures required for Y2K, or an amount in excess of $25
billion."
HMA Strategy Advisors, September, 2000.
