Search the LHSFNA website
Published: Winter, 2003; Vol 5, Num 1


April 14, 2003:

HIPAA Compliance Deadlines Loom;
LHSFNA Offers Solutions

By April 14, most LIUNA health and welfare funds must comply with the privacy requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, and, by October 16, all must comply with its electronic data interchange (EDI) provisions. "Small" funds with annual receipts of $5 million or less have an extra year to meet the privacy deadline.

"More important," warns LHSFNA Computer Services Division Director John Semeraro, "by April 16, all health insurance providers, including all our funds, must demonstrate actual progress toward compliance with the EDI provisions. The clock is ticking."

By April 14, each Fund
must have:

  • A designated privacy officer

  • Written privacy policy and procedures

  • Planned revisions to SPD to incorporate privacy language

  • Authorization forms

  • An employee training program

  • A personnel policy including sanctions for employees who violate the policy

  • Business associates agreement language

Unfortunately, many funds are just now starting to look at their options. "There are a lot of vendors out there offering solutions, but the prices are astronomical and their fit with the unique nature of our funds is problematic," says Semeraro. "Also, as it gets closer to crunch time, vendors are more and more occupied fine-tuning software for clients who already have purchased. If our funds don't move quickly, they could be shut out of the market."

For local funds still searching for a HIPAA solution, the LHSFNA may have the answer. Some time ago, the Fund developed an electronic claims adjudication system that is tested and available, now, for any fund that wants it. However, that system, developed before HIPAA, lacks the web-based, electronic interchange features necessary for full HIPAA compliance. Over the past year, the LHSFNA collaborated with Santeon, Inc., to design and incorporate the EDI features required by HIPAA. The Santeon system recently passed tests at a local fund in Indiana.

"In the market, vendors are selling HIPAA compliance systems for $100,000," says Semeraro, "but through our bulk-purchase arrangement with Santeon, LIUNA funds can get the Santeon system for around $25,000."

Smaller funds that find even this price a substantial burden have two other options, according to Semeraro. "They can contract out their record-keeping and claims adjudication to a third party administrator (TPA). For a fee, the TPA guarantees that all the data processing will be done in compliance with HIPAA.

"Their other option is some kind of cooperative arrangement with other smaller funds. Through a joint purchase agreement, several funds could buy the Santeon (or other appropriate) software and install it on a server that all can access."

To meet the other April 14 compliance deadline-the privacy and security compliance requirement-funds should consider using the web-based Actis Gap Analysis program that Santeon developed and has made accessible to LIUNA funds, free of charge, through the LHSFNA website. To gain access, a fund administrator should contact the LHSFNA for a user ID and password. Once on the site, the administrator will be guided through an extensive series of questions that will explore the fund's current privacy and security programs and assess appropriate adjuncts and modifications. The analysis requires about ten hours of senior administrator time.

Based on that assessment, Santeon will recommend specific action at a specified cost. The fund, then, can choose to proceed with Santeon or to make other arrangements to ensure HIPAA privacy compliance.

For more information on HIPAA compliance options, funds should contact the LHSFNA Computer Services Division at 202-628-5465.

[Steve Clark]