Who Pays should pay for HIPAA?

Perhaps the most complex aspect of the healthcare vertical is the payment systems. Generally, a subscriber to a managed care plan pays some deductible, with an employer of that patient paying the rest to the managed care plan. The doctors who are part of those plans bill the plan directly for services rendered.

There may be intermediary services to which doctors subscribe to determine the eligibility of the patient. Hospitals also may bill patients and/or managed plans and have doctors, who may also be part of those plans, whom they need to pay. As you can see, the payment aspect can be quite complicated. In the end, the question of who pays is perhaps best answered by asking who benefits from these security solutions. Beneficiaries can be examined in two categories: those parties who would benefit from more cost-efficient solutions enabled by security technology, and those parties who are required to adhere to specific compliance regulations.

Those gaining the most from cost efficiencies are the managed care providers. Due to the large volume of claims they must handle, fraudulent claims, and mistakes of processing claims for doctors not in their plans, any solution that can reduce costs and improve claims accuracy would be worth paying for. If claims submitted by doctors or hospitals could be done electronically, but with a legally binding digital signature, then the costs of claims processing would drop substantially. Based on a March 11, 2002, Dallas Business Journal article, on average, a paper-based claim process costs about $10 per claim. Electronic filings would reduce that number by nearly half, resulting in a 50 percent saving!

Multiple parties will need to be concerned about compliance. Mainly the managed care providers and hospitals need to do this because they manage thousands of patients and their related information. Hence compliance violations could add up to serious consequences. Doctors generally also must adhere to HIPAA and related compliance guidelines, but they tend to see far fewer patients; thus, noncompliance would have a lesser impact on them than on hospitals and managed care providers. (Of course, the patient impact is severe if privacy or security is breached regardless of who manages that information!)