Beware of Predatory HIPAA Consultants

As health care regs loom, self-proclaimed experts peddle questionable services

By Julekha Dash

May 7, 2001 12:00 PM ET

Recommended

Computerworld - As the health care industry prepares for complex regulations that will affect most of its systems and business processes, IT managers advise taking cautious steps to avoid being exploited by consultants.

Assess Your Needs

Some tips for managing relationships with HIPAA consultants:

Perform a “gap analysis” to identify organizational needs.

Avoid open-ended engagements.

Make sure you understand your legal obligations before hiring a consultant.

Choose a consultant who has worked in health care for an organization similar to yours.

The Health Insurance Portability and Accountability Act (HIPAA) presents a lucrative opportunity for so-called experts, since noncompliance by health care officials can result in stiff fines and even jail time. The regulations define standards for electronic transactions, as well as measures for protecting the security and privacy of patient information.

In addition, certain aspects of HIPAA remain unclear, making it easy for health care providers to sign up for services they might not need.

In a given week, Ronald Margolis, CIO at the University of New Mexico Hospitals, receives 15 to 50 phone calls from HIPAA consultants. With the exception of consultants who work for its health information systems vendors, the Albuquerque-based hospital chain hasn't used any consultants because it's still too early, Margolis said.

Some consultants have tried clever marketing tricks, such as asking Margolis to participate in surveys that they use to gauge the kind of services his organization will need. In other instances, companies are giving away gadgets such as PalmPilots to people who respond to mailings that are really "leads to a sales call," Margolis said.

Indeed, HIPAA has "certainly got [consultants] in a feeding frenzy," said Greg Walton, vice president and CIO at Carilion Health System in Roanoke, Va. "It's really the obligation of the buyer to figure out what they want from a consultant, [or] the consultant is going to run all over them."

Carilion is "40% done with HIPAA," so Walton doesn't anticipate using any consultants himself. But he cautions against working with consultants who don't have experience in health care, because you may have to spend a lot of time explaining the context to them.

In fact, clients should make sure that a consultant has experience with their specific type of health care organization, whether it's an insurance company, a hospital or a clinic, said Mike Thorsen, executive vice president and chief financial officer at the Rx2000 Institute, a Minneapolis-based nonprofit organization that educates health care firms about business and technology issues.

For instance, a consultant who has primarily worked with insurers wouldn't be well suited for a clinic or hospital, because the environments are completely different, he said.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Privacy

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.