Capgemini Analysis of Overlake Hospital HIPAA Readiness Predicts Microsoft BizTalk Server Can Reduce Compliance Risk
Overlake Hospital Medical Center (with annual revenues of over $200 million) is a highly rated hospital that cares for about 150,000 patients each year.
Like all United States healthcare organizations, it must comply with the federal Health Insurance Portability & Accountability Act (HIPAA) of 1996 (HIPAA) regulations starting in October 2003. This is a process that is extremely time and resource intensive, so Overlake welcomed an evaluation of its readiness.
The Capgemini assessment found that Overlake Hospital was on the road to compliance, and that Microsoft® BizTalk® Server could reduce the risk of compliance, extend the hospital’s EAI connectivity, and position Overlake Hospital for ongoing HIPAA compliance.
Business Issue
The United States healthcare industry faces one of its most far-reaching mandates ever: the federal Health Insurance Portability & Accountability Act (HIPAA) of 1996. HIPAA was enacted to improve the portability of health insurance, increase efficiency, reduce fraud, and strengthen information security and privacy with anticipated savings to the healthcare system of at least $30 billion a year. HIPAA dictates that covered entities—hospitals and other health care providers, health insurers, and clearinghouses—that have filed an extension comply with industry-wide standards by October, 2003. These regulations necessitate fundamental changes to the transfer of information and the kinds of data required, and hence to the existing technical infrastructure of these organizations.
The Overlake Hospital Medical Center in Bellevue, Washington, is well aware of the significant changes HIPAA will bring to the way it processes information, and wants to make the transition to this new order as smooth as possible. It also plans to capitalize on the requirements by upgrading its organizational systems—for example, improving on its current capability for sharing clinical data over the Web.
So when Microsoft approached the hospital and suggested an assessment of the readiness of its existing Hospital Information and Electronic Data Interchange (EDI)- based systems to comply with HIPAA, the hospital administration jumped at the opportunity. Capgemini conducted a four-week evaluation to review the current Overlake Hospital plan for HIPAA compliance, establish the steps needed to bridge any gaps, and discover areas where Microsoft BizTalk Server could provide additional value.
Solution
As a result of the assessment, the Capgemini team reported that Overlake Hospital is on the path to compliance, and that Microsoft BizTalk Server could help close those gaps. Capgemini found that BizTalk Server could serve as a safety net in the event that Overlake Hospital’s primary supplier of information systems, couldn’t develop a HIPAA-compliant information system on time or provide all the necessary data. BizTalk Server could also help Overlake Hospital extend its current Enterprise Application Integration (EAI) connectivity, and position it for future HIPAA changes and continued development of enabling clinical data over the Web.
Overlake Hospital is relying on its software vendors to provide HIPAA solutions to achieve compliance. The assessment found, however, that although vendors are planning for HIPAA, they are focused more on upgrades and patches, than on complete solutions.
For example, MEDITECH is working hard to develop solutions to address some HIPAA regulations—for example, electronic eligibility inquiries and responses—but it has no clear plans to support electronically either claim status inquiries and responses or referrals and authorizations. BizTalk Server can buffer the requirements of the legacy system and fill in any gaps. For example, if the vendor does not create a HIPAA-compliant database on time, BizTalk Server could be used to modify any outbound or inbound data to make it HIPAA compliant.
BizTalk Server can also automate transactions that MEDITECH is unlikely to handle such as claim status inquiries and transaction reconciliation. For example, the Claims Processing Orchestration Schedule (CPOS) within the Accelerator can be set to track the claim transaction (837) over time and for the expected response, electronic payment (835). No response, however, automatically triggers the CPOS to send a claim status inquiry which, by HIPAA regulation, dictates a response from the payer.
Extending EAI Connectivity
Another vendor, SeeBeyond, which provides the current EAI engine for Overlake
Hospital, has built a new HIPAA-compliant version, eGate. In evaluating the purchase
of this software, Overlake decided to research and explore the alternatives, including
the use of BizTalk Server. Could BizTalk Server, with little development time,
deliver patient demographic information across two systems that are not linked
now?
At Overlake Hospital’s request, Capgemini and Microsoft Consulting Services put the question to the test. They used BizTalk Server to pass patient data from the patient registration system to Endosoft, an application for patients receiving endoscopic services. (At present, patient data must be entered manually into each system.) BizTalk Server would function as the EAI engine in conjunction with an HL7 adaptor to link the data. (HL7 is the dominant interface protocol in healthcare systems.)
The trial run was a success. BizTalk Server passed patient demographics between the two systems, demonstrating that it could eliminate duplicate data entry, and that Overlake Hospital staff could implement the new interface with a minimum of effort.
Capgemini is planning another pilot to test a new feature of the BizTalk Server Accelerator for HIPAA. Currently, a patient’s claim may be denied because data to support the claim and justify payment isn’t available. However, adding that information to a claim is difficult—it must be handled manually—because clinical notes and claims processing reside in different systems. Using BizTalk Server to integrate these two systems internally will give Overlake Hospital the ability to collect that information and automatically send it to the payer.
Benefits
The advantages of BizTalk Server don’t end with HIPAA compliance in 2003. After that deadline is met, new HIPAA regulations will take effect as the law is updated. Because of Microsoft’s relationship with Washington Publishing Company (the exclusive publisher of the HIPAA Implementation Guides), BizTalk Server customers will have ready access to updated schema for covering these new or modified transactions. Moreover, as healthcare moves toward an XML future (currently in process with both X12N and HL7 standards bodies), BizTalk Server will make relatively easy work of adapting existing systems to continuing changes because it is based on XML. Furthermore, with its.NET-based strategy, BizTalk Server provides Overlake Hospital with the hooks to clinical and patient data that will help the hospital expand on its current successes in Web-enabling that data.
