New Mexico gets ready for HIPAA compliance
Connecting state and local government leaders
As states scramble to meet the April 14 deadline for the Health Insurance Portability and Accountability Act's privacy rules, New Mexico is smoothing its way to compliance by focusing on data integration.<br>
As states scramble to meet the April 14 deadline for the Health Insurance Portability and Accountability Act's privacy rules, New Mexico is smoothing its way to HIPAA compliance by focusing on data integration.
HIPAA's privacy rule took up 40 pages of the Federal Register, plus 900 pages of preamble and explications, said Mary Gerlach, CIO of New Mexico's Health Department. 'All of this was in three columns, in tiny print. It's a very challenging law,' she said.
Among other measures, the privacy rule requires that individuals who receive health care have to receive a notice of privacy practices from the provider. The individual has to sign a form that they received such a notice of privacy, and those forms must be tracked, Gerlach said.
New Mexico's role as a health care provider is a large one. The state runs substance abuse and mental health services and programs for the developmentally disabled, as well as six residential health facilities, hospitals and a research laboratory.
New Mexico has no county health departments, and among cities, only Albuquerque runs its own health department.
New Mexico is the fifth-largest state geographically, but its population of 1.8 million is widely dispersed, Gerlach said. The state had no choice but to establish an electronic tracking system for all the privacy information state health care providers will have to monitor under HIPAA, she said.
'We took all of our legacy systems, and instead of remediating them, we built an integrated client data system atop our legacy systems using Microsoft Corp. products,' Gerlach said.
The Integrated Client Data System (ICDS) runs under Windows 2000 Server and uses Active Directory services. It also has a SQL Server 2000 back end and an ASP.net front end.
HIPAA also requires that by Oct. 16, financial health care transactions be made using ANSI X12 and ANSI X12N standard formats, Gerlach said. ICDS will use Microsoft's BizTalk to translate other formats to the ANSI formats.
The department began training employees and other contract workers about the HIPAA rules last month via the Web using Internet Explorer 6.0, Gerlach said. About 62 percent of the work force has been trained in the basics of HIPAA, she said.
NEXT STORY: HSD readies first-responder grants