But few states are expected to go the route of Georgia. Instead, they are looking for ways to comply with HIPAA by grafting EDI (electronic data interchange) technology and the standards it adheres to onto existing systems without extensive modifications.

Parlez-Vouz HIPAA?

To date, the answer has been to use translator software that can convert electronic formats and data content so that it can run on existing systems. Translators are front-end software applications -- sometimes called middleware -- that can be used to re-format an incoming claim based on the X12N standard for HIPAA transactions so it can be understood by the state's legacy Medicaid system. The translator can also reformat an outgoing, proprietary transaction so that it complies with HIPAA.

The problem with translators is they cannot create data that doesn't exist. For example, translators cannot create new codes where none existed before, and yet Medicaid systems have nearly 33,000 codes, far more than the new HIPAA codes that replace them.

Conversely, HIPAA will add new fields to health-care transactions that haven't existed before. These extra fields will be necessary for completing HIPAA-compliant transactions and yet they can't be stored in the legacy system, but will have to be placed in a separate database. As one expert pointed out, handling these sorts of modifications are not trivial programming tasks.

Of course states don't have to mess with translators and all the sticky issues that go with customizing software to develop the necessary results. They can contract out the translation problem to a clearinghouse, which will process the nonstandard information into standardized information. Clearinghouses have been doing this for a while, accepting claims transactions from health-care providers and converting them into formats acceptable to payer systems.

Because of their experience, clearinghouses are adept at handling problems that arise when codes and fields are converted from one format to another. They know how to handle error problems and offer other services, including connectivity and communications with other health-care entities, trading partner interfaces, routing capabilities and so forth.

But clearinghouses also have drawbacks. Like the translator software tools they use, clearinghouses cannot create data that does not exist, nor can they eliminate proprietary local codes, the bane of all existing Medicaid systems that must become HIPAA-compliant. They also have limitations in communicating certain kinds of transactions, nor are they all able to support queries in real time. Most do their work in batch mode. They also will have to tackle the problem of HIPAA's privacy regulations. This is a particularly troublesome issue for some clearinghouses that sell or share patient data for marketing purposes.

Less COTS-ly Solution

Some firms are offering states a third solution to the HIPAA problem. Instead of tools or services, they are developing a complete software system that does what translators and clearinghouses do and more, but as a commercial, off-the-shelf (COTS) application. "The popular approaches of using clearinghouses or translators can be very expensive because special programs and data repositories will be required to handle the many new fields and field formats found in a HIPAA transaction," said Jacob Kuriyan, president of Physmark Inc.

Claiming that clearinghouse solutions could cost states tens of millions of dollars, Kuriyan believes a commercial software solution would be far less expensive to implement. "What we are offering is a finished package with just one interface to the legacy system." Physmark's product, called HIPAA Appliance, runs on Oracle's relational database and can accept HIPAA conforming transactions and code sets, as well as convert legacy data into HIPAA compliant transactions. More importantly, it has built-in audit controls that will help states comply with the forthcoming privacy regulations.

As Kuriyan and others like to point out, everything that HIPAA is mandating already exists in other sectors of the economy: computer-to-computer transmission of electronic data, privacy standards for divulging and protecting personal information stored in computers, even security controls. But despite it being the largest sector of America's economy at more than $1.4 trillion per year, the health-care industry is the least automated. And where automation does exist, it's woefully out of date. "What's being required of HIPAA is fairly minimal, but there are so many old systems out there," lamented Kuriyan. As a result, what should be routine in some industries has become a minefield of problems and challenges for health-care organizations, including those in state and local government.