Suppliers Are Dancing the HIPAA Hop

By Paul Harris

As the healthcare industry grapples with urgent new training requirements imposed by Congress, e-learning suppliers are offering their services, eager for a market that’s largely new to online learning.

Organizations that maintain medical records of patients or employees are busily training healthcare workers about new government rules on the confidentiality of those records. The push is being called the biggest IT scramble since Y2K.

It’s also being touted as a golden opportunity for content and platform e-learning suppliers to seize potentially lucrative new corporate and government training contracts, especially from organizations still dependent on instructor-led training.

At issue is the Health Insurance Portability and Accountability Act (HIPAA), a law passed by Congress in 1996 that dictates an April 14, 2003 deadline for compliance. HIPAA’s goal is to simplify electronic data exchanges among healthcare industry professionals and protect the security of electronic patient health information. Any organization that accesses, stores, maintains or transmits patient information is affected by the law. Those that don’t comply face severe penalties.

An estimated 60 million people are affected, including 12 million who work for healthcare organizations, insurance companies, pharmacies, and other organizations. Consulting firm Frost & Sullivan estimates that the law will generate US$1.3 billion in total spending by 2003, most of it focused on privacy and confidentiality training for staff.

But unlike the Y2K deadline to which the law is compared, HIPAA’s training obligations are open-ended. A new level of accountability will affect healthcare providers, payers, and others who maintain medical records of employees and customers such as HR departments and company safety offices. The law also adds a complex set of rules to other statutes that many organizations must meet, such as OSHA, EPA, and FDA regulations.

Not surprisingly, scores of content suppliers have assaulted the marketplace with a barrage of HIPPA-related e-learning and instructor-led courses. Online learning suppliers feel that their course offerings aimed at busy and scattered workforces, at prices that appeal to fiscally-challenged companies, are perfectly suited for the mandate. To reach this market, many learning suppliers have hurriedly formed partnerships with healthcare regulation consultants and others to obtain instant expertise.

For training managers both inside and outside of healthcare, HIPAA means not only new targeted training demands, but also the burden of establishing and maintaining auditable training records to demonstrate compliance with the law.

Chaos in the marketplace

The market for HIPAA compliance training emerged last August when affected organizations suddenly awakened to the fast-approaching compliance deadline set by the Department of Health and Human Services (HHS). The HIPAA training need has attracted the full range of players, from mom-and-pop consulting shops to giant IBM.

Indeed, the HIPAA training marketplace has been likened to the wild frontier. “There is chaos in the marketplace right now,” says one e-learning exec. “Many people don’t fully understand what they must do to achieve compliance. It’s more than simply training.”

Another training expert reports “a tremendous amount of concern and interest about HIPAA training, especially with the April 14 deadline looming.” Companies are scrambling for the right tools, with e-learning playing a prominent role, she says. Other experts describe the landscape as a “field of weeds” as some content providers rush in with inferior HIPAA content.

The market represents both an opportunity and a challenge for the e-learning sector, believes Bryan McClain, manager of advanced distributed learning for Delex Systems, a Vienna, Virginia, online training provider. “If it weren’t for HIPAA, the healthcare industry would not have come to e-learning for some time,” he says. That’s because the industry is “not known for leaping into information technology that doesn’t add to the quality of care.” According to McClain, the health care industry is clearly struggling with the assignment.

Depending on their obligations, affected organizations can meet their HIPAA requirements with training that ranges from a simple half-hour overview to an intense three-day credit course. The vast majority of affected individuals, such as HR employees, can be briefed with the minimum amount of training. But physicians, nurses, and other providers must follow specific new procedures when they’re around patients, while insurance companies must also heed new rules designed just for payers. Every organization must create a document for its own internal HIPAA policies and procedures.

Although compliance with the law will be required by April, enforcement will come only in response to complaints. HHS will not randomly inspect organizations and facilities for compliance.

IBM stakes its turf

The significance of the HIPAA market is perhaps best demonstrated by IBM’s zeal in pursuing it. The company’s Mindspan e-learning unit is being mobilized as one part of a broad portfolio of products and services the corporate giant has rolled out for healthcare and insurance companies preparing for the HIPAA mandates.

Introduced in October, IBM’s WebSphere Business Integration software for HIPAA will integrate and manage business processes for healthcare and insurance companies. The package features built-in HIPAA content to help users automate business processes, such as claims processing transactions, to help achieve HIPAA readiness.

WebSphere is the core component of an end-to-end portfolio of HIPAA-related offerings. For example, e-learning courses operating on the IBM Mindspan Lotus LearningSpace platform help provider and payer organizations gain HIPAA readiness. And the IBM Mindspan HIPAA Training Solution, a joint effort between IBM and HIPAA content provider Health Care Compliance Strategies, offers multimedia computer-based training courseware that combines video scenarios, audio, text, and interactive exercises to train healthcare employees.

“This is a major opportunity for us and for e-learning in general,” says David M. Rosenthal, director of business development at HCCS. “Since there is a limited timeframe to get thousands of individuals trained, many organizations are turning to e-learning for the first time. They are discovering the value of e-learning and what it can bring to a company.”

Separately, HCCS has formed a strategic alliance with the Greater New York Hospital Association, which represents 200 not-for-profit hospitals and continuing care facilities in the region. The training package includes completion certificates and CME/CEU [LTG] credits for users who complete the course. The software also provides detailed monthly reporting for measuring completion and effectiveness of the training.

Similar e-learning partnerships have been formed throughout the HIPAA training universe. For example, the National Association of Chain Drug Stores in Alexandria, Virginia, has signed with Washington, D.C.-based CFM Partners to handle Internet-based and CD-ROM training for HIPAA. The association is providing the content.

In an e-learning partnership aimed at pharmaceutical companies, Los Angeles-based medical content provider Medsn has partnered with ePharmaLearning (ePL) to provide e-collaboration and e-meeting solutions. The venture combines ePL e-collaboration solutions with Medsn e-learning content modules so that pharmaceutical companies can deliver blended learning sessions in dramatically less time and with lower cost than traditional methods. HIPAA training is included in the package.

Meanwhile, a host of new ventures have emerged to serve the market with HIPAA courses, many of which are preapproved for credits from healthcare organizations. Among them:

HIPAAdocs Corporation [link to www.hipaadocs.com]. This Columbia, Maryland-based dot.com bills itself as “the online resource for implementation of HIPAA privacy and security regulations.” It offers a variety of online tools to simplify the regulations and keep subscribers current with changes. HIPAAdocs has joined with the American Medical Association to launch AMA HIPAALink, a new online resource aimed at helping physicians and staff comply with HIPAA regulations for patient privacy.

HCProfessor [link to www.hcprofessor.com]. A library of 14 job-specific HIPAA training courses are being offered by this online learning division of HCPro Corporation, a healthcare publisher and educator based in Marblehead, Massachusetts. Continuing education credits are offered for submittal to the various healthcare certification organizations.

HIPAALearn [link to www.hipaalearn.com]. Cambridge, Massachusetts-based eXstream Solutions has derived HIPAALearn from its flagship OpenLearn software suite with LMS, authoring tool, and services. A variety of HIPAA-related online courses are targeted to specific job functions.

HIPAASimple.com [link to www.hipaasimple.com]. This online privacy compliance program is offered to healthcare providers in private practice. It’s billed as a quick and easy centralized compliance solution, including tailored materials, regular updates, and information from HIPAA regulation experts. Rather than being offered general-purpose materials, users answer basic questions about their practice and then receive documents, training materials, and guidelines specific to their situation. “There are no books to read, seminars to attend, or consultants to hire,” the program states.

Genesys Software Systems. This Methuen, Massachusetts, provider of software and outsourcing services for learning management and HR is offering a slate of HIPAA training courses via the LMS from its PeopleComeFirst [link to www.peoplecomefirst.com] learning division. The courseware was developed by Graphic Education, a partner company with experience developing computer-based training for the healthcare industry. “We've designed these courses to help organizations fully understand and comply with all legal nuances [of HIPAA] and designed tools to streamline the reporting process without hiring outside services,” says one official.

LessonCenter [link to www.lessoncenter.com/Hipaa.asp]. This venture from Delex Systems in Vienna, Virginia, partners with HCPro for content. A proprietary courseware development tool enables organizations to easily add specific HIPAA information, such as state laws or internal procedures of a specific hospital client.

Brainvisa Technologies [link to www.brainvisa.com.]. Based in India, this e-learning firm has joined the HIPAA training brigade with a variety of products, including off-the-shelf and custom HIPAA courseware and an LMS into which they can be integrated.

Thomson eyes HIPAA certification

Another HIPAA training partnership combines the resources of learning heavyweight Thomson Corporation with HIPAA Academy, a HIPAA skills and knowledge development organization. HIPAA Academy is owned by ecfirst.com, an Iowa-based B2B integration company.

An aggressive business plan calls for being first to launch a learning and certification program that would serve the national standard for healthcare professionals. Thomson is the exclusive courseware and training provider for all HIPAA Academy Level certification tracks.

Thomson’s Course Technology unit is publishing the “HIPAA-certified” courseware materials and books using its flexible approach to teaching and learning. Its NETg e-learning unit is supplying online learning content, while its Prometric unit provides a suite of testing and assessment services.

“Hopefully our relationship with the HIPAA Academy, and its planned certification, will put us in the number one position for HIPAA certification training,” says Don Fabricant, senior vice president in the instructor-led training group of Course Technology. The Thomson unit has developed three separate HIPAA instructor-led certification tracks with accompanying manuals: a three-day HIPAA professional course, a one-day administrator course, and a half-day overview course. A two-day course for security specialists will be introduced soon.

However, the venture has raised eyebrows among competitors who are dubious about any certification effort that doesn’t involve a third party. “Without a third party, you have an inherent conflict of interest,” says one e-learning content competitor. “If you set your own standards, of course you’re going to meet them.”

Jane Appold, NETg’s product marketing manager, says NETg is offering three interactive privacy courses directed to healthcare workers, insurers, and business associates. “Our next move is in the security area,” she says. The e-learning courses are designed to quickly brief people on HIPAA, and are not currently connected with the classroom certification training products. NETg products integrate with various LMS platforms, and can also be accessed via its hosted service or through CDs.

Appold agrees that the HIPAA training market is a golden opportunity for e-learning firms

such as NETg to make inroads. “There is such an important need for quick training and a turnkey solution that [HIPAA] is certain to attract customers who have not been receptive to e-learning in the past,” she says.

Plateau pursues enterprise platform

Several LMS suppliers are similarly pursuing opportunities in the new HIPAA compliance market, both as a specific profit center and an avenue to chase other corporate e-learning business. Among them is Plateau Systems, an aggressive marketer of its Plateau 4 enterprise LMS. Plateau is offering the platform with custom HIPAA content and consulting from other suppliers in a turnkey package for corporate HIPAA compliance.

Plateau hurdled past competitors in October when it landed a hefty contract to help train the U.S. Military Health System on its HIPAA obligations. The Arlington, Virginia, e-learning company was selected by Booz Allen Hamilton to share in a $3 million contract to develop, implement, and manage Web-based HIPAA training and compliance tools across the entire Military Health System (also called TriCare). Approximately 130,000 military healthcare providers will be trained under the contract.

Brad Cooper, Plateau System’s senior vice president, says the company is eager for the opportunity. “By managing all HIPAA training on one enterprise platform and developing a strategic initiative with consulting from Booz Allen, the Military Health System is taking a proactive approach to a complex and mission-critical learning need,” he says.

Cooper asserts that large contracts can be won on the civilian side as well, especially from companies that need an excuse to purchase an enterprise LMS. Plateau is eyeing pharmacy chains and medical device manufacturers, already a strong customer base.

“Regulations like this become the catalyst for a sale,” he says. “Often, a training department can’t get the tools it needs to unify its training initiatives, and it’s frustrated. When something like HIPAA comes around, it creates a requirement that’s not easy to meet, one that is also visible at the highest levels of an organization.” In short, it’s a concept upper management can embrace to justify an expensive e-learning purchase far more easily than some fuzzy ROI projection of increased performance from a call center.

Principally, an enterprise LMS enables a healthcare company to create a valuable “audit trail” around HIPAA compliance training. A Plateau briefing paper presents the case effectively: “Based on precedent set with other HHS organizations, a critical part of establishing and maintaining compliance with training regulations is the capability to establish and maintain auditable training records. Combine that with the need to deliver timely, targeted instruction to thousands of personnel dispersed across multiple locations and divisions, and HIPAA creates requirements that only an enterprise learning solution can meet.”

Like many other e-learning suppliers, Plateau is confident that once the healthcare industry begins to appreciate the many advantages of online learning, it will seek its services to meet future training needs.

Paul Harris is a Washington, D.C.-based freelance writer.