The University of Michigan Health System (UMHS) has settled on IBM's WebSphere Business Integration product to help meet requirements of the Health Insurance Portability and Accountability Act (HIPAA), IBM said Thursday, in what marks the first public announcement of a customer using the software platform for HIPAA-related work.
UMHS is one of the largest health-care complexes globally and includes three hospitals, about 30 health centers, 120 outpatient clinics and its own health maintenance organization, M-CARE, according to the UMHS Web site.
On the IT end, UMHS has more than 10,000 computer connections, said Dan Waltz, director of business and administration in Medical Center Information Technology, a unit that has five directors and more than 300 employees. Waltz himself manages about 2,500 PCs and deals with more than 300 software applications with Unix, Windows 2000 and an IBM mainframe all part of the mix. And now along comes HIPAA, with data privacy standards compliance and the transaction testing deadline set for April.
To prepare, UMHS has run pilot programs with M-CARE to check online real-time eligibility testing and also has done testing with Blue Cross. Those pilots started in November and have gone well, Waltz said. Key issues for UMHS, as for other health-care providers that face HIPAA compliance deadlines, are managing various formats and mapping data and security in transactions and data containing personal information about patients.
"We decided that before we bought the (Business Integration) product, we'd make them prove that it worked," he said of IBM. UMHS considered other possible alternatives to help with the technology component of HIPAA compliance, "but we felt that this solution gave us more flexibility." WebSphere Business Integration for HIPAA, which IBM announced last October, also will allow UMHS to transfer non-HIPAA data around its vast system, and that also was a plus, he said.
HIPAA, passed by Congress in 1996, is meant to simplify electronic-data exchanges among health-care entities such as providers, insurance plans and clearinghouses, and also is aimed at protecting patient information.
WebSphere Business Integration is a key element of IBM's HIPAA Readiness Solution Portfolio. Business Integration will be enhanced in the second quarter of this year, with new process flows and data objects, said Jacqueline Shahin, market segment manager for insurance at IBM.
"Customers didn't realize how complex this really was," she said of HIPAA compliance. "It's not like a CRM (customer relationship management) project ... HIPAA is dynamic. The regulations will change, and nobody really knows how they will change."
The customer support offered by IBM was an important element in UMHS deciding to go with WebSphere Business Integration, Waltz said. "We've been very happy. Hopefully, it will continue after the project is complete," he said of the support UMHS has received.
Neither IBM or UMHS would reveal the cost involved in implementing WebSphere Business Integration, though Waltz said "it's a large project and we're not done paying for it yet. We're paying for it in stages."
Having technology to assist with HIPAA compliance is important, but it's not all that is needed.
"If the technology were perfect, it could do half the job. The tougher half is adapting the technology to the business practices of the organization and adopting the business practices to HIPAA. That is a very person-intensive job," said Gartner Inc. analyst Wes Rishel in an e-mail responding to questions about HIPAA compliance and IBM.
Technology saves time and enables "knowledge transfer in that the HIPAA implementation guidelines are very complex and the vendor's investment in learning them should make it easier for the client than starting with just the bare bones documents," said Rishel, who termed IBM's HIPAA experience "good."