fyi...this appeared in recent edition of Washington Technology magazine. Virtually immune to recession 04/11/02 By William Welsh,Staff Writer Demand for health care IT services unaffected by the slow economy While a shift in national priorities or a dip in the economy might spell trouble for some sectors of the government information technology market, the demand for health services and solutions never falters. When the economy's up, government customers want contractors to help them improve the delivery of health services. When it's down, they want contractors to help them cut or contain costs. "The only thing that changes is the flavor of the request," said Frank Abramcheck, vice president of business project management for Electronic Data Systems Corp., Plano, Texas. The sector is so steady and predictable that companies specializing in health care solutions are virtually immune to a recession, said David Mastran, president and chief executive officer of Maximus Inc., Reston, Va. "As the economy gets worse, the opportunity gets better," he said. Health services is the fastest-growing sector in the state and local government IT market, outstripping administration and finance, criminal justice and human services, according to Gartner Dataquest of Stamford, Conn. The market research firm reports the sector is growing at an annual rate of 10.5 percent and will increase in size from $4.6 billion in 2002 to $6.2 billion in 2005. Health and human services combined are expected to account for 30 percent of all state and local spending by 2003, according to the market research firm Input Inc. of Chantilly, Va. State and local integrators are bidding on a mix of traditional and emerging health care IT opportunities that include decision support systems, fiscal agent services for processing Medicaid claims, immunization registry and tracking, pharmacy benefit management and Health Insurance Portability and Accountability Act planning and implementation. Two giants in the sector, Affiliated Computer Services Inc. of Dallas and EDS, handle most of the Medicaid contracts in the nation. EDS has 20 of these multimillion-dollar contracts, while ACS has 13. Both companies include Georgia on their lists, where the contract will transfer Dec. 1 from EDS to ACS. On that date, ACS will launch the first phase of a groundbreaking contract, known as the Georgia Health Partnership, that will consolidate the administration of health claims for Medicaid, state employees and uninsured children into a single program. ACS derives $300 million of its $2 billion in annual revenue from IT related to health services, said Harvey Braswell, group president of government services for ACS. For its part, EDS derives 8 percent, or $1.7 billion, of its $21.5 billion annual revenue from health and human services solutions for the public and private sectors globally. "I've never seen as many opportunities in the state health care business in the last 30 years," Braswell said. NEW MARKET DRIVERS Looking ahead, industry officials see growth in the health services market driven by two major opportunities. One is helping state and local governments counter and respond to bioterrorism attacks; the other is helping various components of state health care operations comply with HIPAA. Spending on bioterrorism defense has already begun. Congress approved $2.5 billion in the fiscal 2002 defense appropriations bill, and in January approved another $2.9 billion, of which $1.1 billion will go to the states. President Bush has requested an additional $5.9 billion for bioterrorism defense in fiscal 2003. While integrators struggle to get a grasp on the vague requirements for IT work related to bioterrorism defense, they also are eyeing more tangible business in helping the states comply with HIPAA regulations. Congress passed HIPAA in 1996 to standardize the electronic transmission of data within the field of health care. Any organization in the private or public sector that handles medical records must comply with rules for electronic data interchange, privacy and security. The EDI rules become effective Oct. 16, while the privacy rules become effective April 14, 2003. The security rules are not out yet. The bulk of HIPAA compliance work at the state level involves Medicaid systems. The effort to upgrade the systems and bring them into compliance with HIPAA is being coordinated by the Department of Health and Human Services' Centers for Medicare and Medicaid Services. States are expected to spend about $3 billion on HIPAA compliance, according to government and industry officials. State officials in North Carolina, one of the states farthest along in the process, estimated it will cost $199 million for implementation, said Karen Tomczak, HIPAA director for the North Carolina Department of Health and Human Services. Although new HIPAA business for integrators is not expected to fully materialize until early 2003, many are already providing consulting services to the states, helping them prepare for implementation. "The consulting work is booming. ... We are seeing a big rise in our [consulting] work," said Mastran, adding that Maximus has nine HIPAA jobs in various stages of progress. HIPAA has attracted both small and large integrators as well as companies that aren't typically associated with the state and local market. The defense contractor Raytheon Co. of Lexington, Mass., is looking for opportunities with federal agencies in the Department of Defense and elsewhere in the federal government that must comply with HIPAA. The company has developed an automated survey-based tool called Risk Doctor that simultaneously performs gap analysis and risk assessment. The solution is deployed at the University of North Carolina. "Our goal is to test it in the private sector and make sure we have a tight package before taking it to the public sector," said Harold Frohman, Raytheon program manager for Risk Doctor. He said the company is looking for opportunities for HIPAA consulting with federal agencies. While Raytheon is leveraging its federal expertise, other companies are touting their expertise with either year 2000 solutions or the health sector as key qualifications for HIPAA planning and implementation. Keane Inc. of Boston is introducing a full-service HIPAA compliance solution April 15, and is marketing it heavily to the states. The company sees a significant business opportunity in HIPAA planning and assessment, compliance and compliance management, said Larry Vale, Keane's vice president of corporate communications. "We wouldn't launch unless we saw a very significant opportunity," he said. Although the company has completed HIPAA risk assessments for Connecticut and North Carolina, the timing wasn't right until now to promote it. "We thought it was too early in the process, because the regulations were still in flux and there wasn't a hard deadline," Vale said. Some agencies and organizations initially think they can handle it themselves, but once they fully appreciate the scope of the project and the short timeframe they have for implementation, they will be looking for integrators to assist them, he said. "[This year] you will find more entities going out to integrators," Vale said. So far virtually all of the work being done is consulting as opposed to the actual implementation of the rules, Mastran said. ACS and EDS both have HIPAA consulting practices and expect to do brisk business in the states where they are responsible for Medicaid management. Some states will build new Medicaid management information systems from the ground up that are HIPAA compliant, while others will use other approaches, said Susan Calzoncit, principal consultant in the health care global industry group at EDS. "There is a very strong agreement by [the Centers for Medicare and Medicaid Services] that translators, clearinghouses and middleware are viable approaches to compliance," she said, noting that the majority of EDS' customers are taking such approaches. While states are struggling to comply with the act, they should stay focused on the benefits it will provide once it is implemented, she said. The implementation will enable everyone to use the same electronic language for claims processing, eligibility requests and payment transfers. "Pushing that kind of efficiency into the system - that's what HIPAA is all about," she said. UNREALISTIC DEADLINES While no one in state government disputes the wisdom of standardizing health information for electronic transmission and protecting patient confidentiality, state technology officials are exasperated that Congress would pass such a law without providing the funds necessary to cover the cost of implementation. Iowa Chief Information Officer Richard Varn, in fact, said the states were "betrayed" on multiple counts by Congress and the Clinton and Bush administrations over HIPAA. Federal officials are issuing the three rules with separate deadlines rather than a single deadline as requested by the states, Varn said. They didn't coordinate the initiative with the same zealous commitment they applied to the year 2000 problem. They refuse to provide funding for affected state health systems other than Medicaid. Varn said the one-year extension of the deadline for EDI rules granted earlier this year created a false sense of relief among federal officials. "Now they have the expectation that what they've done will allow us to complete the project on time," he said. Varn said several factors will make it difficult for states to meet the HIPAA deadlines. These include the size and complexity of the task, the absence of the security regulations and extremely tight budgets. "Anyone who has ever done IT knows that you get all of your customer requirements first, or it will cost you more money in the long run," Varn said. Given the circumstances, Varn said he doesn't think any state will be in full compliance by the deadlines. Tomczak agreed. "There are a lot of states that haven't been able to get started because of budget constraints. ... A lot of states will miss the deadlines because they don't have the money for it," she said. John Goggin, vice president for electronic government strategic service at the market research firm Meta Group, Stamford, Conn., said substantial federal funding for HIPAA is highly unlikely at this point. Congress and the executive branch have become disenchanted after years of funding state programs, such as Medicaid and child welfare, that haven't functioned as expected. Add to this the knowledge that states are perfectly capable of handling on their own potentially catastrophic problems, such as Y2K. "The federal government gave them nothing for Y2K, and the states were able to do it on their own," he said. "What's that tell the federal government about how they want to proceed?" Varn pointed out, however, that in preparation for Y2K, the federal government appointed a point person who coordinated development of processes and solutions that ultimately led to a specific methodology for the public sector to follow. This has not been the case with HIPAA. "There was a lot more sharing in general and a sense of working together to comply. I don't get the sense that the federal government is doing that [with HIPAA]," he said. HELPING HAND Although Congress didn't provide funding for HIPAA when it passed the law, Health and Human Services provides "enhanced" funding for HIPAA-related changes to Medicaid systems through an existing reimbursement program, said Rick Friedman, director of the division of state systems within the department's Center for Medicare and Medicaid Services. The federal government provides matching funds up to 90 percent of the cost for EDI and security work and 50 percent for privacy work. The Center for Medicare and Medicaid Services, known as CMS, also is offering some consulting assistance to the states, Friedman said. The organization has developed an assessment checklist to be distributed to the states this month that will assist them in determining their level of capability for implementing HIPAA changes to tier systems and processes. The center also will visit six to eight states over the next three months and hold workshops to help the states toward HIPAA compliance, Friedman said. CMS and Titan Corp. of San Diego will provide program and technical assistance, respectively, during the workshops, he said. The meetings are only to assist states with their efforts and are not intended to evaluate their progress, he said. The nation's governors are deeply concerned about the potential cost of compliance. At their annual winter meeting, held Feb. 23-26 in Washington, the governors called on Health and Human Services to provide better guidance to the states on federal programs covered under the act. The governors also called on Congress to recognize the financial burden of HIPAA implementation and to provide adequate federal funding to assist the states in achieving compliance. The efforts of CMS and the governors may give state officials the psychological boost they need to meet HIPAA's looming deadlines. With the first deadline less than a year away, integrators are seeing an uptick in HIPAA-related business, said Keane's Vale. This is because states are realizing they need the integrators' help. "A lot of folks think initially that they can do it themselves. [But] the more people look into it, the bigger they see it is," he said. Staff Writer William Welsh can be reached at wwelsh@postnewsweektech.com.