تاثیر تصویب استانداردها بر عملکرد معاملات بهداشت و درمان: بررسی موردی HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is a standard for the healthcare industry mandating, in part, use of the EDI X12 protocol set for data exchanges among industry members. The motivation underlying this change was the view that lack of a standard format for healthcare data created significant inefficiencies, resulting in increased costs within the industry. With regulators’ supposition that the standard would improve data exchange performance, we set out to determine the actual performance implications of HIPAA. Using data on transactions occurring over 106 months from 1998 to 2004, we study the impact of the HIPAA standardization requirement on transaction performance in the form of transaction delivery time and transaction quality measured as percentage errors. Performance is expected to deteriorate immediately following HIPAA compliance, due to system disruption, before a longer-term trend toward improved performance. Transaction performance immediately following HIPAA compliance shows deterioration in transaction delivery time, as expected, but a surprising improvement in transaction quality. The longer-term trends associated with HIPAA compliance for both transaction quality and transaction delivery time show that both are trending toward improvement. However, when we compare performance three, six, and 12 months before and after HIPAA compliance, we find that neither delivery time nor quality has improved. The implications for practice and theory are discussed.

Healthcare is a highly regulated industry in which numerous standards are endorsed and mandated (Menon et al., 2000). Technology standards are a subset of the numerous classes of standards used in the industry. The primary goal of technology standards is to improve information flow both intra-organizationally, among areas within healthcare provider entities, as well as inter-organizationally, between various participants in the healthcare supply chain (Premkumar and Ramamurthy, 1995). The desired outcome of improved information handling performance includes reducing costs and increasing productivity. However, there is little evidence as to how much, if any, performance improvement the healthcare industry has gained due to technology standards and their requisite information technologies (Chaudhry et al., 2006). In this study, we examine the specific case of the Health Insurance Portability and Accountability Act (HIPAA), mandated by the U.S. federal government. We study the short- and long-term impact of this standard's adoption on the performance of transactions between payers (insurers) and medical service providers (hospitals, etc.). Specifically, we measure the impact of HIPAA compliance on inter-organizational transaction delivery time and transaction quality. This is the first empirical study (to our knowledge) investigating HIPAA’s impact on transaction delivery time and quality using objective data. Adopting new standards requires participants to change the nature of task specifications, task processes, and metrics (Venkatesh, 2006 and Bendoly et al., 2007). Typically, in adoption of voluntary standards, the firm weighs the relative advantage over and compatibility with existing processes and metrics, as well as the complexity, trialability, and observability of the standard as an innovation (Rogers, 1996, p.16). In contrast, legislated standards, as in the case of HIPAA, are forced upon adopters regardless of the potential benefits of the adoption. This raises questions as to the ultimate value of the implementation. Although this study investigates a healthcare industry standard, our findings may generalize to other settings and industries in which mandatory standards are implemented. In particular, this study serves two practical purposes. First, our analysis provides current industry administrators with valuable insight regarding adoption and implementation processes of mandatory standards. The results can inform their judgment in decisions related to monitoring and managing performance both prior to and following implementation (Venkatesh, 2006). Second, this study can aid administrators and regulators in planning future industry standards. Discerning the timing and magnitude of performance effects of mandatory standard compliance can guide these parties in two ways. The large-sample analysis reported here should help to create realistic expectations among industry and regulatory bodies related to the adoption of mandatory standards, and secondarily, aid these bodies in developing strategies to counteract the predictable performance effects of such standards implementation. This study contributes to the management literature by documenting the performance effects of a mandatory standard. The study results show that adoption of the HIPAA standard is associated with significant immediate (short-term) effects on transaction performance, specifically improvement in quality (percentage errors decrease) and degradation of delivery time (delivery time increases). In the longer-term, both performance measures show trending improvement, i.e., delivery time and percentage errors both decrease. However, there is no evidence that HIPAA is associated with an overall improvement in transaction delivery time or quality when performance is compared across three pre- and post-compliance time windows. The remainder of the paper is organized as follows. We first establish the practical and theoretical foundations for the study model, hypothesizing HIPAA’s immediate and trending relationships with performance as well as the pre- and post-implementation performance. We empirically test the research hypotheses using panel transaction data from a healthcare industry clearinghouse. We conclude the paper by drawing conclusions for both the research and practitioner communities.

This study empirically analyzes the impact of the mandated HIPAA information-processing standard on industry transaction performance. The enactment of the HIPAA standard provides an opportunity to study these issues related to the introduction of an information processing standard in the large and complex structure of the U.S. healthcare industry. Our results are not entirely consistent with expectations developed from theory in predicting both the positive and negative performance effects of such standards. Overall, transaction performance at the industry level has not improved nearly three years following the mandated HIPAA standards deadline. This aligns our results with the proponents of reflexive standardization theory (Beck, 1994 and Hanseth et al., 2006). Entities (i.e., organizations, supply chains, etc.) incur significant risk when adopting standards whose effects have unknown implications. “We standardize in order to integrate, order, and control a fragmented world and to reduce its complexity, to forge order out of chaos” (Hanseth et al., 2006, p. 567). While the changes needed to comply with standards provide benefits that arise from uniformity, the standardized process often requires other organizational systems to be altered, causing new sources of inefficiency and variability (Hanseth and Braa, 2001). Hanseth et al., (2006) show that the standards-setting process is characterized by high socio-technical complexity and can result in unanticipated outcomes. Sometimes the “standardization process can be reflexive, resulting in outcomes antagonistic to the original aim” (Hanseth et al., 2006, p.578), and efforts to reduce complexity may, in fact, generate the opposite outcome (Beck, 1994 and Hanseth et al., 2006). Recent studies on information technology adoption in the healthcare context reveal that adoption poses significant challenges. For instance, a study on the introduction of a computerized physician order entry system in a regional U.S. hospital finds that system implementation causes a variety of disruptive changes to operational processes (Han et al., 2005). Data collected over an 18 month period suggest that complex changes linked to the introduction of the new information systems compromised patient safety; mortality significantly increased after introduction of the system. Another study showed that, while the effects of information technology adoption are positive on average, outcomes are unevenly distributed across different types of hospitals and some experience negative performance linked with such adoptions (Menachemi et al., 2007). One reason information technology fails to improve performance in some healthcare organizations is the sequence of integration of healthcare technologies (Angst et al., 2011). In particular, Angst et al. show that foundational technologies that are more complex and enable interoperability between different systems should be adopted before stand-alone technologies (like HIPAA). This study has important implications for managing large-scale data transaction processes, particularly at industry clearinghouses. The increase in transaction delivery times following standards compliance observed here seems to indicate that, prior to implementation of this industry standard, additional development and testing may have been warranted. While this is history by now, future implementations and upgrades can benefit from this knowledge and experience. The increase in delivery time, even before the peaks that follow HIPAA compliance (implementation of X12 mapping software and its associated hardware and software), provides a subtle warning of the processing system’s inability to adequately manage the future demands to be placed upon it. Looking at the performance results in Fig. 4 and Fig. 5, one can observe that, although it is still possible that HIPAA may improve performance in the long run, compliance with this standard created a system-level disturbance before performance began to drift back toward pre-compliance levels. We show that neither transaction delivery time nor quality improves following HIPAA compliance (although performance may have continued to improve following data collection). While the public discussion of HIPAA has focused almost entirely on data security and patient privacy, the “forgotten” piece of HIPAA (transaction standardization) has been extremely costly (billions of dollars) and time-consuming for industry organizations. In our analysis, we do not see a clear positive result from that investment. Implementing the standard was very expensive for the studied clearinghouse as well as for other industry entities, requiring thousands of hours of training and programming, in addition to collection of additional data (McKinstry 2003, p. 20). An analysis of the costs and benefits of the HIPAA standard, including the benefits to payers and providers, would likely yield useful insights. A more detailed examination of the level of rationalization as well as the extra burdens linked to HIPAA and how these are distributed among payers, providers, and other intermediaries in the healthcare industry is a topic for future research that can inform both the design and implementation of industry standards. X12 format for transactions was chosen as the HIPAA standard with the intention of moving to a single EDI standard from the existing 400+ healthcare claim processing formats identified by the U.S. Department of Health and Human Services (Phelan, 2002). The version of the standard was ANSI X12:4010 (2002). In 2010, a new version of the standard was introduced—ANSI X12:5010 (Brown, 2010) and the process of implementing the standard completed again. This required that all protocols and codes be rewritten, tested, and implemented, new classifications and databases be added, and new data be collected. While the processes for reaching initial HIPAA compliance are still being conducted, many “proponents of EDI have moved toward a more open infrastructure such as XML (extensible markup language)” (Son et al., 2005, p. 232). Although many organizations may be reluctant to replace their existing systems with XML-based messages, primarily due to cost considerations, it is unclear whether the future standard will be X12 or XML. While the results presented here show no strong evidence of a negative long-term impact of the HIPAA standard on transaction performance, they do point to the potential disadvantages of such “mass” standardization as encompassed by HIPAA as well as the challenges of simplifying the cumbersome processes that are ubiquitous in the healthcare industry. Observers suggest that HIPAA was viewed as a solution to the problems of the existing data transaction system (Phelan, 2002) while a broader redesign of other system processes received little attention. The fundamental complexity of a system such as the healthcare industry has evolved over time through ad-hoc decisions regarding key business processes. A technical solution such as the standardization of technology protocols can make only a marginal contribution toward improving the overall delivery and quality of transactions in the system. More importantly, our results indicate that such mandated standards can potentially worsen performance related to industry-wide efficiencies. In the case we examine, the choice by payers to achieve HIPAA compliance by contracting with a clearinghouse resulted in inefficiencies persisting even when the requirements for standards compliance are satisfied. As a result, this appears to limit the realization of the potential benefits of industry-wide standards. This important insight needs more examination since a variety of technology-enabled initiatives to streamline processes such as the adoption of electronic health records are currently under consideration by policy makers. Our findings, while limited in scope, suggest how specific choices by individual players can significantly influence the broader outcomes of mandated standards initiatives. Our results therefore suggest the importance of recognizing and potentially incentivizing specific trajectories for compliance so that the broader benefits of mandated standards can be achieved.