Outsourced HIPAA (Health Insurance Portability and Accountability Act) eCommerce work to India may be subject of multi billion dollar law suits in United States
Preeti Jinghani, Special Correspondent
December 20, 2004

Office for Civil Rights - HIPAA
Medical Privacy - National Standards to Protect the Privacy of Personal Health Information

Many American consulting companies are outsourcing HIPAA eCommerce especially Gap Analysis and EDI translator work to software companies in India. While the HIPAA act was enacted a few years back, the official guidelines from the Department of Health and Human Services is still fluid and in the next ten years, the courts in United States will finally give HIPAA a shape for legal interpretation. In this situation, it is extremely risky to outsource HIPAA work from India. When Privacy and related law suits come, the third party vendor contracts may not protect the American company.

According to some legal experts, Indian companies can also be sued for possible divulging of Protected Health Information of US citizens even if they did not divulge the same. The legal experts warn that both the American and Indian counterparts should increase their errors and omission insurance by 100 times. HIPAA non-compliance carries up to quarter million dollar fines and jail term for each violation. Especially in the case when an American company knowingly outsourced this sensitive work to India, and a non-compliance is registered by the Department of Health and Human Services, the courts may slap penalties easily. 

While the Indian counterpart can be immune from HIPAA law in India, they can be sued and be liable for billions in United States.

HIPAA work is lucrative. Healthcare, which is one of the very few sectors in US that are growing requires HIPAA compliance for privacy as well as eCommerce as related to Gap analysis of HIPAA transaction sets based on data dictionaries of the Department of Health and Human Services. HIPAA EDI/X12 translator work is also very lucrative. But legal experts are recommending that these work be not sent to India to avoid complications at this time.

HIPAA is one of the very few fields where Indian companies can still get some work other than legacy system maintenance and code conversion from some old to contemporary systems in 2005. However, HIPAA regulations may provide a total damper on the outsourcing of this lucrative work from India in 2005.

According to an industry report, Technology workers from India headed to the US for on-site jobs have started feeling the pinch of changing insurance rules in the US. As part of the ongoing reforms in health insurance practices in the US, Indian software companies, which send techies to the US as part of their big-ticket offshoring contracts , have fresh norms to comply with. One of the increasing concerns for the software companies pertains to the Health Insurance Portability and Accountability Act (Hipaa). Sources said that the US government has set a compliance deadline of mid-’05 for these new norms. It means documentation have become much more stringent than never before, though the deadline pertains to only data-transfer. “There are many new clauses, arising from the complete overhaul of US health insurance practices, which apply to technology workers from India,” said the finance head of a Bangalore-based software vendor . “For instance, Indian software companies have to face complicated compliance norms applicable to techies engaged in on-site assignments. In fact, there are ways and means for these companies to insulate themselves from the complicated web of Hipaa compliance norms, such as absolving from access to private health information of employees,” said Mark Hanna of Hanna Insurance Solutions. Mr Hanna works with several Indian software companies offering health insurance solutions to software companies who send workers abroad. “Privacy statutes are increasingly becoming a concern for Indian companies who are sending technology workers abroad,” he adds.

However, the healthcare practices head of a leading software company said that there are more opportunities than challenges to Indian companies. 

“Offshoring contracts from large multinational companies in pharmaceuticals, insurance and integrated dealer networks are bound to increase once Indian companies comply with these Hipaa norms,” he said. However, he admits that once the general compliance rules take effect next year, all business associates (Indian software companies which handle offshoring contracts) have to ensure that they adhere to these certification norms.