Baseline Information for Evaluating the Implementation of the Health Insurance Portability and Accountability Act of 1996: Final Report. Qualitative Evaluation


Case Study Methods

Qualitative methods are appropriate for studying how and why systems change and the political and social context in which these changes occur. The qualitative evaluation would involve elite interviews in selected sites to understand the implementation of HIPAA. To gain various perspectives, individuals from the following entities would be interviewed: 1) state officials involved in HIPAA implementation; 2) a sample of large and small employers; 3) insurers; and 4) a sample of HIPAA eligibles. In case study interviews, the desired strategy is to triangulate, that is, to obtain more than one voice for each group of interest, so that each conclusion is corroborated by more than one respondent. Thus one would want to interview more than one representative from each group. Interviews should be coded to ensure that all responses are included in synthesizing the results; software is commercially available to use for this purpose.

HCFA(now known as CMS) officials responsible for federally enforcing implementation in those states that have not passed conforming legislation should also be interviewed. As well as a discussion focusing on HCFA(now known as CMS)’s compliance strategy, the interview would cover efforts to communicate to or coordinate with all states.

We would expect that each state selected for case study would be visited once, for a period of 3-5 days. Follow-up telephone interviews would be conducted to clarify interview notes or to solicit additional information. Before visiting each state, the team should review the available data and determine an agenda for whom to interview and specific topics for discussion. A standard interview guide would be developed and used to collect the information not available from documented sources. This semi-structured format would serve as a guide to note-taking, ensure that all topics are covered, and ensure consistency across states. The interview guide should be pre-tested in a state that will not be part of the final site selection.

The interviews would focus on the specific issues discussed in Section III. Many of the questions would be the same across all sites, however some questions would vary between sites to cover implementation issues related to differing legal environments. For example, in states using high-risk pools as an alternative HIPAA mechanism, the interview would include questions about risk pool funding, the premium schedule, and the methodology for determining premiums. In states that have adopted guaranteed issue, the interview would focus on the number and characteristics of guaranteed issue plans, risk adjustment or risk-spreading mechanisms, marketing practices, and enforcement.

In advance of the interviews, the evaluator should collect available documentary evidence. A data checklist should be developed and distributed requesting that documents be provided or made available to the site visit team for review. Materials that are not available in advance should be obtained while on-site. The checklist might include specific enforcement data, trends in employee access to HIPAA services, and premium changes over time. In addition, the checklist would ask for studies conducted by any of the parties on the effects of HIPAA, and would inquire about on-going or planned studies.

Data Analysis

The data analysis would focus on synthesizing the results of the case study interviews and document reviews and on extracting a set of cross-cutting themes, or lessons, that can be applied by policymakers to achieve HIPAA’s goals. The primary form of analysis would be descriptive, comparing and contrasting information across sites along the dimensions of interest, namely access to insurance coverage, premium pricing, and market responses.

Initially, this would involve writing separate case studies for each state visited. Once the case studies are drafted, they should be sent to at least one respondent at each site for technical review. Comments received from the reviewer would be incorporated into the case studies. After the set of case studies has been developed and reviewed, the individual case study results would be compared and contrasted to identify common themes and key differences between the sites. For the final report, the results of the case studies would be synthesized to provide a comprehensive analysis of HIPAA compliance efforts.

Site Selection

The selection of sites would depend on the scope of questions described in section III that the evaluation will encompass. The candidate questions that we lay out below cover enforcement, the notification process, market responses, risk spreading mechanism, and risk pool implementation. Since not all states would be examined in case studies, the selection of sites would be based primarily on the ability to draw comparisons across states with different approaches to insurance reform. For example, to study enforcement, an evaluator would want to compare states that are implementing the federal fallback standards (such as CO, MD, TN), with states that have allowed enforcement of the standards to fall under HCFA(now known as CMS)’s, aegis (e.g. CA, MO), with states that have had individual market reforms in place for a longer period of time (e.g. NY, NJ, VT, or WA). An evaluator would also want to compare enforcement models and effectiveness in states that enacted new legislation to meet the HIPAA group market standards (e.g. AL, IL, CO, MO) with states that had such legislation in place (e.g. CA, TX, NY, NJ, WA)

To understand the implementation of the risk-spreading mechanisms and market responses, an evaluator would want to include states that have adopted the federal fallback standards (e.g. CO, CA, MO, TN), with states that have adopted a risk pool alternative (e.g. AL, IL, TX), with states that have enacted guaranteed issue provisions in the small group market that go beyond the fallback standards (e.g. WA, NY, VT, NJ). Investigation of problems in extending risk pools to HIPAA eligibles would include expansion of existing risk pools (e.g. IL, CT, MN) and states that have introduced new risk pools (e.g. AL, TX).

A core set of states that would provide some variation on the key dimensions to address all of the issues we propose below would include: AL, CA, CO, IL, MO, TX, WA.