NRPM: Standards for Privacy of Individually Identifiable Health Information. C. Administrative costs.


Section 1172(b) of the Act provides that "[a]ny standard adopted under this part [part C of title XI of the Act] shall be consistent with the objective of reducing the administrative costs of providing and paying for health care." As is more fully discussed in the Regulatory Impact and Regulatory Flexibility analyses below, we recognize that the proposed privacy standards would entail substantial initial and ongoing administrative costs for entities subject to the rules. However, as the analyses also indicate, even if the rules proposed below are considered in isolation, they should produce administrative and other cost savings that should more than offset such costs on a national basis. It is also the case that the privacy standards, like the security standards authorized by section 1173(d) of the Act, are necessitated by the technological advances in information exchange that the remaining Administrative Simplification standards facilitate for the health care industry. The same technological advances that make possible enormous administrative cost savings for the industry as a whole have also made it possible to breach the security and privacy of health information on a scale that was previously inconceivable. The Congress recognized that adequate protection of the security and privacy of health information is a sine qua non of the increased efficiency of information exchange brought about by the electronic revolution, by enacting the security and privacy provisions of the law. Thus, even if the rules proposed below were to impose net costs, which we do not believe they do, they would still be "consistent with" the objective of reducing administrative costs for the health care system as a whole.