Our calculations regarding division of costs are based on two assumptions: 1) system costs are principally fixed costs associated with the purchase of hardware and software 10; and 2) large entities will continue to invest more heavily in hardware and software expenditures than small entities. We estimate that 80 percent of the system costs will be born by large entities. The remaining 20 percent of total systems costs will be absorbed by small entities. To calculate the effect on small businesses, we multiplied the system compliance costs cited in the RIA by the proportion of the costs we expect small entities to incur (20 percent of total). We then multiplied the total cost of system compliance for small entities by the percentage of health care revenue by industry and calculated a cost per entity.
We used HCFA’s estimate of total national health expenditures to calculate the percent of total health care business that is represented by types of health care entities. We calculated the proportion of business transacted by a type of health care entity (by SIC code) and multiplied this by the total expenditures ($1.084 billion total) 11. National expenditure data is a useful measure for allocating system compliance costs for two reasons. Even though system compliance costs are primarily fixed costs, we assume that they bear some relationship to the size and level of the activity of the entity. Similarly, national expenditures vary according to both size and level of activity. Second, in contrast to the annual receipts compiled by the Business Census Survey, national expenditure information compares its data to other sources in order to validate its results. Thus, we decided that the national expenditure data are a more reliable source of overall business activity for our purposes. Based on these assumptions, we believe that the total cost of system compliance for all small health care entities will be approximately $18 million. Dividing costs by the number of small entities suggests that the average cost of system compliance is $40.13 per entity.
The cost of notice development is approximately $21 per small entity. We assume that many small providers will receive assistance developing their notice policies from professional associations. Thus, the overall cost of developing compliant notices is significant, but the cost per entity is small. The cost to small entities of developing notices is based on the proportion of expenditures generated by small entities. We recognize that this may not adequately capture the costs of developing a provider or plan’s notice of their privacy policies, and invite comment on our approach.
Finally, we attempted to estimate the impact of compliance costs on small entities by comparing the cost of complying with the proposed rule to an entity’s annual expenditures (Table E). We computed the percent of small entity expenditures as a percent of national expenditures by calculating the proportion of small business receipts (from census data compiled for the SBA) that apply to segments of the health care market. Although we believe that the SBA data understates the amount of annual receipts, we assumed that the underestimates are consistent across all entities. Thus, although the dollar amounts reported by the SBA are incorrect, our assumption is that the proportion of small entity receipts relative to total annual receipts is correct.
Applying the percent of small entity receipts to the national expenditure data allows us to estimate the percent of national expenditures represented by small entities. We then considered the total compliance cost (initial and ongoing cost) as a percent of small business expenditures. Our estimates suggest that the cost of complying with the proposed rule represent approximately 0.12 percent of total annual expenditures for a small health care entity in the first year. The relative cost of complying with the proposed rule is substantially lower in subsequent years, representing 0.04 percent of an entity’s annual expenditures. The relative cost of complying with the proposed regulation cost of complying is highest for small health insurers (1.03 percent of expenditures). These costs will be higher due to the volume and complexity of health plan billing systems; health plans are required to implement more policies and procedures to protect health information because they handle so much personally identifiable information. Because health plan costs are higher and there is a smaller number of plans than other type of entities affected by the regulation, these costs result in a higher annual cost per small health plan. Table E further illustrates the cost impact by type of entity in the first year.
|Industry||Total Annual Initial and Ongoing Costs in the First Year, per Small Entity||Annual Expenditure per Small Entity~||Compliance Cost as a Percentage of a Small Entity's Annual Expenditures|
|Drug Stores & Proprietary Stores^||$1,480.03||$2,046,199||0.07%|
|Accident & Health Insurance & Medical Service Plans^ (Accident & Health Insurance and Hospital & Medical Service Plans)||$3,602.41||$350,467||1.03%|
|Offices & Clinics Of Doctors Of Medicine||$680.20||$695,560||0.10%|
|Offices & Clinics Of Dentists||$531.94||$434,260||0.12%|
|Offices & Clinics Of Other Health Practitioners||$612.94||$583,805||0.10%|
|Nursing & Personal Care Facilities||$2,457.99||$1,629,755||0.15%|
|Home Health Care Services||$877.49||$1,003,475||0.09%|
|Other Health Care Services including Lab Services||$503.55||$351,146||0.14%|
* The SBA defines small health care entities as those with annual revenue under $5,000,000.
** Total Initial Compliance Cost includes policy implementation and systems compliance costs
~ Based on the assumption that the proportion of revenue generated by small businesses approximates the proportion of expenditures faced by small businesses
^ Includes some entities not covered by this regulation. Pharmacies are the only component of Drug Stores and Proprietary Stores covered by the regulation. Accident and workers compensation insurance are not covered by the regulation.