When President Clinton signed the Health Insurance Portability and Accountability Act (HIPAA) into law on Aug. 21, 1996, he started the clock on several timetables, agendas and initiatives, within both the federal government and the private healthcare sector. Not all of them are running on time.
Of primary concern to healthcare’s managed care and payor communities are the electronic data interchange (EDI) standards included in the administrative simplification section of HIPAA.
Under this law, Donna Shalala, secretary of the Department of Health and Human Services (HHS) is required to adopt standards for electronic claims transactions by Feb. 21. As this issue goes to press, the department is behind schedule. The good news, according to informed insiders, is that the standards will be worth the wait.
EDI and clearinghouse benefits
The administrative simplification section of HIPAA is intended to reduce the costs and administrative burdens of healthcare by enabling the standardized, electronic transmission of certain administrative and financial transactions currently processed on paper.
According to J. Michael Fitzmaurice, PhD, director of the Center for Information Technology at the Agency for Health Care Policy and Research, Rockville, Md., simplifying the administrative processes will reduce the hassles of paperwork, claims and enrollment that often burden payors.
"Providers will get paid with fewer hassles because the payors will have to accept the claims in [Shalala’s] standard form," Fitzmaurice says. "Providers can still raise questions about whether it is a reasonable and necessary service for the patient, but they can’t say the claim is not in the right format. If it’s in the secretary’s format, they have to accept it and process it."
Another benefit to administrative simplification is the possibility of building the standardized claim forms into physicians’ billing systems within their offices. "The physician will no longer have to pay a separate billing service to take the paper and turn it into an electronic claim," Fitzmaurice says. "The billing clerk could enter the information in the computer and the computer could turn it into [Shalala’s] format. It has the potential for reducing system costs for providers who submit claims."
Although there will be some upfront costs involved in changing software, Fitzmaurice insists that the long-term payoffs will be positive. "The industry estimates savings in the billions of dollars and the government agrees. It’s a case of the private sector working with the government to get what it wants."
So there’s good news for health plans and payors that can implement these new standards. But for those groups that can’t supply these standard electronic transactions on schedule, there is another option.
Health plans and payors unable to meet the standards on schedule may comply by contracting with an outside clearinghouse to conduct these transactions.
Susan Novacoski, healthcare electronic commerce consultant for EDS in Plano, Texas, says that clearinghouses will be uniquely positioned with the advent of the HIPAA legislation. Clearinghouses must meet the standards for electronic claims transmission, but payors simply need to be able to work with the electronic claims. "Noncompliant standards can go to the clearinghouse, then get translated," Novacoski says. "The law mandates that all payor organizations have the ability to accept electronic transactions. There’s a great business opportunity for clearinghouses."
Whether a clearinghouse is used or not, healthcare organizations will have two years to implement the standards once Shalala adopts them. If these requirements are not met, healthcare organizations will face penalties of $100 per violation--up to a maximum of $25,000 per standard per year.
"The penalties aren’t very large," Fitzmaurice says. "The purpose isn’t to drive the industry into the standards, but to let them know that [the government is] serious and to try to encourage them to adopt the standards."
He continues: "The burden is on HHS and the people working on these standards to get industry acceptance. If we don’t do things to make it easier for the industry, then we haven’t done the job."
Not an easy process
The primary delay in standards implementation is publication of the Notices of Proposed Rule Making for administrative simplification. As officials from the Department of Human Services point out on their Web site (aspe.os.dhhs.gov/adminsimp/), "The goal is simplification, but the process is far from simple."
Indeed, the process is deliberate, designed to achieve consensus within the department and among other federal departments. The three-stage process requires that the Notices of Proposed Rule Making must be reviewed and approved by the HHS Data Council’s Committee on Health Data Standards, advisors to Shalala and the Office of Management and Budget. After clearing those hurdles, the notices can be published in the Federal Register for a 60-day public comment period.
"The original plan was to have these NPRMs published by the end of 1997," explains Kathleen Frawley, vice president of Legislative and Public Policy Services for the American Health Information Management Association, Washington, D.C. "The deadline was February for the secretary to publish the final rules. That timeline was relaxed in order to provide an opportunity for the industry to comment."
Standards Shalala will adopt apply to the entire healthcare industry--not just Medicare and Medicaid. All health plans, payors and clearinghouses that process health data must comply.
Fitzmaurice explains why the standards are important: "Congress didn’t just decide this would be a nice thing for [Shalala] to do. The [healthcare] industry came to Congress and said, ’We have these standards, but it’s going to take a long time for us to get everybody to adopt them.’ So WEDI (Workgroup on Electronic Data Interchange), the American Dental Association and the National Uniform Billing and Claims Committees, representing the AHA and AMA, went to Congress and asked to have the secretary force the industry to do something that they couldn’t do themselves. That is, uniformly implement standards that they already agreed upon."
The problem, Fitzmaurice explains, are the more than 2,500 insurance companies and more than 400 different formats for submitting claims information. There was no way for payors to agree on one format without turning to the government for help.
Shalala set up six implementation teams to investigate and to make recommendations for her decision. Fitzmaurice co-chairs the Infrastructure and Crosscutting Implementation Team, a group that oversees the work of the other five teams as they analyze the department’s progress setting standards, formulate recommendations, get agreement from the office of the secretary and then write the regulations.
"The NPRMs are in the Office of the Secretary and they’re being looked over by the Office of Management and Budget (OMB)," Fitzmaurice says. "OMB raised some issues, we addressed those, and we think we have them solved. The NPRMs will be published anytime now." (Editor’s note: At the end of March, the projected release date was mid-April).
The first NPRMs out will be the national provider identifier and the transactions and codes standards for healthcare claims.
After the final rules are issued, health plans, providers and insurers will have 24 months to implement the standards. Small health plans (as defined by the secretary) will have 36 months to implement the same standards.
Toward a new millennium
HIPAA’s administrative simplification is a way to bring healthcare into the same century as other industries, such as grocery stores and airline reservation, according to Fitzmaurice. "If you go into a grocery store, all the stuff on the shelves is inventoried in a computerized system, and it provides computerized decision support on what things to order and how to take care of the customer," he says.
"If you walk into a physician’s office or into a hospital, you can’t even inventory the patient information. In many cases it’s all on paper. You can’t access it. And you can’t access an inventory of medical knowledge to get the information you want to make a patient care decision," Fitzmaurice explains. "A grocery store manager has more information about what’s inside his four walls than a medical decision maker has about what’s inside the hospital walls--let alone outside the hospital walls."
While the HIPAA clock continues ticking, managed care and payor communities can use the time, and the 60-day public feedback period, to formulate their comments on the standards.
Privacy and Security are Vital Issues
Two important considerations within HIPPA are the interrelated issues of security and privacy.
According to Susan Novacoski, healthcare electronic commerce consultant for EDS in Plano, Texas, "The prescription for the privacy act and how privacy of healthcare data will be handled absolutely feeds into the security of how healthcare should be administered. You can’t have one without the other. But they are separate issues and they’re being handled separately within the legislative process."
According to J. Michael Fitzmaurice, PhD, director of the Center for Information Technology at the Agency for Healthcare Policy and Research, Rockville, Md., "The standard that is the most problematic is the uniform health identifier for individuals. That’s a supporting standard that raises a concern of whether it will link information that people want to be private. The HIPAA implementation team is reluctant to proceed with that until Congress resolves the privacy issue. How is that information going to be safeguarded and what federal law will protect it? Right now there is no federal law that protects it."
HIPAA requires that a number of security standards be adopted. Hearings have been held by the National Committee on Vital and Health Statistics, of which Kathleen Frawley, vice president of Legislative and Public Policy Services for the American Health Information Management Association, is a member.
Frawley notes that there is a provision that required Donna Shalala, secretary of Health and Human Services, to provide recommendations regarding the confidentiality of individually identifiable information by last August. "The secretary did, in fact, testify before Congress on September 11, and provided her report before the Senate Labor and Human Resources Committee," Frawley says. "Now the ball is back in Congress’s court. They have to enact legislation by August of 1999 or it goes back to the secretary to promulgate final regulations."
What transactions are covered?
THE HEALTH INSURANCE PORTABILITY and Accountability Act requires Donna Shalala, secretary of Health and Human Services, to adopt standards for the following administrative and financial healthcare transactions:
- health claims or equivalent encounter information
- health claims attachments
- enrollment and disenrollment in a health plan
- eligibility for a health plan
- healthcare payment and remittance advice
- health plan premium payments
- first report of injury
- health claim status
- referral certification and authorization
The law also directs Shalala to adopt standards for unique health identifiers for:
- individuals
- employers
- health plans
- healthcare providers
And standards for:
- code sets for data elements in the transactions above
- security
- electronic signatures
- coordination of benefits
Shalala also is required to submit detailed recommendations on standards to Congress to protect the privacy of individually identifiable health information.
--L.S.
Lindsay Smith is a healthcare and business writer in Littleton, Colo.