Title: HIPAA Regulations, EMR Electronic Medical Records, and Electronic Medical Billing, are you ready
1HIPAA Regulations, EMR (Electronic Medical
Records), and Electronic Medical Billing, are you
ready?
- Presentation for 2007 IHS/SAMHSA National
Behavioural Health Conference - By
- Mr. Edward Brownshield, President
- Phone 701-966-2141 Cell 701-350-1745
- and
- Dr. Adnan Q. Aldayel
- VP Operation and Logistics
- Phone 701-947-2091 Cell 701-653-5959
- ANE Medical Records Services, LLC
- Spirit Lake Nation
- Fort Totten, North Dakota
- P.O. Box 161
- Fort Totten, ND 58335
2Learning Objectives
- HIPAA regulations and how it may affect clinics,
hospitals, and private practices with respect of
Privacy, Transactions, and Security Rules. - EMR (Electronic Medical Records) purpose and
conversion process. - EMB (Electronic Medical Billing) Impact of
conversion from manual billing to electronic
billing.
3HIPAA regulations and how it may affect clinics,
hospitals, and private practices with respect of
Privacy, Transactions, and Security Rules.
- What is HIPAA?
- When did it start?
- Purpose and objectives
- What are HIPAAs components? Regulations
- How does it apply to you?
- Implementation deadlines.
- Enforcements
4What does HIPAA stands for?
- HIPAA, which stands for the American Health
Insurance Portability and Accountability Act of
1996, is a set of rules to be followed by
doctors, hospitals and other health care
providers. HIPAA took effect on April 14, 2006.
HIPAA helps ensure that all medical records,
medical billing, and patient accounts meet
certain consistent standards with regard to
documentation, handling and privacy.
5What does HIPAA stands for? (Cont.)
- In addition, HIPAA requires that all patients be
able access their own medical records, correct
errors or omissions, and be informed how personal
information is shared/used. Other provisions
involve notification of privacy procedures to the
patient. HIPAA provisions that have led in many
cases to extensive overhauling with regard to
medical records and billing systems.
6Purpose and Objectives
- HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY
ACT OF 1996 - Public Law 104-191
- 104th Congress
- To amend the Internal Revenue Code of 1986
- To improve portability and continuity of health
insurance coverage in the group and in individual
markets, - To combat waste ,fraud, and abuse in health
insurance and health care delivery, to promote
the use of medical savings accounts, - To improve access to long-term care services and
coverage, - To simplify the administration of health
insurance, and for other purposes. - Enacted by the Senate and House of
Representatives of the United States of America
in Congress assembled.
7What are the main objectives of HIPAA?
- 1. Accountability. HIPAA hopefully will reduce
waste, fraud, and abuse. New penalties will be
imposed. 2. Insurance Reform. HIPAA offers
continuity and portability of health insurance,
as well as providing limits on pre-existing
provisions. 3. Administrative simplification.
HIPAA mandates standards on electronic data
transactions in a confidential and secure manner.
8What is involved in HIPAA?
- HIPAA compliance can be summarized by three major
rules or standards - HIPAA Privacy Rule
- The HIPPA Privacy Rule mandates the protection
and privacy of all health information. This rule
specifically defines the authorized uses and
disclosures of "individually-identifiable" health
information. - HIPAA Transactions and Code Set Rule
- The HIPPA Transaction and Code Set Standard
addresses the use of predefined transaction
standards and code sets for communications and
transactions in the health-care industry. - HIPAA Security Rule
- The HIPAA Security Rule mandates the security of
electronic medical records (EMR). Unlike the
Privacy Rule, which provides broader protection
for all formats that health information make
take, such as print or electronic information,
the Security Rule addresses the technical aspects
of protecting electronic health information. More
specifically, the HIPPA Security standards
addresses these aspects of security.
9Who must comply with HIPAA?
- Any healthcare provider that electronically
stores, processes or transmits medical records,
medical claims, remittances, or certifications
must comply with HIPAA regulations. HIPAA does
not require a practice to purchase a
computer-based system as it applies only to
electronic medical transactions.
10HIPAA Privacy Rule
- SAMHSA Programs to which the Privacy Rule
applies - The Privacy Rule applies to covered entities
which are health plans, health care
clearinghouses and health care providers who
transmit health information in electronic form
(i.e., via computer-based technology) in
connection with transactions for which HHS has
adopted a HIPAA standard in 45 CFR Part 162. See
45 CFR 160.103. HIPAA transactions that a
substance abuse treatment program might engage in
include - Submission of claims to health plans
- Coordination of benefits with health plans
- Inquiries to health plans regarding eligibility,
coverage or benefits or status of health care
claims - Transmission of enrollment and other information
related to payment to health plans - Referral certification and authorization (i.e.,
requests for review of health care to obtain an
authorization for providing health care or
requests to obtain authorization for referring an
individual to another health care provider) - Source The Confidentiality of Alcohol and Drug
Abuse Patient Records Regulation and the HIPAA
Privacy Rule Implications for Alcohol and
Substance Abuse Programs, June 2004, SAMHSAs
Part 2 HIPAA
11HIPAA Privacy Rule
- If a substance abuse treatment program transmits
health information electronically in connection
with one or more of these Part 162 transactions,
then it must comply with the Privacy Rule. Part
162 may be amended in the future to cover
additional transactions. - The Privacy Rule generally defines a health care
provider to include a person or organization who
furnishes bills or is paid for health care in the
normal course of business, which would include
substance abuse treatment programs. - Neither Part 2 nor the Privacy Rule protects
employment records held by a program in its role
as employer. Note that while 42 CFR Part 2
arguably applies to substance abuse patient
records covered by the Family Educational Rights
and Privacy Act (FERPA) (20 USC 1232g 34 CFR
Part 99), the Privacy Rule does not. - Source The Confidentiality of Alcohol and Drug
Abuse Patient Records Regulation and the HIPAA
Privacy Rule Implications for Alcohol and
Substance Abuse Programs, June 2004, SAMHSAs
Part 2 HIPAA
12HIPAA Transactions and Code Set Rule
- HIPAA calls for changes designed to streamline
the administration of health care. It promotes - uniformity by adopting transaction standards for
several types of electronic health information
transactions. No longer can every insurer have
unique requirements for the processing of claims.
Everyone covered by HIPAA will be required to
provide the same information (standard formats)
for processing claims and payments as well as
for the maintenance and transmission of
electronic health care information and data. - In the short term, HIPAA will require effort,
resources and commitment on the part of certain
providers offices and other covered entities
offices. In the long run, however, this law has
major benefits. Right now, there are over 400
different ways to submit a claim.
13HIPAA Transactions and Code Set Rule
- With HIPAA there will be one way to conduct
electronic claims. With these standards in place,
your office staff may spend less time on the
phone getting information they need. - As a result, the standardization of submitting
claims and simplification of processes should
make getting paid quicker and easier and less
costly. - The requirements mandated by HIPAA should also
help providers take advantage of new technologies
and ultimately improve their overall business
practices.
14HIPAA Transactions and Code Set Rule
- local codes are replaced by standard national
codes Electronic Transactions and Code Sets
Requirements are activities involving the
transfer of health care information for specific
purposes. - Under HIPAA Administration Simplification if a
health care provider engages in one of the
identified transactions, they must comply with
the standard for that transaction. - HIPAA requires every provider who does business
electronically to use the same health care
transactions, code sets, and identifiers.
15HIPAA Transactions and Code Set Rule
- HIPAA has identified ten standard transactions
for Electronic Data Interchange (EDI) for the
transmission of health care data. - 1. Claims or equivalent encounter information
- 2. Payment and remittance advice
- 3. Claim status inquiry and response
- 4. Eligibility inquiry and response
- 5. Referral certification and authorization
inquiry and response - 6. Enrollment and disenrollment in a health
plan - 7. Health plan premium payments
- 8. Coordination of benefits
- 9. Claims attachments
- 10. First report of injury
16Code Sets
- Code sets are the codes used to identify
specific diagnosis and clinical procedures on
claims and encounter forms. The CPT-4 and ICD-9
codes that you are familiar with are examples of
code sets for procedure and diagnosis coding.
Other code sets adopted under the Administrative
Simplification provisions of HIPAA include codes
sets used for claims involving - 1. Medical supplies, orthotics, and DME- HCPCS
- 2. Diagnosis codes-ICD-9-CM,Vols 12
- 3. Inpatient hospital proceduresICD-9-CM,Vol 3
- 4. Dental services Code on dental procedures
and nomenclature - 5. Drugs/biologics NDC for retail pharmacy
17HIPAA Security Rule
- All covered entities must be in compliance with
the Security Rule no later than April 20, 2005,
except small health plans which must comply no
later than April 20, 2006.
18HIPAA Security Rule
- Administrative security - assignment of
security responsibility to an individual. Physi
cal security - required to protect electronic
systems, equipment and data. Technical
security - authentication encryption used to
control access to data.
19EMR (Electronic Medical Records)
- What are Electronic Medical Records?
- Why do we need to convert to EMR?
- What is involved in the conversion process?
- How do we go about converting to EMR?
- What is the cost involved in conversion to EMR?
- How much time does it take to complete the
conversion process?
20What are Electronic Medical Records?
- EMR are collection of DATA (Personal/Medical) in
a digital format. - A computer-based medical record for a patient
that provides secure, real-time data access,
sharing and evaluation for medical care. - When a health provider transmit part or all of
the data to other organizations outside the
original health facility then it must comply with
HIPAA regulations.
21EMR
- Does converting to EMR makes you in compliance
with HIPAA? - NO. Just by having your records stored
electronically doesnt mean that you are in
compliance with the HIPAA.
22EMR
- What is required in the EMRs for a health
provider to be in compliance with HIPAA? - HIPAA Privacy Rule Who may have access to the
patients records? - HIPAA Transactions and Code Set Rule Set
standards of transactions codes to follow. - HIPAA Security Rule This Rule addresses the
technical aspects of protecting electronic health
information. (Biometric or password)
23Why do we need to convert to EMR?
- EMRs save space, time, and cuts cost.
- EMRs are portable, can be transmitted easily, and
can be accessed by doctors and staff from
anywhere. - Patient, Employer, Health Provider, and Insurer
need to communicate. - Using electronic transmissions of data cuts cost
and facilitates speed of delivery of information. - It reduces the turn around time for bill
collection.
24What is involved in the conversion process?
- You will need to decide on who will do the
conversion process. Is it going to be - Internal
- Use existing staff do I have the capabilities?
- Hire new staff how many, how much will it cost,
and how long it will take? - External
- Turnkey HIPAA compliance
- Question. Are the patients data shipped overseas
to facilitate the conversion or is it done in the
US?
25How do we go about converting to EMR?
- Take inventory of what you have
- Records, patients, doctors, employees, electronic
platform - Prioritize the components that will need to be
converted - What is to be done first?
- Draw the plan for the conversion
- Hardware, software, and documentation
- Implementation process
- Training
- Testing and controls- firewall and protection
from outside hackers (Security Rule) - Written guidelines and procedures
26What is the cost involved in converting to EMR?
- This will depend on the complexity of your
operation - Number of medical procedures performed
- Number of patients or beds
- Number of physical facilities to be connected
- It is between US40,000 for a small setup to 5
millions for larger inpatient facilities
27How much time does it take to complete the
conversion process?
- Preliminary review 2-6 months
- Plan formulation 3-6 months
- Implementation 1-3 years
- Training
- initially 4 weeks
- 1-2 days refresher every quarter
28Electronic Medical Billing
- Why do we need to use electronic medical billing?
- The benefits of Electronic Medical Billing.
- How to choose Medical Billing Software.
- The financial impact of converting from manual
billing to electronic billing - A Case study
29Why do we need to use Electronic Medical Billing?
- Electronic medical billing software covers a wide
range of functions - tracking patient demographics, visits, and
diagnoses - collecting, transmitting, and tracking billing
information and insurance payments - managing appointment scheduling
- generating a variety of statistical reports
- In addition, most medical billing software will
also bring you into compliance with the sections
of the Health Insurance Portability and
Accountability Act (HIPAA)
30Benefits of changing to Electronic Medical Billing
- Besides HIPAA compliance, there are several
other important benefits to be gained from the
right electronic medical billing software - Improved staff productivity - easy-to-use
software improves efficiency - Increased patient and customer satisfaction -
more flexibility in scheduling and better access
to personal information - Faster payment from insurers - paper claims
usually take 30 - 60 days, electronic claims are
usually paid in 10 - 14 days - Fewer errors in billing and insurance - correct
and resubmit in hours, instead of weeks
31What medical billing software is the best fit for
you?
- To find software that matches your specialty and
office size you will need to ask the following
questions - Should I do the Medical Billing internally or
externally? - Does the system handle scheduling problems unique
to your practice? - Does the system recognize all the procedure and
diagnosis codes your practice uses? - Can the system handle multiple offices and
multiple doctors? - Can information be accessed from multiple
locations? - Does it include inventory tracking or the ability
to manage several separate accounts? - Is the EMB software co-integrated with Medical
Practice Management (MPM) software? - The software has to be HL7 - Health Level Seven.
- HL7 is a data exchange protocol and interface
for medical records and billing software that
allows different systems to interoperate.
32The financial impact of converting from manual
billing to electronic billing
- A case study Superior Hospital
- Superior hospital and clinic records are kept
manually in hard copy version. Medical exams and
procedures are done on patients by the hospital.
- An outside medical billing company collects the
hard copies of the medical services done to the
patients on a daily basis and manually converts
them to the proper billing codes. - After properly coding the medical procedures, the
medical billing company prints the hard copy of
the claims and submits them to private insurance
providers or Medicaid/Medicare for processing.
The time lapse between when patients receive
medical care and submission of the claims to the
insurance companies averages 14 days. - High percentages of the claims that are submitted
at this time are not billable. According to the
medical billing company who is contracted with
Superior Hospital, 60 of the claims they submit
are not billable and only 40 of the claims get
paid. - The billing company usually receives these not
billable claims back after they submit them. The
reasons for the rejection of these claims are
mainly due to no insurance coverage or human
error in coding. - The billing company usually will not know if the
claim is not billable until at least 6 weeks have
passed the treatment date for the patient.
33The cost of manual billing system
- Based on the facts from the total claims of 6500
claims per month there are 3900 claims that are
submitted and not paid by private insurance
companies or Medicare /Medicaid. - The cost to Superior Hospital for these not
billable claims is approximately U.S. 6 million
per year. - Due to this problem, Superior hospital
- runs out of budget before year end
- incur losses every year, and
- reduce services to other patients who are in need
of critical medical care.
34Problems with this manual reporting in this case
study
- Low claim collection ratio 40 only vs. industry
average of 85 - This can be improved by instituting an electronic
filing and billing system. Guards can be
implemented to reduce non-emergency treatments to
noninsured patients. - Turn around time for claims is too long 14 days
before filing a claim and 6 weeks after treatment
before finding the payment status. - This problem will be greatly reduced by moving to
electronic billing due to the time limitation for
payment on claims submitted electronically. - There is no accountability in the existing
system. - Problems are not easily identified due to the
paper filing and paper billing. - Noncompliance with HIPPA regulations.
- The hospital in this case study is not
electronically connected within the facility-
i.e. high labor cost. - Patient cannot get treatments in locations other
than where this hospital is located. - The Indian Health Services headquarters have no
way of analyzing data from hospitals and clinics - Because data are compiled and saved manually it
is difficult for Indian Health Services to
statistically analyze the data and get meaningful
results to improve services or accountability.
35HIPAA Implementation Deadline
- HIPAA Administrative Simplification Compliance
Deadlines - October 15, 2002 - Deadline to submit a
compliance extension form for Electronic Health
Care Transactions and Code Sets. - October 16, 2002 - Electronic Health Care
Transactions and Code Sets - all covered entities
except those who filed for an extension and are
not a small health plan. - April 14, 2003 Privacy - all covered entities
except small health plans. - April 16, 2003 Electronic Health Care
Transactions and Code Sets - all covered entities
must have started software and systems testing. - October 16, 2003 - Electronic Health Care
Transactions and Code Sets - all covered entities
who filed for an extension and small health
plans. - October 16, 2003 - Medicare will only accept
paper claims under limited circumstances. - April 14, 2004 Privacy - small health plans.
- July 30, 2004 Employer Identifier Standard - all
covered entities except small health plans. - April 20, 2005 Security Standards - all covered
entities except small health plans. - August 1, 2005 Employer Identifier Standard -
small health plans. - April 20, 2006 Security Standards small health
plans. - May 23, 2007 National Provider Identifier - all
covered entities except small health plans - May 23, 2008 National Provider Identifier - small
health plans
36HIPAA Enforcement
- What are the penalties for HIPAA non-compliance?
- Fines up to 25,000 for multiple violations,
250,000 or imprisonment up to 10 years for
knowing abuse or misuse of individually-identifiab
le health information.
37Summarization
- HIPAA
- What HIPAA stands for?
- What are HIPAAs components?
- How does it apply to you?
- Implementation deadlines.
- EMR (Electronic Medical Records) purpose and
conversion process - EMB (Electronic Medical Billing) Impact of
conversion from manual billing to electronic
billing