HIPAA Regulations, EMR Electronic Medical Records, and Electronic Medical Billing, are you ready

1
HIPAA Regulations, EMR (Electronic Medical
Records), and Electronic Medical Billing, are you
ready?

• Presentation for 2007 IHS/SAMHSA National
  Behavioural Health Conference
• By
• Mr. Edward Brownshield, President
• Phone 701-966-2141 Cell 701-350-1745
• and
• Dr. Adnan Q. Aldayel
• VP Operation and Logistics
• Phone 701-947-2091 Cell 701-653-5959
• ANE Medical Records Services, LLC
• Spirit Lake Nation
• Fort Totten, North Dakota
• P.O. Box 161
• Fort Totten, ND 58335

2
Learning Objectives

• HIPAA regulations and how it may affect clinics,
  hospitals, and private practices with respect of
  Privacy, Transactions, and Security Rules.
• EMR (Electronic Medical Records) purpose and
  conversion process.
• EMB (Electronic Medical Billing) Impact of
  conversion from manual billing to electronic
  billing.

3
HIPAA regulations and how it may affect clinics,
hospitals, and private practices with respect of
Privacy, Transactions, and Security Rules.

• What is HIPAA?
• When did it start?
• Purpose and objectives
• What are HIPAAs components? Regulations
• How does it apply to you?
• Implementation deadlines.
• Enforcements

4
What does HIPAA stands for?

• HIPAA, which stands for the American Health
  Insurance Portability and Accountability Act of
  1996, is a set of rules to be followed by
  doctors, hospitals and other health care
  providers. HIPAA took effect on April 14, 2006.
  HIPAA helps ensure that all medical records,
  medical billing, and patient accounts meet
  certain consistent standards with regard to
  documentation, handling and privacy.

5
What does HIPAA stands for? (Cont.)

• In addition, HIPAA requires that all patients be
  able access their own medical records, correct
  errors or omissions, and be informed how personal
  information is shared/used. Other provisions
  involve notification of privacy procedures to the
  patient. HIPAA provisions that have led in many
  cases to extensive overhauling with regard to
  medical records and billing systems.

6
Purpose and Objectives

• HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY
  ACT OF 1996
• Public Law 104-191
• 104th Congress
• To amend the Internal Revenue Code of 1986
• To improve portability and continuity of health
  insurance coverage in the group and in individual
  markets,
• To combat waste ,fraud, and abuse in health
  insurance and health care delivery, to promote
  the use of medical savings accounts,
• To improve access to long-term care services and
  coverage,
• To simplify the administration of health
  insurance, and for other purposes.
• Enacted by the Senate and House of
  Representatives of the United States of America
  in Congress assembled.

7
What are the main objectives of HIPAA?

• 1. Accountability. HIPAA hopefully will reduce
  waste, fraud, and abuse. New penalties will be
  imposed. 2. Insurance Reform. HIPAA offers
  continuity and portability of health insurance,
  as well as providing limits on pre-existing
  provisions. 3. Administrative simplification.
  HIPAA mandates standards on electronic data
  transactions in a confidential and secure manner.

8
What is involved in HIPAA?

• HIPAA compliance can be summarized by three major
  rules or standards
• HIPAA Privacy Rule
• The HIPPA Privacy Rule mandates the protection
  and privacy of all health information. This rule
  specifically defines the authorized uses and
  disclosures of "individually-identifiable" health
  information.
• HIPAA Transactions and Code Set Rule
• The HIPPA Transaction and Code Set Standard
  addresses the use of predefined transaction
  standards and code sets for communications and
  transactions in the health-care industry.
• HIPAA Security Rule
• The HIPAA Security Rule mandates the security of
  electronic medical records (EMR). Unlike the
  Privacy Rule, which provides broader protection
  for all formats that health information make
  take, such as print or electronic information,
  the Security Rule addresses the technical aspects
  of protecting electronic health information. More
  specifically, the HIPPA Security standards
  addresses these aspects of security.

9
Who must comply with HIPAA?

• Any healthcare provider that electronically
  stores, processes or transmits medical records,
  medical claims, remittances, or certifications
  must comply with HIPAA regulations. HIPAA does
  not require a practice to purchase a
  computer-based system as it applies only to
  electronic medical transactions.

10
HIPAA Privacy Rule

• SAMHSA Programs to which the Privacy Rule
  applies
• The Privacy Rule applies to covered entities
  which are health plans, health care
  clearinghouses and health care providers who
  transmit health information in electronic form
  (i.e., via computer-based technology) in
  connection with transactions for which HHS has
  adopted a HIPAA standard in 45 CFR Part 162. See
  45 CFR 160.103. HIPAA transactions that a
  substance abuse treatment program might engage in
  include
• Submission of claims to health plans
• Coordination of benefits with health plans
• Inquiries to health plans regarding eligibility,
  coverage or benefits or status of health care
  claims
• Transmission of enrollment and other information
  related to payment to health plans
• Referral certification and authorization (i.e.,
  requests for review of health care to obtain an
  authorization for providing health care or
  requests to obtain authorization for referring an
  individual to another health care provider)
• Source The Confidentiality of Alcohol and Drug
  Abuse Patient Records Regulation and the HIPAA
  Privacy Rule Implications for Alcohol and
  Substance Abuse Programs, June 2004, SAMHSAs
  Part 2 HIPAA

11
HIPAA Privacy Rule

• If a substance abuse treatment program transmits
  health information electronically in connection
  with one or more of these Part 162 transactions,
  then it must comply with the Privacy Rule. Part
  162 may be amended in the future to cover
  additional transactions.
• The Privacy Rule generally defines a health care
  provider to include a person or organization who
  furnishes bills or is paid for health care in the
  normal course of business, which would include
  substance abuse treatment programs.
• Neither Part 2 nor the Privacy Rule protects
  employment records held by a program in its role
  as employer. Note that while 42 CFR Part 2
  arguably applies to substance abuse patient
  records covered by the Family Educational Rights
  and Privacy Act (FERPA) (20 USC 1232g 34 CFR
  Part 99), the Privacy Rule does not.
• Source The Confidentiality of Alcohol and Drug
  Abuse Patient Records Regulation and the HIPAA
  Privacy Rule Implications for Alcohol and
  Substance Abuse Programs, June 2004, SAMHSAs
  Part 2 HIPAA

12
HIPAA Transactions and Code Set Rule

• HIPAA calls for changes designed to streamline
  the administration of health care. It promotes
• uniformity by adopting transaction standards for
  several types of electronic health information
  transactions. No longer can every insurer have
  unique requirements for the processing of claims.
  Everyone covered by HIPAA will be required to
  provide the same information (standard formats)
  for processing claims and payments as well as
  for the maintenance and transmission of
  electronic health care information and data.
• In the short term, HIPAA will require effort,
  resources and commitment on the part of certain
  providers offices and other covered entities
  offices. In the long run, however, this law has
  major benefits. Right now, there are over 400
  different ways to submit a claim.

13
HIPAA Transactions and Code Set Rule

• With HIPAA there will be one way to conduct
  electronic claims. With these standards in place,
  your office staff may spend less time on the
  phone getting information they need.
• As a result, the standardization of submitting
  claims and simplification of processes should
  make getting paid quicker and easier and less
  costly.
• The requirements mandated by HIPAA should also
  help providers take advantage of new technologies
  and ultimately improve their overall business
  practices.

14
HIPAA Transactions and Code Set Rule

• local codes are replaced by standard national
  codes Electronic Transactions and Code Sets
  Requirements are activities involving the
  transfer of health care information for specific
  purposes.
• Under HIPAA Administration Simplification if a
  health care provider engages in one of the
  identified transactions, they must comply with
  the standard for that transaction.
• HIPAA requires every provider who does business
  electronically to use the same health care
  transactions, code sets, and identifiers.

15
HIPAA Transactions and Code Set Rule

• HIPAA has identified ten standard transactions
  for Electronic Data Interchange (EDI) for the
  transmission of health care data.
• 1. Claims or equivalent encounter information
• 2. Payment and remittance advice
• 3. Claim status inquiry and response
• 4. Eligibility inquiry and response
• 5. Referral certification and authorization
  inquiry and response
• 6. Enrollment and disenrollment in a health
  plan
• 7. Health plan premium payments
• 8. Coordination of benefits
• 9. Claims attachments
• 10. First report of injury

16
Code Sets

• Code sets are the codes used to identify
  specific diagnosis and clinical procedures on
  claims and encounter forms. The CPT-4 and ICD-9
  codes that you are familiar with are examples of
  code sets for procedure and diagnosis coding.
  Other code sets adopted under the Administrative
  Simplification provisions of HIPAA include codes
  sets used for claims involving
• 1. Medical supplies, orthotics, and DME- HCPCS
• 2. Diagnosis codes-ICD-9-CM,Vols 12
• 3. Inpatient hospital proceduresICD-9-CM,Vol 3
• 4. Dental services Code on dental procedures
  and nomenclature
• 5. Drugs/biologics NDC for retail pharmacy

17
HIPAA Security Rule

• All covered entities must be in compliance with
  the Security Rule no later than April 20, 2005,
  except small health plans which must comply no
  later than April 20, 2006.

18
HIPAA Security Rule

•  Administrative security - assignment of
  security responsibility to an individual. Physi
  cal security - required to protect electronic
  systems, equipment and data. Technical
  security - authentication encryption used to
  control access to data.

19
EMR (Electronic Medical Records)

• What are Electronic Medical Records?
• Why do we need to convert to EMR?
• What is involved in the conversion process?
• How do we go about converting to EMR?
• What is the cost involved in conversion to EMR?
• How much time does it take to complete the
  conversion process?

20
What are Electronic Medical Records?

• EMR are collection of DATA (Personal/Medical) in
  a digital format.
• A computer-based medical record for a patient
  that provides secure, real-time data access,
  sharing and evaluation for medical care.
• When a health provider transmit part or all of
  the data to other organizations outside the
  original health facility then it must comply with
  HIPAA regulations.

21
EMR

• Does converting to EMR makes you in compliance
  with HIPAA?
• NO. Just by having your records stored
  electronically doesnt mean that you are in
  compliance with the HIPAA.

22
EMR

• What is required in the EMRs for a health
  provider to be in compliance with HIPAA?
• HIPAA Privacy Rule Who may have access to the
  patients records?
• HIPAA Transactions and Code Set Rule Set
  standards of transactions codes to follow.
• HIPAA Security Rule This Rule addresses the
  technical aspects of protecting electronic health
  information. (Biometric or password)

23
Why do we need to convert to EMR?

• EMRs save space, time, and cuts cost.
• EMRs are portable, can be transmitted easily, and
  can be accessed by doctors and staff from
  anywhere.
• Patient, Employer, Health Provider, and Insurer
  need to communicate.
• Using electronic transmissions of data cuts cost
  and facilitates speed of delivery of information.
• It reduces the turn around time for bill
  collection.

24
What is involved in the conversion process?

• You will need to decide on who will do the
  conversion process. Is it going to be
• Internal
• Use existing staff do I have the capabilities?
• Hire new staff how many, how much will it cost,
  and how long it will take?
• External
• Turnkey HIPAA compliance
• Question. Are the patients data shipped overseas
  to facilitate the conversion or is it done in the
  US?

25
How do we go about converting to EMR?

• Take inventory of what you have
• Records, patients, doctors, employees, electronic
  platform
• Prioritize the components that will need to be
  converted
• What is to be done first?
• Draw the plan for the conversion
• Hardware, software, and documentation
• Implementation process
• Training
• Testing and controls- firewall and protection
  from outside hackers (Security Rule)
• Written guidelines and procedures

26
What is the cost involved in converting to EMR?

• This will depend on the complexity of your
  operation
• Number of medical procedures performed
• Number of patients or beds
• Number of physical facilities to be connected
• It is between US40,000 for a small setup to 5
  millions for larger inpatient facilities

27
How much time does it take to complete the
conversion process?

• Preliminary review 2-6 months
• Plan formulation 3-6 months
• Implementation 1-3 years
• Training
• initially 4 weeks
• 1-2 days refresher every quarter

28
Electronic Medical Billing

• Why do we need to use electronic medical billing?
• The benefits of Electronic Medical Billing.
• How to choose Medical Billing Software.
• The financial impact of converting from manual
  billing to electronic billing
• A Case study

29
Why do we need to use Electronic Medical Billing?

• Electronic medical billing software covers a wide
  range of functions
• tracking patient demographics, visits, and
  diagnoses
• collecting, transmitting, and tracking billing
  information and insurance payments
• managing appointment scheduling
• generating a variety of statistical reports
• In addition, most medical billing software will
  also bring you into compliance with the sections
  of the Health Insurance Portability and
  Accountability Act (HIPAA)

30
Benefits of changing to Electronic Medical Billing

• Besides HIPAA compliance, there are several
  other important benefits to be gained from the
  right electronic medical billing software
• Improved staff productivity - easy-to-use
  software improves efficiency
• Increased patient and customer satisfaction -
  more flexibility in scheduling and better access
  to personal information
• Faster payment from insurers - paper claims
  usually take 30 - 60 days, electronic claims are
  usually paid in 10 - 14 days
• Fewer errors in billing and insurance - correct
  and resubmit in hours, instead of weeks

31
What medical billing software is the best fit for
you?

• To find software that matches your specialty and
  office size you will need to ask the following
  questions
• Should I do the Medical Billing internally or
  externally?
• Does the system handle scheduling problems unique
  to your practice?
• Does the system recognize all the procedure and
  diagnosis codes your practice uses?
• Can the system handle multiple offices and
  multiple doctors?
• Can information be accessed from multiple
  locations?
• Does it include inventory tracking or the ability
  to manage several separate accounts?
• Is the EMB software co-integrated with Medical
  Practice Management (MPM) software?
• The software has to be HL7 - Health Level Seven.
• HL7 is a data exchange protocol and interface
  for medical records and billing software that
  allows different systems to interoperate.

32
The financial impact of converting from manual
billing to electronic billing

• A case study Superior Hospital
• Superior hospital and clinic records are kept
  manually in hard copy version. Medical exams and
  procedures are done on patients by the hospital.
  
• An outside medical billing company collects the
  hard copies of the medical services done to the
  patients on a daily basis and manually converts
  them to the proper billing codes.
• After properly coding the medical procedures, the
  medical billing company prints the hard copy of
  the claims and submits them to private insurance
  providers or Medicaid/Medicare for processing.
  The time lapse between when patients receive
  medical care and submission of the claims to the
  insurance companies averages 14 days.
• High percentages of the claims that are submitted
  at this time are not billable. According to the
  medical billing company who is contracted with
  Superior Hospital, 60 of the claims they submit
  are not billable and only 40 of the claims get
  paid.
• The billing company usually receives these not
  billable claims back after they submit them. The
  reasons for the rejection of these claims are
  mainly due to no insurance coverage or human
  error in coding.
• The billing company usually will not know if the
  claim is not billable until at least 6 weeks have
  passed the treatment date for the patient.

33
The cost of manual billing system

• Based on the facts from the total claims of 6500
  claims per month there are 3900 claims that are
  submitted and not paid by private insurance
  companies or Medicare /Medicaid.
• The cost to Superior Hospital for these not
  billable claims is approximately U.S. 6 million
  per year.
• Due to this problem, Superior hospital
• runs out of budget before year end
• incur losses every year, and
• reduce services to other patients who are in need
  of critical medical care.

34
Problems with this manual reporting in this case
study

• Low claim collection ratio 40 only vs. industry
  average of 85
• This can be improved by instituting an electronic
  filing and billing system. Guards can be
  implemented to reduce non-emergency treatments to
  noninsured patients.
• Turn around time for claims is too long 14 days
  before filing a claim and 6 weeks after treatment
  before finding the payment status.
• This problem will be greatly reduced by moving to
  electronic billing due to the time limitation for
  payment on claims submitted electronically.
• There is no accountability in the existing
  system.
• Problems are not easily identified due to the
  paper filing and paper billing.
• Noncompliance with HIPPA regulations.
• The hospital in this case study is not
  electronically connected within the facility-
  i.e. high labor cost.
• Patient cannot get treatments in locations other
  than where this hospital is located.
• The Indian Health Services headquarters have no
  way of analyzing data from hospitals and clinics
• Because data are compiled and saved manually it
  is difficult for Indian Health Services to
  statistically analyze the data and get meaningful
  results to improve services or accountability.

35
HIPAA Implementation Deadline

• HIPAA Administrative Simplification Compliance
  Deadlines
• October 15, 2002 - Deadline to submit a
  compliance extension form for Electronic Health
  Care Transactions and Code Sets.
• October 16, 2002 - Electronic Health Care
  Transactions and Code Sets - all covered entities
  except those who filed for an extension and are
  not a small health plan.
• April 14, 2003 Privacy - all covered entities
  except small health plans.
• April 16, 2003 Electronic Health Care
  Transactions and Code Sets - all covered entities
  must have started software and systems testing.
• October 16, 2003 - Electronic Health Care
  Transactions and Code Sets - all covered entities
  who filed for an extension and small health
  plans.
• October 16, 2003 - Medicare will only accept
  paper claims under limited circumstances.
• April 14, 2004 Privacy - small health plans.
• July 30, 2004 Employer Identifier Standard - all
  covered entities except small health plans.
• April 20, 2005 Security Standards - all covered
  entities except small health plans.
• August 1, 2005 Employer Identifier Standard -
  small health plans.
• April 20, 2006 Security Standards small health
  plans.
• May 23, 2007 National Provider Identifier - all
  covered entities except small health plans
• May 23, 2008 National Provider Identifier - small
  health plans

36
HIPAA Enforcement

• What are the penalties for HIPAA non-compliance?
• Fines up to 25,000 for multiple violations,
  250,000 or imprisonment up to 10 years for
  knowing abuse or misuse of individually-identifiab
  le health information.

37
Summarization

• HIPAA
• What HIPAA stands for?
• What are HIPAAs components?
• How does it apply to you?
• Implementation deadlines.
• EMR (Electronic Medical Records) purpose and
  conversion process
• EMB (Electronic Medical Billing) Impact of
  conversion from manual billing to electronic
  billing