Title: Implementing HIPAA Centers for Medicare
1Implementing the HIPAA RegulationsA Readiness
Workshop for the Rural/Small Provider
Updated January 23, 2003
2 The Why Who What When Where and How of
HIPAA Standard Transactions and Code Sets
3Implementing the HIPAA RegulationsA Readiness
Workshop for the Rural/Small Provider
Updated January 23, 2003
4 The Why Who What When Where and How of
HIPAA Standard Transactions and Code Sets
5Part I WHY was HIPAA enacted?
Presented by Walter G. Suarez, MD, MPH MIDWEST
CENTER FOR HIPAA EDUCATION
6HIPAA as an Opportunity
- Challenge Health care system in the US spends
to much on administrative processes - Over 1.3 trillion is spent annually in health
care (more than one-eighth of US economy close
to 14 of GDP most industrialized nations spend
7 of GDP) - Over 15 (up to 30) goes to administration
(200-400 billion!) - Lack of e-commerce and electronic exchange of
information higher costs more fragmented
system poorer quality of care - Unconnected individuals trying to coordinate care
means more, not fewer problems - Opportunity to retool tired processes and emerge
fitter, leaner and better ready to meet the
challenges of healthcare in the 21st century !
7The Big Pay-Off
8HIPAA Administrative Simplification Law
HIPAA Health Insurance Portability and
Accountability Act of 1996
Title I
Title II
Title III
Title IV
Title V
Administrative Simplification
Insurance Portability
Fraud and AbuseMedical Liability Reform
Tax RelatedHealth Provision
Group Health Plan Requirements
RevenueOff-sets
Security
Privacy
EDI
Transactions
Code Sets
Identifiers
9(No Transcript)
10HIPAA Administrative Simplification Provisions
- Overall Purpose of the Provisions
- Improve the efficiency and effectiveness of the
healthcare system by standardizing the electronic
data interchange of certain administrative and
financial transactions - Implement certain standard identifiers across the
industry - Protect the security and privacy of transmitted
information
11What is EDI?
- Electronic Data Interchange
- Standardized exchange of data between computers
- No human intervention
- Transact business quickly, cost effectively
12EDI -National Standard Transactions The
Healthcare EDI Cycle
- These electronic transactions will be
standardized
Transactions applicable to providers
13EDI - National Standard Code Sets
- HIPAA
- No local codes
- Standard codes for all payers
- ICD9
- CPT
- ADA
- NDC
- Easier contract analysis
- Reduced hassle
- Today
- Providers maintain multiple code sets (including
local codes) to meet different payer requirements
14EDI - National Standard Identifiers
- HIPAA
- National Provider ID
- National Employer ID
- The EIN Issued by IRS
- National Health Plan ID
- (National Individual ID)
- Today
- Multiple identifiers (examples)
- UPIN C86673
- Medicaid 25-00914
- Blue Cross 26A64PR
15What is the Purpose of the HIPAA Security Rule?
- To require covered entities to maintain
reasonable and appropriate administrative,
technical, and physical safeguards -- - to ensure integrity and confidentiality of
protected health information - to protect against reasonably anticipated
- threats or hazards to access of PHI
- unauthorized uses or disclosures of PHI
- Objective is to minimize the risk of intentional
or accidental disclosure or misuse, or the loss
or corruption of patient-identifiable information - Key philosophy is to identify and assess
risks/threats to availability, integrity and
confidentiality and take reasonable steps to
reduce risk.
16What is the Purpose of the HIPAA Privacy Rule?
- Protect and enhance the rights of consumers by
providing them access to their health information
and controlling the appropriate use of that
information - Improve the quality of health care in the U.S. by
enhancing consumers trust in the healthcare
system - Improve the efficiency and effectiveness of
healthcare delivery by creating a national
framework for health privacy protection that
builds on efforts by states, health systems,
individual organizations and the individual - The Office of Civil Rights (OCR) within the US
Dept of Health and Human Services has
jurisdiction over HIPAA Privacy
(http//www.hhs.gov/ocr/hipaa)
17The Majority of the Health Care Industry is
Impacted!(some directly, some indirectly)
- MANY who collects or sends administrative and
financial healthcare data - MANY who depends on this healthcare data to do
their work - MANY who works in a health care setting
18Part II WHO is Covered by HIPAA?
Presented by Walter G. Suarez, MD, MPH MIDWEST
CENTER FOR HIPAA EDUCATION
19Key Concepts About HIPAA Who Is a Covered
Entity
20HIPAA Administrative Simplification Law
- Who is covered
- a healthcare provider (defined as any person who
furnishes healthcare services or supplies) when
it chooses to electronically transmit any of the
covered transactions - all health plans, including government programs,
HMOs, indemnity insurers, and employer benefit
plans - all healthcare clearinghouses (companies retained
by plans and providers to help process healthcare
business transactions)
21When is a Provider a Covered Entityunder HIPAA?
- A healthcare provider is a covered entity when
- 1) they meet the definition of health care
provider (someone who furnishes healthcare
services and seeks payment for it) AND - 2) they conduct one of the named HIPAA
administrative transactions (i.e. claim
submission, claim payment, eligibility,
coordination of benefits, claim status inquiry,
referrals) AND - 3) they are conducting any of these transactions
electronically with a health plan who is a
covered entity under HIPAA
22What is Electronically?
- Electronic modes (include but are not limited
to) - Creating a file and submitting it via tapes,
disks, or data lines - Using a clearinghouse or billing service to
transmit data - Using a web application to conduct transactions
- Using Direct Data Entry applications
- Using Point of Service applications
- Using software tools provided to you
23What is not Electronically?
- Non-electronic modes
- Mailing a paper form
- Faxing a paper from a dedicated fax machine
- Calling to obtain information
24What does it mean to be a covered entity?
- For purposes of HIPAA Standard Electronic
Transactions and Code Sets - Covered entity must comply with national
standards when conducting the named transactions
electronically with a covered health plan - For purposes of HIPAA Privacy
- Covered entity must protect all individually
identifiable health information, regardless of
the method in which the data is maintained or
transmitted (paper, electronic, oral)
25Doing only some transactions electronically...
- If you are a provider conducting only a small
number of one or more of the HIPAA transactions
electronically with one or more health plans
(trading partners) - Provider is not required by HIPAA to conduct all
transactions with all trading partners
electronically. Any transaction standardized
under HIPAA conducted by a provider
electronically must be done in the HIPAA format. - BUT, health plans may require, under contractual
agreements, providers conduct transactions with
them electronically. However, this is not a
HIPAA requirement, rather, it is a business
decision. Contact your payers, clearinghouse, or
billing service to discuss their HIPAA plans.
26Electronic Transaction Requirements for Medicare
under ASCA
- The Administrative Simplification Compliance Act
(ASCA) prohibits HHS from paying Medicare claims
that are not submitted electronically after
October 16, 2003, unless the Secretary grants a
waiver from this requirement - It further provides that the Secretary must grant
such a waiver if there is no method available for
the submission of claims in electronic form or if
the entity submitting the claim is a small
provider of services or supplies
27Electronic Transaction Requirements for Medicare
under ASCA
- Small providers are defined as having fewer than
25 full time equivalent employees for providers
of services or fewer than 10 employees for
physician, practitioners, facility, or supplier - Most providers already submit to Medicare
electronically (98 of Part A providers and 85
of Part B providers) - HHS will publish proposed regulations to
implement this new authority. Stay tuned to your
Medicare Provider Bulletins for more information.
28Trading Partners
- Who is a trading partner?
- An organization with whom a covered entity
exchanges information electronically using the
named transaction standards - A health plan and a provider are trading partners
- A provider and a clearinghouse are trading
partners - Usually a trading partner agreement is
established between the two entities
29Business Associates
- Who is a business associate (BA)?
- A business associate is an individual or
organization that - Performs, or assists in the performance of, a
function or activity on behalf of the covered
entity, involving the use or disclosure of PHI
(such as claims processing or administration,
data analysis, utilization review, quality
assurance, billing, practice management, etc.)
or - Provides legal, actuarial accounting consulting,
data aggregation, management, administrative,
accreditation, or financial services to or for a
covered entity - A covered entity may be a business associate of
another covered entity - Clinical/case management services offered by a
provider to a covered entity requires a BA
relationship
30Examples A Medical Clinic Setting
- Medical clinic with 2 physicians
- Has a computer to keep track of patient records
- But does all transactions via paper or phone
(sending claims, checking eligibility) - Clinic is not subject to HIPAA
31Examples A Medical Clinic Setting
- Medical clinic with 10 physicians
- Has a computer system with a practice management
software (PMS) - PMS vendor connects at end of day to extract
claims information and send it electronically to
payers - Clinic is subject to HIPAA
- Clinic must work with PMS vendor to ensure that
the software it uses is capable of generating
HIPAA compliant transactions
32Examples A Medical Clinic Setting
- Medical clinic with 20 physicians
- Has a computer to keep track of patient records
and to fill-in claims information - Connects to a clearinghouse to submit claims
electronically to payers - Clinic is subject to HIPAA
- Clinic must work with the clearinghouse to ensure
that they will be transmitting the transactions
using the HIPAA-mandated standards
33Examples A Nursing Home Setting
- Nursing home uses the Medicare Part A DDE
system to file/edit claims - Nursing home is a provider, is conducting a HIPAA
transaction, and is conducting it electronically - Nursing home is subject to HIPAA
- The entity providing the DDE service is
responsible for making the DDE system HIPAA
compliant. If their DDE system is not compliant
with HIPAA requirements and you use it, you are
not in compliance.
34Examples A Hospital Setting
- Hospital uses a Hospital Information System (HIS)
to maintain all patient information - Hospitals contracts with a clearinghouse to send
transactions electronically - Hospital is subject to HIPAA
- Hospital needs to make sure that data that is
provided to clearinghouse is the minimum needed
to generate the transaction
35ExamplesConducting Transactions Through Other
Methods
- Checking eligibility using a web application
offered by a plan - Using software provided by a plan (i.e.
Medicaids MN-ITS or Medicare) to conduct any of
the transactions - In both instances, the entity providing the
application is responsible for making the
application HIPAA compliant - The entity using the application becomes subject
to HIPAA
36CMS Decision Tool
- Still not sure if you are a covered
- entityunder HIPAA?
- Try our Provider Readiness Checklist
- http//www.cms.hhs.gov/hipaa/hipaa2/ReadinessChkLs
t.pdf - Or, try our Covered Entity Decision Tool
- http//www.cms.gov/hipaa/hipaa2/support/tools/deci
sionsupport/default.asp
37Part III WHAT IS INVOLVED WITH HIPAA
Transactions and Code Sets?
Presented by John Lilleston Verizon Information
Technologies, Inc. SNIP Transactions Testing
Sub-workgroup Co-Chair
38Why Use Standard Transactions?
- Today there are hundreds of non-standard,
proprietary formats being exchanged - There are also dozens of unique implementations
of NSF, UB92, etc? - Standard transactions promote interoperability
between covered entities - Reduces costs, human interaction, and promotes
COB models
39Required Electronic Standards
-
- Claim or encounter ANSI ASC X12N
- -- Professional 837-P v. 4010
- -- Institutional 837-I v. 4010
- -- Dental 837-D v. 4010
- -- Retail Pharmacy NCPDP Standard
- Claim payment and remittance 835 v. 4010
- Coordination of Benefits 837 v. 4010
- Eligibility Request Response 270/271 v. 4010
- Authoriz./Certific. Req,/Resp. 278 v. 4010
- Claim Status Inquiry Response 276/277 v.
4010 - Enrollment/Dis-enrollment 834 v. 4010
- Premium Payment 820 v. 4010
- NOTE Final publication of an Addenda is
expected in the coming - weeks. The Addenda will make technical changes
to some of the - Transaction standards. Once adopted, the
required version to be
40HIPAA Implementation Guides
- Official manual on how to implement each
transaction - Each transaction has an implementation guide
- Copies available athttp//www.wpc-edi.com
41HIPAA Implementation Guides
- Define the data format and the data content
requirements - Data format defines the structure of the file
- Data content defines the specific data elements
required - Three type of data elements
- Required data elements
- Situational data elements
- Not used data elements
42HIPAA Implementation Guides
- Each payer will develop and make available to
providers a companion document defining their
required situational data elements - Medicare (through its carriers and fiscal
intermediaries), Medicaid and other payers in the
market are coming up with their companion
document - Available from their web sites
43Standard Code Sets
- Only standard code sets can be transmitted in
the mandated transactions - External Medical Codes Named in the Rules
- ICD-9
- CPT-4
- HCPCS
- NDC (for retail pharmacy transactions
thisstandard to be addressed in an upcoming
rule) - External Non-Medical Codes Named in the
Implementation Guides - Adjustment Reason Codes
- Taxonomy Codes
- Implementation Guide Internal Code Sets, etc.
- No local codes will be allowed
44Real Time vs. Batch Transactions
- Implementation Guides explain the different
types of processing for the transactions - Batch Typically grouped together in large
quantities and processed en-masse. No continued
connectivity - Real Time Require an immediate response.
Submitter remains connected awaiting response
45Web and Direct Data Entry Transactions
- Trend to web-enable large payer systems for
transaction submission - All web and direct data entry systems must at
least meet the data content portion of the
respective HIPAA transaction standard
46Testing for Compliance
- ASCA mandates all covered entities must begin
testing by 4/16/2003 - Rule does not specifically define testing
- Has been interpreted as internal testing (not
necessarily with trading partners)
47Testing Best Practices
- Testing
- WEDI SNIP Defined Testing Types 1-7
- Type 1 Integrity Testing
- Type 2 Requirement Testing
- Type 3 Balancing
- Type 4 Situation Testing
- Type 5 Code Set Testing
- Type 6 Product Types/Lines of Service Testing
- Type 7 Implementation Guide Payer Specific Rules
- Certification
- Verification via a third party tool
- Example You use a translator internally to
generate X12/NCPDP transactions. Validate your
transaction with an automated testing tool. List
of tools and vendors available at SNIP website
snip_at_wedi.org
WEDI/SNIP White Paper at http//snip.wedi.org/
48Testing Best Practices
- Business to Business Testing
- Timeframe can be shortened if previous testing
completed - Load/Capacity/Volume Testing
- Transmission Integrity
- Field Lengths
- Output
- Security/Privacy
49Translators
- Provide functionality for you to map your current
transaction formats to and from HIPAA-compliant
transactions - Act as front and back end of your system
- Usually reside in-house
- Vendor supplies tool for you
- All mapping and translation rules written by the
purchaser - Normally will validate and verify syntax, format,
internal code sets - Implementation guide rules normally incorporated
into vendor-supplied formats
50Clearinghouses
- Provide service of transforming proprietary
transaction formats into HIPAA-compliant formats
and vice versa - Perform both translation and routing functions
- Works with customer to develop mapping rules and
processes - Normally map to a clearinghouse common format
then translate to HIPAA-mandated format - Normally charge a per transaction fee
- If payer mandates use of a specific
clearinghouse, payer is responsible for fees
51Clearinghouse as a Business Associates
- A BA is a person or entity who performs a
function or activity on behalf of a covered
entity and that, in order to perform such
function or activity, it need to use or disclose
Protected Health Information - E.G A covered healthcare provider uses a
clearinghouse to submit and receive transactions
the clearinghouse needs to use and disclose PHI
in order to perform its functions, then the
clearinghouse is a business associate of the
provider - To determine if a business associate must use a
standard transaction, you must look at the
definition of the transaction itself - See http//aspe.hhs.gov/adminsimp/final/txtfin00.h
tm (preamble of Electronic Transactions and Code
Sets Rule. Preamble is plain English discussion
of the Rule itself) - See http//aspe.hhs.gov/adminsimp/final/txtfin01.h
tm (Electronic Transactions and Code Sets Rule
text)
52Questions and Discussion
53Part IV WHEN are the deadlines for compliance
of Standard Transactions and Code Sets?
Presented by Lin Quinkert GovConnect Inc. SNIP
Transactions Workgroup Co-chair
54HIPAA Timeline
- President Clinton signed the Health Insurance
Portability and Accountability Act (HIPAA) into
law August 21, 1996 -
-
-
- Aug 1998 - Department of Health Human Services
(DHHS) published the first HIPAA Notices of
Proposed Rule Making (NPRMs) which included the
NPRM for Standard Electronic Transactions and
Code Sets (TCS)
55Timeline to Compliance
- Notice of Proposed
- Rulemaking (NPMR)
- published as final
60 day notification and comment period
Final rule adopted - implementation clock
starts running
24 months later - compliance required
56Electronic Transactions and Code Sets Rule
Becomes Final
- August 17, 2000 - Electronic Transactions and
Code Sets (TCS) was published as first final rule
with mandatory compliance within 24 months, after
the 2 month notification period for a total of
26 months -
- Which set a compliance deadline of October 16,
2002 - but
57Would the Industry Be Ready?
Due to costs, resources and vendors not having
their products ready many in the industry stated
they could NOT be ready by the October 2002
compliance deadline Others strongly felt that 26
months was not enough time for compliance with
the Electronic Transactions and Code Sets Rule
because of the effort it involved
58An Extension Was Passed
The Administrative Simplification Compliance Act
(ASCA), authorized a one-year extension to Oct.
16, 2003 for those covered entities required to
comply in 2002 if The covered
entity filed a compliance plan with the DHHS by
October 16, 2002 (See WHO Presentation) The
extension only applied to the Electronic
Transactions and Code Sets standards
implementation timeframe
59Medicare Claims Require Electronic Submission
All claims submitted to Medicare on or after
October 16, 2003, must be in the HIPAA standard
electronic format, unless - There is no method
available for the submission of claims in
electronic form or, - The entity submitting a
claim is a small provider of services or supplier
(definition provided earlier)
60Enforcement through exclusion from participation
in Medicare
A covered entity who fails to submit a plan and
who is not in compliance with the applicable
requirements on or after October 16, 2002 the
covered entity may be excluded in participation
as a Medicare contractor or provider, at the
discretion of the Secretary of HHS
61What If We Didnt File A Plan?
- Complaint-Driven Enforcement Process
- The enforcement process for HIPAA
transactions and code sets (and for security and
standard identifiers when those are adopted) will
be primarily complaint-driven. - Upon receipt of a complaint, CMS would
notify the provider of the complaint, and the
provider would have the opportunity to
demonstrate compliance, or to submit a corrective
action plan. - If the provider does neither, CMS will have
the discretion to impose penalties. - Covered entity that did not submit an
extension request and are not in compliance with
the Electronic Transactions and Code Sets
requirements, should come into compliance as soon
as possible, and should be prepared to submit a
corrective action plan in the event a complaint
is filed against them - Penalties will only be filed as a last resort
62Future NPRMS or Final Rules
- 2nd NPRM Transactions Code Sets
05/31/2002 - Proposes modifications which are a result of the
DSMO process to maintain standards and process
requests for adoption or modifying adopted
standards - Proposes to repeal the adoption of the National
Drug Code (NDC) as the standard medical data code
set for reporting drugs and biologics in all
standard transactions except for retail pharmacy - Final Rule expected shortly
- Sign up for free list serve to know when new
HIPAA Rules are published - http//www.cms.hhs.gov/hipaa/hipaa2/regulations/ls
notify.asp - Final Employer Identifier (EIN)
05/31/2002 - This final rule establishes the IRS Employer
Identification Number (EIN) as the standard
unique employer identifier and the requirements
concerning its use (generally a 9 digit
identifier assigned by the IRS to employers)
63Coming Attractions
- We know to expect more standards to be issued,
such as - Claims Attachment
- First Report of Injury
- Others
64Maintenance of the Standards
HHS recognized the need for the ongoing
maintenance of the HIPAA transaction standards,
especially the need for the industry to collect,
review and recommend changes to the standards
The final regulation for Electronic
Transactions and Code Sets established a set of
organizations called Designated Standards
Maintenance Organizations (DSMOs) to receive and
process requests for modifications to standards
or for adopting new standards
65DSMO Formed
At a NCVHS Security and Standards Subcommittee
meeting on March 31, 2000, these six
organizations signed a Memorandum of
Understanding (MOU) agreeing to a national
process to manage the maintenance of HIPAA
standards They agreed to work cooperatively to
accept requests through a public web site, review
these requests, and develop a joint
recommendation to the NCVHS as to whether or not
these requested changes should be made to the
standards This process in now in full operation
66Who are the DSMOs?
- The final regulation had an accompanying notice
which named the following organizations as DSMOs - - Accredited Standards Committee X12 (ASC X12)
- - Dental Content Committee of the American
Dental Association (CDT) - - Health Level Seven (HL7)
- - National Council for Prescription Drug
Programs (NCPDP) - - National Uniform Billing Committee (NUBC)
- - National Uniform Claim Committee (NUCC)
67 Process for Modification of Existing
Standards and Adoption of New Standards
The Secretary considers a recommendation for a
proposed modification to an existing standard, or
a proposed new standard, only if the
recommendation is developed through a process
that provides for the following (1) Open public
access (2) Coordination with other DSMOs (3) An
appeals process for each of the following, if
dissatisfied with the decision on the request
(i) The requestor of the proposed
modification (ii) A DSMO that participated
in the review and analysis of the request
for the proposed modification, or the
proposed new standard (4) Expedited process to
address content needs identified within the
industry, if appropriate (5) Submission of the
recommendation to the National Committee on Vital
and Health Statistics (NCVHS)
68Benefits of the DSMOs
- The DSMO process has numerous and obvious
benefits - - It represents an industry effort to keep the
standards current - - It allows full public input and gives the
parties most affected by these change requests
the opportunity to review and respond to them - - It also brings together several disparate
constituencies working together in this process
69Get in the swim of things !
DSMOs
SNIP
OCR
Addenda
Implementation Guides
NPRM
WEDI
CMS
ASCA
70Questions and Discussion
71Part V WHERE are the impacts of HIPAA
Transactions and Code Sets?
Presented by John Lilleston Verizon Information
Technologies, Inc. SNIP Transactions Testing
Sub-workgroup Co-Chair
72Points of Impact
- Perform analysis
- Review existing workflows per transaction
- Can this be improved/automated?
- Can information returned be better
utilized/automated? - Do you use non-standard codes in these processes?
Can you incorporate standard codes or do you
need to crosswalk? - Is there value in implementing HIPAA transactions
which you dont currently conduct electronically? - Is there value in implementing transactions not
currently required by HIPAA? - Incorporate Privacy/Security provisions into
processes
73Business Processes
- HIPAA Transactions Aid in Streamlining Business
Processes - 270/271
- Rosters
- Internal Databases of Eligibility Information
- 276/277 Unsolicited 277s for pended claims
- 278 Time/money savings due to lack of human
intervention? - 835 Post to accounts receivable systems, NCPDP
claim payments on 835s - 837 COB model
74System Changes
- Does your vendor plan on making your current
practice management systems HIPAA compliant by
the mandated deadlines? - If not, can a clearinghouse/translator solution
solve your Transaction/Code Set issues? - Do you have a need to crosswalk standard code
sets to ones used by your internal systems? - Do you plan on internalizing standard code sets?
- What information on received transactions could
be posted electronically to these systems?
75Policy Changes
- Internal Changes
- One of the goals of HIPAA is to realize cost
savings and streamline processes. How can you
take advantage of this? Example - Eligibility Verification
- Check each time
- Build internal database
- Real time versus batch mode (daily appointment
schedule or as patients arrive?)
76Policy Changes
- External Changes
- Most providers submit to more than one payer
- Payers may have individual companion guides
- Syntax, format of transactions remain the same
- Field values required for completion of
transaction may vary - Especially true until National Identifiers are
implemented
77Policy Changes
- Trading Partner Agreements
- Define exactly how two entities who exchange
transactions will do business - Communication methods
- Submitter/Receiver Ids
- Delimiters
- Frequency
- Turnaround Expectations
- What transactions will be exchanged?
- What X12N version will be utilized (for future
use)?
78Vendor Risk
- Track Vendor Progress
- Ask to review project plan
- Hold regularly planned status meetings
- Ensures they are meeting plan deadlines/milestones
- Decide upon change management process prior to
start of plan - Stay informed of action items to get back on
track with plan - Ask about vendor remediation approach/methodology
79Vendor Risk
- Vendor Testing Approach
- Are they testing at all WEDI SNIP recommended
types? - If not, when will these types be covered?
- Are they certifying the transactions
received/generated from the software? - If so, what tools are they using?
- Should you use same/different tools?
- Agree to a process prior to testing if
differences of opinion arise
80Vendor Risks
- Vendor Testing Approach
- ASCA mandates covered entities test
- How can vendor assist you with your testing?
- Ask to review their test plans/cases
- Build your own test plans/cases
- Emphasize vendors weak/missed items
- How does vendor handle error transactions, 997
acknowledgements (997 acknowledgement transaction
is not required by HIPAA)?
81Questions and Discussion
82Part VI HOW to implement HIPAA Transactions and
Code Sets
Presented by Walter G. Suarez, MD, MPH MIDWEST
CENTER FOR HIPAA EDUCATION
83Implementation of HIPAA Transactions by Small
Providers
- Claim Submission
- Those done electronically must use HIPAA
transaction standards - Paper forms will continue to exist
- UB92 ? UB02 (by 2004)
- CMS-1500 Form (formerly HCFA1500) to be continued
unchanged
84Implementation of HIPAA Transactions by Small
Providers
- Claim Payment
- Paper claim payment (check) and paper EOB will
continue to be supported by some plans - Electronic Remittance Advice/EOB must meet
national transaction standard (835) - Most payers web applications will allow
web-based access to EOB information - Eligibility, Referrals, Claim Status
- Paper transactions for all three processes will
continue to be supported by paper, fax, phone by
most payers - The three transactions are very well-suited for
web-based applications - Most payers applications will support both
interactive and batch submission/response on
their web-based systems
85Implementation of HIPAA Transactions by Small
Providers
- Changes on Payer Systems
- Major changes in all payers direct data entry
system as they need to become HIPAA compliant - Data content (data elements) on the entry system
must meet the data content portion of the
national electronic standard - Systems will also need to be capable of receiving
data transfers (directly or through a
clearinghouse) from providers - If provider chooses to send data electronically,
they must use the national standard format and
content (can be done directly or through a
clearinghouse)
86Medicare
- Major changes on their current direct data entry
system - Applied for HIPAA Compliance Extension
- Free/low cost HIPAA-compliant software available
from carriers and Fiscal Intermediaries for
providers to submit Medicare claims
electronically - Trading partner agreement coming up
- Companion document establishing Medicare-required
situational data elements - Check following Medicare web sites
- Provider software information athttp//www.cms.g
ov/providers/edi - Provider HIPAA Readiness Checklist at
http//www.cms.gov/hipaa/hipaa2/ReadinessChkLst.pd
f
87Private Payers
- Most local payers applied for HIPAA Electronic
Transactions Compliance Extension - Most private payers are updating their web sites
to allow interactive transactions (similar to
Medicaid) - Payers are also developing their companion
documents to define their specific requirements
for the situational data elements - Payers will also make their trading partner
agreements available to providers
88Implementation of HIPAA Transactions by Small
Providers
Implementing Transactions via a Clearinghouse
Hospital A
Health Plan B
Claim Data (any Format)
Claim Data (Any Format)
Claim Data ANSI 837 Req.
Claim Payment (any Format)
Claim Payment (Any Format)
Claim Payment ANSI 835 Req.
Contract b/w Hosp A Ch X
Contract b/w HP B Ch Y
Clearinghouse X
Clearinghouse Y
89Implementation of HIPAA Transactions by Small
Providers
Direct Exchange Between Providers and Health Plans
Health Plan
Claim - ANSI 837 Req.
RTF - A
Claim Payment - ANSI 835 Req.
Claim Data (Any Format)
Claim - ANSI 837 Req.
Claim Payment (Any Format)
RTF - B
Claim Payment ANSI 835 Req.
Health Plans Clearinghouse
90Top Questions to Ask Your Clearinghouse
- Will they be certified by a third-party vendor?
- When will they be able to test HIPAA-compliant
transactions? - When will they be capable of conducting
production-level HIPAA-compliant transactions? - When will they support the required code sets?
- Will you be able to continue processing claims in
existing electronic formats while the testing of
new formats is being done? - What telecommunication methods can you use to
access the clearinghouse (direct dial, dedicated
connections, internet, others) - What security system changes need to be done to
the systems (final security rules to be published
in the coming weeks) - What are the clearinghouses contingency plans if
it cannot deliver the necessary modifications on
time?
91Top Questions to Ask Your Software Vendor
- What software updates will be needed to become
HIPAA compliant? - When will the software updates be available?
- Has the software received third-party
certification that it can generate HIPAA
compliant transactions? - Has the software data base been modified to allow
entry and storage of all required and situational
data elements used to build the HIPAA
transactions? - Will the software let the practice exchange these
transactions directly with payers, or do they
have to go through a specific intermediary (a
clearinghouse)? - How will the software accommodate the anticipated
National Provider Identifier and the National
Payer Identifiers (rules to be published later
this year)? - What are the vendors contingency plans if it
cannot deliver the necessary modifications on
time?
92Phases of HIPAA ImplementationGap Analysis
93Phases of HIPAA ImplementationGap Analysis
94EDI Gap Analysis
- Purpose
- To identify deficiencies or gaps in processes and
data - To compare the data you already have available
electronically in your systems with the data that
is required in the HIPAA transactions
95Core Transaction Gap Analysis Steps
- Step 1 Assessment of Transactions
- Step 2 Assessment of Data Format
- Step 3 Assessment of Data Content
- Step 4 Assessment of Data Sources
- Step 5 Assessment of Data Systems
- Step 6 Assessment of Trading Partners
96Transaction Gap Analysis Step1
- Step 1 Assessment of Transactions
- Which HIPAA transactions are you currently doing?
- With which trading partners?
- What are the transaction volumes?
97HIPAA Electronic Transaction Assessment Matrix
Claim Claim Elig Referral Claim
COB Subm Paym
Status
- Format - Content - Volume
Medicare Medicaid BCBS Payer X Payer Y
98Transaction Gap Analysis Steps 2 and 3
- Step 2 Assessment of Data Format
- What formats are you using to send transactions?
- Step 3 Assessment of Data Content
- What data elements are you missing from the
standard? - What sources of data can you use to fill gap?
- What is your interpretation of situational data
elements?
99Transaction Gap Analysis Steps 4 and 5
- Step 4 Assessment of Data Sources
- What data systems feed the transactions?
- What would be the sources of the new data needed
to fill any data gaps? - Step 5 Assessment of Data Systems
- Will hardware/software applications be ready to
comply with HIPAA requirements? - Will system modifications be offered?
100Transaction Gap Analysis Step 6
- Step 6 Assessment of Trading Partners
- Who are you doing what with, and how
- Survey your trading partners to understand their
HIPAA compliance plans - Discuss their interpretation of situational
elements - Review trading partner agreements with legal
counsel
101Transaction Gap Analysis Outcomes
- Priority transactions
- Priority trading partners
- Data format gaps
- Steps for redefining data formats
- Data Content gaps
- Existing/new sources for filling data gaps
102Phases of HIPAA Implementation Transaction
Sequencing and System Change Development
103Importance of Transaction Sequencing
- Big-bang approach is not feasible
- Each transaction requires its own internal
planning, development and deployment - Multiple transactions require a well planned
schedule for planning and implementation - Multiple trading partners require significant
coordination
104Transaction Sequencing Timetable(Your Timetable)
Phases Group 1 Group 2 Group 3 Group 4
Group 5 Group 6
- 270 - 271
- 834
- 278
- 820
- 276 - 277
- 837 - 835
Transaction Internal Development. Beta Testing
System Readiness Full System Deployment .
10/16/2003 10/16/2003 10/16/2003 10/16/2003
10/16/2003 10/16/2003
105Importance of Transaction Sequencing
- Big-bang approach is not feasible
- Each transaction requires its own internal
planning, development and deployment - Multiple transactions require a well planned
schedule for planning and implementation - Multiple trading partners require significant
coordination
106Transaction Sequencing Timetable(Your Timetable)
Phases Group 1 Group 2 Group 3 Group 4
Group 5 Group 6
- 270 - 271
- 834
- 278
- 820
- 276 - 277
- 837 - 835
Transaction Internal Development. Beta Testing
System Readiness Full System Deployment .
10/16/2003 10/16/2003 10/16/2003 10/16/2003
10/16/2003 10/16/2003
107Phases of HIPAA Implementation Compliance
Testing
108Compliance Testing Purpose
- To ensure that the submission of HIPAA
transactions from one trading partner to another
meets the data format and content requirements
109Compliance Testing From Testing to
Certification
- Testing
- Internal testing (confidential)
- Against neutral testing organization
- External preliminary testing
- With 1-2 selected trading partners
- Start testing as early as possible
- Certification
- Done through industry-known third-party
organizations - To confirmation that your transactions meet HIPAA
requirements - 80-20 rule allows you to meet the core HIPAA
requirements - Still need to testing separately for each trading
partners companion document
110Compliance Testing Types of Testing
- Level 1 - EDI Syntax Integrity
- Valid segments, order, elements
- Level 2 - HIPAA Syntactical Requirements
- HIPAA Implementation guide-specifics
- Repeat counts, used/not-used codes, required
elements and segments, non-medical codes - Level 3 - Balancing
- Balanced field totals/records/segment counts
- Financial balancing of remittance advice
- Balancing of summary fields
111Compliance Testing Types of Testing
- Level 4 - Situation testing
- Specific inter-segment situations as specified in
HIPAA guides (if A occurs then B must be
reported) - Also validation of situational fields given
values or situations present elsewhere (if claim
is for accident - report accident date) - Level 5 - External code set testing
- Valid HIPAA implementation guide-specific code
set values (include appropriate use) - Level 6 - Product types/type of service
- Specialized testing required by certain
organizations (i.e. ambulance, chiropractor, home
health, etc) - Level 7 - Trading Partner Testing (NEW)
- Medicare
- Medicaid
- Indian Health Services
112Compliance Testing Value of Cross-Certification
- Coordination across payers, providers and vendors
- Consistency in the use/results of testing
- Cost-benefit for all parties
- List of certification systems available (see
attached)
113Trading Partner Agreements
114Trading Partner Agreements Key Issues
- Are trading partner agreements required?
- Can trading partner agreement be standardized?
- What should be included in a trading partner
agreement?
115Trading Partner Agreements Key Issues
- Definition of a trading partner agreement
- an agreement related to the exchange of
information in electronic transactions, whether
the agreement is distinct or part of a larger
agreement, between each party to the agreement
(For example, a trading partner agreement may
specify among other things, the duties and
responsibilities of each party to the agreement
in conducting a standard transaction.)
116Trading Partner Agreements Key Issues
- Are trading partner agreements required?
- Not per-se a requirement under the final
transaction/code set rules but strongly
recommended between any two entities that enter
into direct exchange of electronic health
information - Can trading partner agreement be standardized?
- Yes
- Most general areas and topics covered by the
agreement - Some general text and language used in the
agreement
117Trading Partner Agreements Key Issues
- What should be included in a trading partner
agreement? - Communications details for establishing
connectivity - Testing requirements before production system in
place - Financial arrangements including which partner is
responsible for what costs (telecomm, transaction
fees) - Interpretation of the HIPAA guides (required and
situational elements) - Functions that are optional according to HIPAA
rules - Security requirements and agreements
- Data clarification that supplements guides should
be placed in separate addendum
118Trading Partner Agreements Key Issues
- A trading partner agreement cannot
- Change definition, data condition, or use of a
data element or segment - Add any data elements or segments to the maximum
data set defined - Use any code or data element that either are
marked as not used or are not in the standards
implementation guide - Change the meaning or intent of the transaction
standards or their implementation guides
119Trading Partner Agreements Key Issues
- Trading partner agreements and Companion Guides
- A trading partner agreement generally delineates
relative responsibilities including the cost and
expected response times for transactions. - A companion guide document is not defined in the
regulations. The companion guide identifies the
specific interpretations that a health plan gives
to certain situational data elements. - The two documents can be combined in one
- The companion guide is generally quite detailed
and expands upon the implementation guides. - Note that in no case may either document
contradict the transaction standard or its
implementation guide.
120Questions and Discussion