Implementing HIPAA Centers for Medicare

1
Implementing the HIPAA RegulationsA Readiness
Workshop for the Rural/Small Provider
Updated January 23, 2003
2
The Why Who What When Where and How of
HIPAA Standard Transactions and Code Sets
3
Implementing the HIPAA RegulationsA Readiness
Workshop for the Rural/Small Provider
Updated January 23, 2003
4
The Why Who What When Where and How of
HIPAA Standard Transactions and Code Sets
5
Part I WHY was HIPAA enacted?
Presented by Walter G. Suarez, MD, MPH MIDWEST
CENTER FOR HIPAA EDUCATION
6
HIPAA as an Opportunity

• Challenge Health care system in the US spends
  to much on administrative processes
• Over 1.3 trillion is spent annually in health
  care (more than one-eighth of US economy close
  to 14 of GDP most industrialized nations spend
  7 of GDP)
• Over 15 (up to 30) goes to administration
  (200-400 billion!)
• Lack of e-commerce and electronic exchange of
  information higher costs more fragmented
  system poorer quality of care
• Unconnected individuals trying to coordinate care
  means more, not fewer problems
• Opportunity to retool tired processes and emerge
  fitter, leaner and better ready to meet the
  challenges of healthcare in the 21st century !

7
The Big Pay-Off




8
HIPAA Administrative Simplification Law
HIPAA Health Insurance Portability and
Accountability Act of 1996
Title I
Title II
Title III
Title IV
Title V
Administrative Simplification
Insurance Portability
Fraud and AbuseMedical Liability Reform
Tax RelatedHealth Provision
Group Health Plan Requirements
RevenueOff-sets
Security
Privacy
EDI
Transactions
Code Sets
Identifiers
9
(No Transcript)
10
HIPAA Administrative Simplification Provisions

• Overall Purpose of the Provisions
• Improve the efficiency and effectiveness of the
  healthcare system by standardizing the electronic
  data interchange of certain administrative and
  financial transactions
• Implement certain standard identifiers across the
  industry
• Protect the security and privacy of transmitted
  information

11
What is EDI?

• Electronic Data Interchange
• Standardized exchange of data between computers
• No human intervention
• Transact business quickly, cost effectively

12
EDI -National Standard Transactions The
Healthcare EDI Cycle

• These electronic transactions will be
  standardized

Transactions applicable to providers
13
EDI - National Standard Code Sets

• HIPAA
• No local codes
• Standard codes for all payers
• ICD9
• CPT
• ADA
• NDC
• Easier contract analysis
• Reduced hassle

• Today
• Providers maintain multiple code sets (including
  local codes) to meet different payer requirements

14
EDI - National Standard Identifiers

• HIPAA
• National Provider ID
• National Employer ID
• The EIN Issued by IRS
• National Health Plan ID
• (National Individual ID)

• Today
• Multiple identifiers (examples)
• UPIN C86673
• Medicaid 25-00914
• Blue Cross 26A64PR

15
What is the Purpose of the HIPAA Security Rule?

• To require covered entities to maintain
  reasonable and appropriate administrative,
  technical, and physical safeguards --
• to ensure integrity and confidentiality of
  protected health information
• to protect against reasonably anticipated
• threats or hazards to access of PHI
• unauthorized uses or disclosures of PHI
• Objective is to minimize the risk of intentional
  or accidental disclosure or misuse, or the loss
  or corruption of patient-identifiable information
• Key philosophy is to identify and assess
  risks/threats to availability, integrity and
  confidentiality and take reasonable steps to
  reduce risk.

16
What is the Purpose of the HIPAA Privacy Rule?

• Protect and enhance the rights of consumers by
  providing them access to their health information
  and controlling the appropriate use of that
  information
• Improve the quality of health care in the U.S. by
  enhancing consumers trust in the healthcare
  system
• Improve the efficiency and effectiveness of
  healthcare delivery by creating a national
  framework for health privacy protection that
  builds on efforts by states, health systems,
  individual organizations and the individual
• The Office of Civil Rights (OCR) within the US
  Dept of Health and Human Services has
  jurisdiction over HIPAA Privacy
  (http//www.hhs.gov/ocr/hipaa)

17
The Majority of the Health Care Industry is
Impacted!(some directly, some indirectly)

• MANY who collects or sends administrative and
  financial healthcare data
• MANY who depends on this healthcare data to do
  their work
• MANY who works in a health care setting

18
Part II WHO is Covered by HIPAA?
Presented by Walter G. Suarez, MD, MPH MIDWEST
CENTER FOR HIPAA EDUCATION
19
Key Concepts About HIPAA Who Is a Covered
Entity
20
HIPAA Administrative Simplification Law

• Who is covered
• a healthcare provider (defined as any person who
  furnishes healthcare services or supplies) when
  it chooses to electronically transmit any of the
  covered transactions
• all health plans, including government programs,
  HMOs, indemnity insurers, and employer benefit
  plans
• all healthcare clearinghouses (companies retained
  by plans and providers to help process healthcare
  business transactions)

21
When is a Provider a Covered Entityunder HIPAA?

• A healthcare provider is a covered entity when
• 1) they meet the definition of health care
  provider (someone who furnishes healthcare
  services and seeks payment for it) AND
• 2) they conduct one of the named HIPAA
  administrative transactions (i.e. claim
  submission, claim payment, eligibility,
  coordination of benefits, claim status inquiry,
  referrals) AND
• 3) they are conducting any of these transactions
  electronically with a health plan who is a
  covered entity under HIPAA

22
What is Electronically?

• Electronic modes (include but are not limited
  to)
• Creating a file and submitting it via tapes,
  disks, or data lines
• Using a clearinghouse or billing service to
  transmit data
• Using a web application to conduct transactions
• Using Direct Data Entry applications
• Using Point of Service applications
• Using software tools provided to you

23
What is not Electronically?

• Non-electronic modes
• Mailing a paper form
• Faxing a paper from a dedicated fax machine
• Calling to obtain information

24
What does it mean to be a covered entity?

• For purposes of HIPAA Standard Electronic
  Transactions and Code Sets
• Covered entity must comply with national
  standards when conducting the named transactions
  electronically with a covered health plan
• For purposes of HIPAA Privacy
• Covered entity must protect all individually
  identifiable health information, regardless of
  the method in which the data is maintained or
  transmitted (paper, electronic, oral)

25
Doing only some transactions electronically...

• If you are a provider conducting only a small
  number of one or more of the HIPAA transactions
  electronically with one or more health plans
  (trading partners)
• Provider is not required by HIPAA to conduct all
  transactions with all trading partners
  electronically. Any transaction standardized
  under HIPAA conducted by a provider
  electronically must be done in the HIPAA format.
• BUT, health plans may require, under contractual
  agreements, providers conduct transactions with
  them electronically. However, this is not a
  HIPAA requirement, rather, it is a business
  decision. Contact your payers, clearinghouse, or
  billing service to discuss their HIPAA plans.

26
Electronic Transaction Requirements for Medicare
under ASCA

• The Administrative Simplification Compliance Act
  (ASCA) prohibits HHS from paying Medicare claims
  that are not submitted electronically after
  October 16, 2003, unless the Secretary grants a
  waiver from this requirement
• It further provides that the Secretary must grant
  such a waiver if there is no method available for
  the submission of claims in electronic form or if
  the entity submitting the claim is a small
  provider of services or supplies

27
Electronic Transaction Requirements for Medicare
under ASCA

• Small providers are defined as having fewer than
  25 full time equivalent employees for providers
  of services or fewer than 10 employees for
  physician, practitioners, facility, or supplier
• Most providers already submit to Medicare
  electronically (98 of Part A providers and 85
  of Part B providers)
• HHS will publish proposed regulations to
  implement this new authority. Stay tuned to your
  Medicare Provider Bulletins for more information.

28
Trading Partners

• Who is a trading partner?
• An organization with whom a covered entity
  exchanges information electronically using the
  named transaction standards
• A health plan and a provider are trading partners
• A provider and a clearinghouse are trading
  partners
• Usually a trading partner agreement is
  established between the two entities

29
Business Associates

• Who is a business associate (BA)?
• A business associate is an individual or
  organization that
• Performs, or assists in the performance of, a
  function or activity on behalf of the covered
  entity, involving the use or disclosure of PHI
  (such as claims processing or administration,
  data analysis, utilization review, quality
  assurance, billing, practice management, etc.)
  or
• Provides legal, actuarial accounting consulting,
  data aggregation, management, administrative,
  accreditation, or financial services to or for a
  covered entity
• A covered entity may be a business associate of
  another covered entity
• Clinical/case management services offered by a
  provider to a covered entity requires a BA
  relationship

30
Examples A Medical Clinic Setting

• Medical clinic with 2 physicians
• Has a computer to keep track of patient records
• But does all transactions via paper or phone
  (sending claims, checking eligibility)
• Clinic is not subject to HIPAA

31
Examples A Medical Clinic Setting

• Medical clinic with 10 physicians
• Has a computer system with a practice management
  software (PMS)
• PMS vendor connects at end of day to extract
  claims information and send it electronically to
  payers
• Clinic is subject to HIPAA
• Clinic must work with PMS vendor to ensure that
  the software it uses is capable of generating
  HIPAA compliant transactions

32
Examples A Medical Clinic Setting

• Medical clinic with 20 physicians
• Has a computer to keep track of patient records
  and to fill-in claims information
• Connects to a clearinghouse to submit claims
  electronically to payers
• Clinic is subject to HIPAA
• Clinic must work with the clearinghouse to ensure
  that they will be transmitting the transactions
  using the HIPAA-mandated standards

33
Examples A Nursing Home Setting

• Nursing home uses the Medicare Part A DDE
  system to file/edit claims
• Nursing home is a provider, is conducting a HIPAA
  transaction, and is conducting it electronically
• Nursing home is subject to HIPAA
• The entity providing the DDE service is
  responsible for making the DDE system HIPAA
  compliant. If their DDE system is not compliant
  with HIPAA requirements and you use it, you are
  not in compliance.

34
Examples A Hospital Setting

• Hospital uses a Hospital Information System (HIS)
  to maintain all patient information
• Hospitals contracts with a clearinghouse to send
  transactions electronically
• Hospital is subject to HIPAA
• Hospital needs to make sure that data that is
  provided to clearinghouse is the minimum needed
  to generate the transaction

35
ExamplesConducting Transactions Through Other
Methods

• Checking eligibility using a web application
  offered by a plan
• Using software provided by a plan (i.e.
  Medicaids MN-ITS or Medicare) to conduct any of
  the transactions
• In both instances, the entity providing the
  application is responsible for making the
  application HIPAA compliant
• The entity using the application becomes subject
  to HIPAA

36
CMS Decision Tool

• Still not sure if you are a covered
• entityunder HIPAA?
• Try our Provider Readiness Checklist
• http//www.cms.hhs.gov/hipaa/hipaa2/ReadinessChkLs
  t.pdf
• Or, try our Covered Entity Decision Tool
• http//www.cms.gov/hipaa/hipaa2/support/tools/deci
  sionsupport/default.asp

37
Part III WHAT IS INVOLVED WITH HIPAA
Transactions and Code Sets?
Presented by John Lilleston Verizon Information
Technologies, Inc. SNIP Transactions Testing
Sub-workgroup Co-Chair
38
Why Use Standard Transactions?

• Today there are hundreds of non-standard,
  proprietary formats being exchanged
• There are also dozens of unique implementations
  of NSF, UB92, etc?
• Standard transactions promote interoperability
  between covered entities
• Reduces costs, human interaction, and promotes
  COB models

39
Required Electronic Standards

• Claim or encounter ANSI ASC X12N
• -- Professional 837-P v. 4010
• -- Institutional 837-I v. 4010
• -- Dental 837-D v. 4010
• -- Retail Pharmacy NCPDP Standard
• Claim payment and remittance 835 v. 4010
• Coordination of Benefits 837 v. 4010
• Eligibility Request Response 270/271 v. 4010
• Authoriz./Certific. Req,/Resp. 278 v. 4010
• Claim Status Inquiry Response 276/277 v.
  4010
• Enrollment/Dis-enrollment 834 v. 4010
• Premium Payment 820 v. 4010
• NOTE Final publication of an Addenda is
  expected in the coming
• weeks. The Addenda will make technical changes
  to some of the
• Transaction standards. Once adopted, the
  required version to be

40
HIPAA Implementation Guides

• Official manual on how to implement each
  transaction
• Each transaction has an implementation guide
• Copies available athttp//www.wpc-edi.com

41
HIPAA Implementation Guides

• Define the data format and the data content
  requirements
• Data format defines the structure of the file
• Data content defines the specific data elements
  required
• Three type of data elements
• Required data elements
• Situational data elements
• Not used data elements

42
HIPAA Implementation Guides

• Each payer will develop and make available to
  providers a companion document defining their
  required situational data elements
• Medicare (through its carriers and fiscal
  intermediaries), Medicaid and other payers in the
  market are coming up with their companion
  document
• Available from their web sites

43
Standard Code Sets

• Only standard code sets can be transmitted in
  the mandated transactions
• External Medical Codes Named in the Rules
• ICD-9
• CPT-4
• HCPCS
• NDC (for retail pharmacy transactions
  thisstandard to be addressed in an upcoming
  rule)
• External Non-Medical Codes Named in the
  Implementation Guides
• Adjustment Reason Codes
• Taxonomy Codes
• Implementation Guide Internal Code Sets, etc.
• No local codes will be allowed

44
Real Time vs. Batch Transactions

• Implementation Guides explain the different
  types of processing for the transactions
• Batch Typically grouped together in large
  quantities and processed en-masse. No continued
  connectivity
• Real Time Require an immediate response.
  Submitter remains connected awaiting response

45
Web and Direct Data Entry Transactions

• Trend to web-enable large payer systems for
  transaction submission
• All web and direct data entry systems must at
  least meet the data content portion of the
  respective HIPAA transaction standard

46
Testing for Compliance

• ASCA mandates all covered entities must begin
  testing by 4/16/2003
• Rule does not specifically define testing
• Has been interpreted as internal testing (not
  necessarily with trading partners)

47
Testing Best Practices

• Testing
• WEDI SNIP Defined Testing Types 1-7
• Type 1 Integrity Testing
• Type 2 Requirement Testing
• Type 3 Balancing
• Type 4 Situation Testing
• Type 5 Code Set Testing
• Type 6 Product Types/Lines of Service Testing
• Type 7 Implementation Guide Payer Specific Rules

• Certification
• Verification via a third party tool
• Example You use a translator internally to
  generate X12/NCPDP transactions. Validate your
  transaction with an automated testing tool. List
  of tools and vendors available at SNIP website
  snip_at_wedi.org

WEDI/SNIP White Paper at http//snip.wedi.org/
48
Testing Best Practices

• Business to Business Testing
• Timeframe can be shortened if previous testing
  completed
• Load/Capacity/Volume Testing
• Transmission Integrity
• Field Lengths
• Output
• Security/Privacy

49
Translators

• Provide functionality for you to map your current
  transaction formats to and from HIPAA-compliant
  transactions
• Act as front and back end of your system
• Usually reside in-house
• Vendor supplies tool for you
• All mapping and translation rules written by the
  purchaser
• Normally will validate and verify syntax, format,
  internal code sets
• Implementation guide rules normally incorporated
  into vendor-supplied formats

50
Clearinghouses

• Provide service of transforming proprietary
  transaction formats into HIPAA-compliant formats
  and vice versa
• Perform both translation and routing functions
• Works with customer to develop mapping rules and
  processes
• Normally map to a clearinghouse common format
  then translate to HIPAA-mandated format
• Normally charge a per transaction fee
• If payer mandates use of a specific
  clearinghouse, payer is responsible for fees

51
Clearinghouse as a Business Associates

• A BA is a person or entity who performs a
  function or activity on behalf of a covered
  entity and that, in order to perform such
  function or activity, it need to use or disclose
  Protected Health Information
• E.G A covered healthcare provider uses a
  clearinghouse to submit and receive transactions
  the clearinghouse needs to use and disclose PHI
  in order to perform its functions, then the
  clearinghouse is a business associate of the
  provider
• To determine if a business associate must use a
  standard transaction, you must look at the
  definition of the transaction itself
• See http//aspe.hhs.gov/adminsimp/final/txtfin00.h
  tm (preamble of Electronic Transactions and Code
  Sets Rule. Preamble is plain English discussion
  of the Rule itself)
• See http//aspe.hhs.gov/adminsimp/final/txtfin01.h
  tm (Electronic Transactions and Code Sets Rule
  text)

52
Questions and Discussion
53
Part IV WHEN are the deadlines for compliance
of Standard Transactions and Code Sets?
Presented by Lin Quinkert GovConnect Inc. SNIP
Transactions Workgroup Co-chair
54
HIPAA Timeline

• President Clinton signed the Health Insurance
  Portability and Accountability Act (HIPAA) into
  law August 21, 1996
• Aug 1998 - Department of Health Human Services
  (DHHS) published the first HIPAA Notices of
  Proposed Rule Making (NPRMs) which included the
  NPRM for Standard Electronic Transactions and
  Code Sets (TCS)

55
Timeline to Compliance

• Notice of Proposed
• Rulemaking (NPMR)
• published as final

60 day notification and comment period
Final rule adopted - implementation clock
starts running
24 months later - compliance required
56
Electronic Transactions and Code Sets Rule
Becomes Final

• August 17, 2000 - Electronic Transactions and
  Code Sets (TCS) was published as first final rule
  with mandatory compliance within 24 months, after
  the 2 month notification period for a total of
  26 months
• Which set a compliance deadline of October 16,
  2002
• but

57
Would the Industry Be Ready?
Due to costs, resources and vendors not having
their products ready many in the industry stated
they could NOT be ready by the October 2002
compliance deadline Others strongly felt that 26
months was not enough time for compliance with
the Electronic Transactions and Code Sets Rule
because of the effort it involved

58
An Extension Was Passed
The Administrative Simplification Compliance Act
(ASCA), authorized a one-year extension to Oct.
16, 2003 for those covered entities required to
comply in 2002 if The covered
entity filed a compliance plan with the DHHS by
October 16, 2002 (See WHO Presentation) The
extension only applied to the Electronic
Transactions and Code Sets standards
implementation timeframe

59
Medicare Claims Require Electronic Submission
All claims submitted to Medicare on or after
October 16, 2003, must be in the HIPAA standard
electronic format, unless - There is no method
available for the submission of claims in
electronic form or, - The entity submitting a
claim is a small provider of services or supplier
(definition provided earlier)

60
Enforcement through exclusion from participation
in Medicare
A covered entity who fails to submit a plan and
who is not in compliance with the applicable
requirements on or after October 16, 2002 the
covered entity may be excluded in participation
as a Medicare contractor or provider, at the
discretion of the Secretary of HHS 

61
What If We Didnt File A Plan?

• Complaint-Driven Enforcement Process
• The enforcement process for HIPAA
  transactions and code sets (and for security and
  standard identifiers when those are adopted) will
  be primarily complaint-driven.
• Upon receipt of a complaint, CMS would
  notify the provider of the complaint, and the
  provider would have the opportunity to
  demonstrate compliance, or to submit a corrective
  action plan.
• If the provider does neither, CMS will have
  the discretion to impose penalties.
• Covered entity that did not submit an
  extension request and are not in compliance with
  the Electronic Transactions and Code Sets
  requirements, should come into compliance as soon
  as possible, and should be prepared to submit a
  corrective action plan in the event a complaint
  is filed against them
• Penalties will only be filed as a last resort

62
Future NPRMS or Final Rules

• 2nd NPRM Transactions Code Sets
  05/31/2002
• Proposes modifications which are a result of the
  DSMO process to maintain standards and process
  requests for adoption or modifying adopted
  standards
• Proposes to repeal the adoption of the National
  Drug Code (NDC) as the standard medical data code
  set for reporting drugs and biologics in all
  standard transactions except for retail pharmacy
• Final Rule expected shortly
• Sign up for free list serve to know when new
  HIPAA Rules are published
• http//www.cms.hhs.gov/hipaa/hipaa2/regulations/ls
  notify.asp
• Final Employer Identifier (EIN)
  05/31/2002
• This final rule establishes the IRS Employer
  Identification Number (EIN) as the standard
  unique employer identifier and the requirements
  concerning its use (generally a 9 digit
  identifier assigned by the IRS to employers)

63
Coming Attractions

• We know to expect more standards to be issued,
  such as
• Claims Attachment
• First Report of Injury
• Others

64
Maintenance of the Standards
HHS recognized the need for the ongoing
maintenance of the HIPAA transaction standards,
especially the need for the industry to collect,
review and recommend changes to the standards
The final regulation for Electronic
Transactions and Code Sets established a set of
organizations called Designated Standards
Maintenance Organizations (DSMOs) to receive and
process requests for modifications to standards
or for adopting new standards
65
DSMO Formed
At a NCVHS Security and Standards Subcommittee
meeting on March 31, 2000, these six
organizations signed a Memorandum of
Understanding (MOU) agreeing to a national
process to manage the maintenance of HIPAA
standards They agreed to work cooperatively to
accept requests through a public web site, review
these requests, and develop a joint
recommendation to the NCVHS as to whether or not
these requested changes should be made to the
standards This process in now in full operation
66
Who are the DSMOs?

• The final regulation had an accompanying notice
  which named the following organizations as DSMOs
• - Accredited Standards Committee X12 (ASC X12)
• - Dental Content Committee of the American
  Dental Association (CDT)
• - Health Level Seven (HL7)
• - National Council for Prescription Drug
  Programs (NCPDP)
• - National Uniform Billing Committee (NUBC)
• - National Uniform Claim Committee (NUCC)

67
Process for Modification of Existing
Standards and Adoption of New Standards
The Secretary considers a recommendation for a
proposed modification to an existing standard, or
a proposed new standard, only if the
recommendation is developed through a process
that provides for the following (1) Open public
access (2) Coordination with other DSMOs (3) An
appeals process for each of the following, if
dissatisfied with the decision on the request
(i) The requestor of the proposed
modification (ii) A DSMO that participated
in the review and analysis of the request
for the proposed modification, or the
proposed new standard (4) Expedited process to
address content needs identified within the
industry, if appropriate (5) Submission of the
recommendation to the National Committee on Vital
and Health Statistics (NCVHS)
68
Benefits of the DSMOs

• The DSMO process has numerous and obvious
  benefits
• - It represents an industry effort to keep the
  standards current
• - It allows full public input and gives the
  parties most affected by these change requests
  the opportunity to review and respond to them
• - It also brings together several disparate
  constituencies working together in this process

69
Get in the swim of things !
DSMOs
SNIP
OCR
Addenda
Implementation Guides
NPRM
WEDI
CMS
ASCA
70
Questions and Discussion
71
Part V WHERE are the impacts of HIPAA
Transactions and Code Sets?
Presented by John Lilleston Verizon Information
Technologies, Inc. SNIP Transactions Testing
Sub-workgroup Co-Chair
72
Points of Impact

• Perform analysis
• Review existing workflows per transaction
• Can this be improved/automated?
• Can information returned be better
  utilized/automated?
• Do you use non-standard codes in these processes?
  Can you incorporate standard codes or do you
  need to crosswalk?
• Is there value in implementing HIPAA transactions
  which you dont currently conduct electronically?
• Is there value in implementing transactions not
  currently required by HIPAA?
• Incorporate Privacy/Security provisions into
  processes

73
Business Processes

• HIPAA Transactions Aid in Streamlining Business
  Processes
• 270/271
• Rosters
• Internal Databases of Eligibility Information
• 276/277 Unsolicited 277s for pended claims
• 278 Time/money savings due to lack of human
  intervention?
• 835 Post to accounts receivable systems, NCPDP
  claim payments on 835s
• 837 COB model

74
System Changes

• Does your vendor plan on making your current
  practice management systems HIPAA compliant by
  the mandated deadlines?
• If not, can a clearinghouse/translator solution
  solve your Transaction/Code Set issues?
• Do you have a need to crosswalk standard code
  sets to ones used by your internal systems?
• Do you plan on internalizing standard code sets?
• What information on received transactions could
  be posted electronically to these systems?

75
Policy Changes

• Internal Changes
• One of the goals of HIPAA is to realize cost
  savings and streamline processes. How can you
  take advantage of this? Example
• Eligibility Verification
• Check each time
• Build internal database
• Real time versus batch mode (daily appointment
  schedule or as patients arrive?)

76
Policy Changes

• External Changes
• Most providers submit to more than one payer
• Payers may have individual companion guides
• Syntax, format of transactions remain the same
• Field values required for completion of
  transaction may vary
• Especially true until National Identifiers are
  implemented

77
Policy Changes

• Trading Partner Agreements
• Define exactly how two entities who exchange
  transactions will do business
• Communication methods
• Submitter/Receiver Ids
• Delimiters
• Frequency
• Turnaround Expectations
• What transactions will be exchanged?
• What X12N version will be utilized (for future
  use)?

78
Vendor Risk

• Track Vendor Progress
• Ask to review project plan
• Hold regularly planned status meetings
• Ensures they are meeting plan deadlines/milestones
  
• Decide upon change management process prior to
  start of plan
• Stay informed of action items to get back on
  track with plan
• Ask about vendor remediation approach/methodology

79
Vendor Risk

• Vendor Testing Approach
• Are they testing at all WEDI SNIP recommended
  types?
• If not, when will these types be covered?
• Are they certifying the transactions
  received/generated from the software?
• If so, what tools are they using?
• Should you use same/different tools?
• Agree to a process prior to testing if
  differences of opinion arise

80
Vendor Risks

• Vendor Testing Approach
• ASCA mandates covered entities test
• How can vendor assist you with your testing?
• Ask to review their test plans/cases
• Build your own test plans/cases
• Emphasize vendors weak/missed items
• How does vendor handle error transactions, 997
  acknowledgements (997 acknowledgement transaction
  is not required by HIPAA)?

81
Questions and Discussion
82
Part VI HOW to implement HIPAA Transactions and
Code Sets
Presented by Walter G. Suarez, MD, MPH MIDWEST
CENTER FOR HIPAA EDUCATION
83
Implementation of HIPAA Transactions by Small
Providers

• Claim Submission
• Those done electronically must use HIPAA
  transaction standards
• Paper forms will continue to exist
• UB92 ? UB02 (by 2004)
• CMS-1500 Form (formerly HCFA1500) to be continued
  unchanged

84
Implementation of HIPAA Transactions by Small
Providers

• Claim Payment
• Paper claim payment (check) and paper EOB will
  continue to be supported by some plans
• Electronic Remittance Advice/EOB must meet
  national transaction standard (835)
• Most payers web applications will allow
  web-based access to EOB information
• Eligibility, Referrals, Claim Status
• Paper transactions for all three processes will
  continue to be supported by paper, fax, phone by
  most payers
• The three transactions are very well-suited for
  web-based applications
• Most payers applications will support both
  interactive and batch submission/response on
  their web-based systems

85
Implementation of HIPAA Transactions by Small
Providers

• Changes on Payer Systems
• Major changes in all payers direct data entry
  system as they need to become HIPAA compliant
• Data content (data elements) on the entry system
  must meet the data content portion of the
  national electronic standard
• Systems will also need to be capable of receiving
  data transfers (directly or through a
  clearinghouse) from providers
• If provider chooses to send data electronically,
  they must use the national standard format and
  content (can be done directly or through a
  clearinghouse)

86
Medicare

• Major changes on their current direct data entry
  system
• Applied for HIPAA Compliance Extension
• Free/low cost HIPAA-compliant software available
  from carriers and Fiscal Intermediaries for
  providers to submit Medicare claims
  electronically
• Trading partner agreement coming up
• Companion document establishing Medicare-required
  situational data elements
• Check following Medicare web sites
• Provider software information athttp//www.cms.g
  ov/providers/edi
• Provider HIPAA Readiness Checklist at
  http//www.cms.gov/hipaa/hipaa2/ReadinessChkLst.pd
  f

87
Private Payers

• Most local payers applied for HIPAA Electronic
  Transactions Compliance Extension
• Most private payers are updating their web sites
  to allow interactive transactions (similar to
  Medicaid)
• Payers are also developing their companion
  documents to define their specific requirements
  for the situational data elements
• Payers will also make their trading partner
  agreements available to providers

88
Implementation of HIPAA Transactions by Small
Providers
Implementing Transactions via a Clearinghouse
Hospital A
Health Plan B
Claim Data (any Format)
Claim Data (Any Format)
Claim Data ANSI 837 Req.
Claim Payment (any Format)
Claim Payment (Any Format)
Claim Payment ANSI 835 Req.
Contract b/w Hosp A Ch X
Contract b/w HP B Ch Y
Clearinghouse X
Clearinghouse Y
89
Implementation of HIPAA Transactions by Small
Providers
Direct Exchange Between Providers and Health Plans
Health Plan
Claim - ANSI 837 Req.
RTF - A
Claim Payment - ANSI 835 Req.
Claim Data (Any Format)
Claim - ANSI 837 Req.
Claim Payment (Any Format)
RTF - B
Claim Payment ANSI 835 Req.
Health Plans Clearinghouse
90
Top Questions to Ask Your Clearinghouse

• Will they be certified by a third-party vendor?
• When will they be able to test HIPAA-compliant
  transactions?
• When will they be capable of conducting
  production-level HIPAA-compliant transactions?
• When will they support the required code sets?
• Will you be able to continue processing claims in
  existing electronic formats while the testing of
  new formats is being done?
• What telecommunication methods can you use to
  access the clearinghouse (direct dial, dedicated
  connections, internet, others)
• What security system changes need to be done to
  the systems (final security rules to be published
  in the coming weeks)
• What are the clearinghouses contingency plans if
  it cannot deliver the necessary modifications on
  time?

91
Top Questions to Ask Your Software Vendor

• What software updates will be needed to become
  HIPAA compliant?
• When will the software updates be available?
• Has the software received third-party
  certification that it can generate HIPAA
  compliant transactions?
• Has the software data base been modified to allow
  entry and storage of all required and situational
  data elements used to build the HIPAA
  transactions?
• Will the software let the practice exchange these
  transactions directly with payers, or do they
  have to go through a specific intermediary (a
  clearinghouse)?
• How will the software accommodate the anticipated
  National Provider Identifier and the National
  Payer Identifiers (rules to be published later
  this year)?
• What are the vendors contingency plans if it
  cannot deliver the necessary modifications on
  time?

92
Phases of HIPAA ImplementationGap Analysis
93
Phases of HIPAA ImplementationGap Analysis
94
EDI Gap Analysis

• Purpose
• To identify deficiencies or gaps in processes and
  data
• To compare the data you already have available
  electronically in your systems with the data that
  is required in the HIPAA transactions

95
Core Transaction Gap Analysis Steps

• Step 1 Assessment of Transactions
• Step 2 Assessment of Data Format
• Step 3 Assessment of Data Content
• Step 4 Assessment of Data Sources
• Step 5 Assessment of Data Systems
• Step 6 Assessment of Trading Partners

96
Transaction Gap Analysis Step1

• Step 1 Assessment of Transactions
• Which HIPAA transactions are you currently doing?
• With which trading partners?
• What are the transaction volumes?

97
HIPAA Electronic Transaction Assessment Matrix
Claim Claim Elig Referral Claim
COB Subm Paym
Status
- Format - Content - Volume
Medicare Medicaid BCBS Payer X Payer Y
98
Transaction Gap Analysis Steps 2 and 3

• Step 2 Assessment of Data Format
• What formats are you using to send transactions?
• Step 3 Assessment of Data Content
• What data elements are you missing from the
  standard?
• What sources of data can you use to fill gap?
• What is your interpretation of situational data
  elements?

99
Transaction Gap Analysis Steps 4 and 5

• Step 4 Assessment of Data Sources
• What data systems feed the transactions?
• What would be the sources of the new data needed
  to fill any data gaps?
• Step 5 Assessment of Data Systems
• Will hardware/software applications be ready to
  comply with HIPAA requirements?
• Will system modifications be offered?

100
Transaction Gap Analysis Step 6

• Step 6 Assessment of Trading Partners
• Who are you doing what with, and how
• Survey your trading partners to understand their
  HIPAA compliance plans
• Discuss their interpretation of situational
  elements
• Review trading partner agreements with legal
  counsel

101
Transaction Gap Analysis Outcomes

• Priority transactions
• Priority trading partners
• Data format gaps
• Steps for redefining data formats
• Data Content gaps
• Existing/new sources for filling data gaps

102
Phases of HIPAA Implementation Transaction
Sequencing and System Change Development
103
Importance of Transaction Sequencing

• Big-bang approach is not feasible
• Each transaction requires its own internal
  planning, development and deployment
• Multiple transactions require a well planned
  schedule for planning and implementation
• Multiple trading partners require significant
  coordination

104
Transaction Sequencing Timetable(Your Timetable)
Phases Group 1 Group 2 Group 3 Group 4
Group 5 Group 6
- 270 - 271
- 834
- 278
- 820
- 276 - 277
- 837 - 835
Transaction Internal Development. Beta Testing
System Readiness Full System Deployment .
10/16/2003 10/16/2003 10/16/2003 10/16/2003
10/16/2003 10/16/2003
105
Importance of Transaction Sequencing

• Big-bang approach is not feasible
• Each transaction requires its own internal
  planning, development and deployment
• Multiple transactions require a well planned
  schedule for planning and implementation
• Multiple trading partners require significant
  coordination

106
Transaction Sequencing Timetable(Your Timetable)
Phases Group 1 Group 2 Group 3 Group 4
Group 5 Group 6
- 270 - 271
- 834
- 278
- 820
- 276 - 277
- 837 - 835
Transaction Internal Development. Beta Testing
System Readiness Full System Deployment .
10/16/2003 10/16/2003 10/16/2003 10/16/2003
10/16/2003 10/16/2003
107
Phases of HIPAA Implementation Compliance
Testing
108
Compliance Testing Purpose

• To ensure that the submission of HIPAA
  transactions from one trading partner to another
  meets the data format and content requirements

109
Compliance Testing From Testing to
Certification

• Testing
• Internal testing (confidential)
• Against neutral testing organization
• External preliminary testing
• With 1-2 selected trading partners
• Start testing as early as possible
• Certification
• Done through industry-known third-party
  organizations
• To confirmation that your transactions meet HIPAA
  requirements
• 80-20 rule allows you to meet the core HIPAA
  requirements
• Still need to testing separately for each trading
  partners companion document

110
Compliance Testing Types of Testing

• Level 1 - EDI Syntax Integrity
• Valid segments, order, elements
• Level 2 - HIPAA Syntactical Requirements
• HIPAA Implementation guide-specifics
• Repeat counts, used/not-used codes, required
  elements and segments, non-medical codes
• Level 3 - Balancing
• Balanced field totals/records/segment counts
• Financial balancing of remittance advice
• Balancing of summary fields

111
Compliance Testing Types of Testing

• Level 4 - Situation testing
• Specific inter-segment situations as specified in
  HIPAA guides (if A occurs then B must be
  reported)
• Also validation of situational fields given
  values or situations present elsewhere (if claim
  is for accident - report accident date)
• Level 5 - External code set testing
• Valid HIPAA implementation guide-specific code
  set values (include appropriate use)
• Level 6 - Product types/type of service
• Specialized testing required by certain
  organizations (i.e. ambulance, chiropractor, home
  health, etc)
• Level 7 - Trading Partner Testing (NEW)
• Medicare
• Medicaid
• Indian Health Services

112
Compliance Testing Value of Cross-Certification

• Coordination across payers, providers and vendors
• Consistency in the use/results of testing
• Cost-benefit for all parties
• List of certification systems available (see
  attached)

113
Trading Partner Agreements
114
Trading Partner Agreements Key Issues

• Are trading partner agreements required?
• Can trading partner agreement be standardized?
• What should be included in a trading partner
  agreement?

115
Trading Partner Agreements Key Issues

• Definition of a trading partner agreement
• an agreement related to the exchange of
  information in electronic transactions, whether
  the agreement is distinct or part of a larger
  agreement, between each party to the agreement
  (For example, a trading partner agreement may
  specify among other things, the duties and
  responsibilities of each party to the agreement
  in conducting a standard transaction.)

116
Trading Partner Agreements Key Issues

• Are trading partner agreements required?
• Not per-se a requirement under the final
  transaction/code set rules but strongly
  recommended between any two entities that enter
  into direct exchange of electronic health
  information
• Can trading partner agreement be standardized?
• Yes
• Most general areas and topics covered by the
  agreement
• Some general text and language used in the
  agreement

117
Trading Partner Agreements Key Issues

• What should be included in a trading partner
  agreement?
• Communications details for establishing
  connectivity
• Testing requirements before production system in
  place
• Financial arrangements including which partner is
  responsible for what costs (telecomm, transaction
  fees)
• Interpretation of the HIPAA guides (required and
  situational elements)
• Functions that are optional according to HIPAA
  rules
• Security requirements and agreements
• Data clarification that supplements guides should
  be placed in separate addendum

118
Trading Partner Agreements Key Issues

• A trading partner agreement cannot
• Change definition, data condition, or use of a
  data element or segment
• Add any data elements or segments to the maximum
  data set defined
• Use any code or data element that either are
  marked as not used or are not in the standards
  implementation guide
• Change the meaning or intent of the transaction
  standards or their implementation guides

119
Trading Partner Agreements Key Issues

• Trading partner agreements and Companion Guides
• A trading partner agreement generally delineates
  relative responsibilities including the cost and
  expected response times for transactions.
• A companion guide document is not defined in the
  regulations. The companion guide identifies the
  specific interpretations that a health plan gives
  to certain situational data elements.
• The two documents can be combined in one
• The companion guide is generally quite detailed
  and expands upon the implementation guides.
• Note that in no case may either document
  contradict the transaction standard or its
  implementation guide.

120
Questions and Discussion