April 2002 Bulletin

HIPAA compliance pushed back

Physician practices must file compliance plans by Oct. 16, 2002

By Jay Fisher, JD

On December 27th of last year President Bush signed into law H.R. 3323 which delays the date that physicians, large health plans, and health care clearinghouses must comply with the rule promulgated under the Health Insurance Portability and Accountability Act (HIPAA) on standardized transactions and code sets. The original compliance deadline of October 16, 2002 has been pushed back one year to October 16, 2003.

The bill, sponsored by Rep. David Hobson (R-OH) passed unanimously in the House of Representatives and by unanimous consent in the Senate. The AAOS Washington office and other provider groups successfully worked to amend the bill before its passage in the House to eliminate some onerous provisions.

Compliance plan

Physician practices that are not in compliance with the rule by October 16, 2002 must file with the Secretary of the United States Department of Health and Human Services (HHS) a plan detailing how they will become compliant by October 16, 2003.

The submitted plan must include:

  1. an analysis of why the provider is not in compliance;
  2. a budget, schedule, work plan, and implementation strategy for achieving compliance;
  3. whether the provider plans to use or might use a vendor to achieve compliance; and
  4. a timeframe for testing that begins no later than April 16, 2003.

By March 31, 2002 the Secretary of HHS must promulgate a model form for physicians to use in submitting their compliance plans. Physicians that are not in compliance by October 16, 2002 and fail to file the required plan of compliance by that date may be excluded from participating in the Medicare program.

According to the House Ways and Means Committee legislative history, HHS is not required to approve the plans for entities to qualify for the extended compliance date; the act of submission is sufficient. HHS must publicly disseminate effective solutions to compliance identified within the provider plans submitted to HHS.

The passage of H.R. 3323 did not affect the deadline of April 14, 2003 for physicians, large health plans and health care clearinghouses to comply with the separate privacy rule promulgated under HIPAA.

Electronic transactions

The Administrative Simplification Section of HIPAA required HHS to promulgate a rule requiring standardized electronic interchange of health care transactions. The rationale behind the requirement is that by standardizing the format and content of data interchange and requiring both parties to a transaction to communicate electronically it would result in cost savings by making the health care system more efficient.

The use of standardized national codes under the rule, such as CPT-4, will eliminate the need for physician practices to keep tabs on various local codes, such as for state Medicaid claims. Also, with electronic claims submissions and payment remissions the government believes that health plans will pay providers more quickly thereby improving providers’ cash flow.

Health care transactions covered under the rule include:

  1. Health care claims or equivalent encounter information
  2. Health care payment and remittance advice
  3. Coordination of benefits
  4. Health care claim status
  5. Enrollment and disenrollment in a health plan
  6. Eligibility for a health plan
  7. Health plan premium payments, and
  8. Referral certification and authorization.

The rule basically requires health care providers intending to conduct any of the above transactions electronically to utilize the required code sets and formats.

The final transactions rule does not require that providers eliminate the use of paper forms, only that when they do transmit forms electronically that the submission complies with the standardized code sets and formats.

In responding to a Comment on the proposed rule HHS noted that "a health care provider may send an electronic health care claim or equivalent encounter information standard transaction for Patient A to health plan Z, and may send a paper claim for Patient B to health plan Z. A health care provider may also send an electronic health care claim or equivalent encounter information standard transaction to health plan S and then send paper claims to health plan T."

The health care provider can utilize a third party, such as a clearinghouse, to submit and receive covered transactions as long as the provider requires that the third party and all its agents and subcontractors comply with the requirements of the rule.

HHS has adopted the following as standard medical data code sets: International Classification of Diseases-9 (ICD-9), National Drug Codes (NDC), and the combination of Health Care Financing Administration Common Procedure Coding System (HCPCS) and Current Procedural Terminology, Fourth Edition (CPT-4).

After the effective date, violations of the rule involving one transaction standard can lead to penalties of up to $25,000 per year.

Upgrading computer capabilities

The action by Congress and President Bush provides a little leeway for physician practices to come into full compliance with the transactions and code sets rule under HIPAA. Physicians will need to talk with their computer vendors to assess the current capability of their computer system to send and receive transactions in accordance with the new standards. If upgrades cannot be accomplished by October 16th then physicians must file a compliance plan with HHS.

Electronic data interchange promises increased administrative efficiency, but this efficiency will most likely only arrive after increased expenses for computer upgrades and increased administrative headaches as the ever-present bugs in the system, both internally and system-wide, are worked out.


Home Previous Page