1 / 69


ADMINISTRATIVE SIMPLIFICATION. Concept Covered Entities Transactions Privacy Security Implementation. Inevitable Transformation. Today health data is keyed into a computer, printed, mailed or transmitted, re-keyed into another computer…

Download Presentation


An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. ADMINISTRATIVE SIMPLIFICATION Concept Covered Entities Transactions Privacy Security Implementation

  2. Inevitable Transformation... • Today health data is keyed into a computer, printed, mailed or transmitted, re-keyed into another computer… • The constant demand for more information in less time is pushing health care systems toward electronic data interchange, the computer-to-computer exchange of information in a standard format • Institutions pursue electronic data interchange internally, but encounter barriers to sharing data externally, among institutions

  3. Barriers to Transformation • Lack of data standards—no single entity has the market power to move the health care industry toward a common electronic standard • Legal ambiguity—antiquated state licensing laws make computerized medical records technically illegal in 12 states and legally ambiguous in 16 others • Privacy concerns—health information is “private” today not because it is secure but because it is difficult to access—and making it more accessible makes it less secure

  4. Standards Leverage Transformation • Money as a standard replaced barter • East and West coast railroads needed a standard gauge to meet at Promontory Point • Appliances and motors were custom made before electrical current was standardized • Electronic transaction standards have been the norm in banking for two decades • Our century’s great innovation—the Internet—is a web of connection standards

  5. Congress Acts • The Health Care Modernization and Security Act of 1993 (or “Data Bill”) • Sponsored by Sens. Kit Bond (R-MO) and Joseph Lieberman (D-CT) and Reps. Dave Hobson (R-OH) and Tom Sawyer (D-OH) • Congress established a process to adopt standards for health information and required health plans to use the standards and transmit data electronically

  6. Guiding Themes • National Policy Framework—the barriers to modernizing health information systems are national in scope, and require national solutions • Technology Neutral—encourage continued innovation and intentionally avoid “locking in” a technology today that could be useless tomorrow • Private/public partnership—build on the extensive use of electronic data interchange in the private sector by adopting standards “already in use and generally accepted”

  7. Broad Support The Working Group for Healthcare Administrative Simplification American Association of Retired People, American College of Physicians, American Hospital Association, American Association of Medical Colleges, American Health Information Management Association, American National Standards Institute, American Academy of Pediatrics, Ameritech, Association for Electronic Healthcare Transactions, Bellcore, Blue Cross/Blue Shield Association, CCH Inc, Center for Health Care Information Management, CIS Technologies, COB Clearinghouse, Digital Equipment, Dun & Bradstreet, Electronic Data Systems, ERIC, Federation of American Health Systems, First Health, Fleishman-Hillard Inc, Health Industry Manufacturers Association, Health Care Financial Management Association, Hewlett-Packard, Health Insurance Association of America, IBM, Information Industry Association, ITAA, JCAHO, MetPath, Mutual of Omaha, National Association of Medical Equipment Suppliers, National Association of Chain Drug Stores, National Electronic Information Corporation, Orkand Corporation, PCS Health Systems, Podesta Associates, Prudential, Public Health Foundation, Rossman Health Industry Consulting, SAIC, SmithKline Beecham, Society of Professional Benefits Administrators, Travelers, Davidson Colling Group, UNISYS

  8. President Clinton’s Health Security Act • Comprehensive health care reform dominated the national political agenda in 1992 • “Increasing access” vs. “decreasing costs” • Administrative simplification contributes to both • “Local storage” vs. “central storage” • The Clinton Administration’s emphasis on research triggered a debate about how and who could use sensitive patient data and overwhelmed the effort to harmonize data standards

  9. Medicare Reform • Balancing the federal budget dominated the national political agenda in 1994 • Medicare was estimated to be bankrupt in four years • Administrative simplification was refocused on eliminating Medicare fraud and catching the Medicare “secondary payer” problem up front, rather than recovering dollars after-the-fact • Rolled back the scope to financial (not clinical) data

  10. Health Insurance Portability and Accountability Act of 1996 (HIPAA) • Administrative simplification reached its maturity along with incremental health insurance reform • Bipartisan throughout two bitterly partisan debates • Broad-based, private-sector support • Enacted 421 to 2 in the House, 98 to 2 in the Senate, and signed by President Clinton on August 21, 1996 • The basic framework enacted by Congress passed to the U.S. Department of Health and Human Services for rulemaking and implementation

  11. HIPAA’s Three Purposes • Health Insurance Portability—improve the portability and continuity of health insurance coverage for groups and individuals • Accountability—combat waste, fraud, and abuse in health insurance and health care delivery • Administrative Simplification—simplify health care billing by adopting standards that allow health plans to transmit data electronically

  12. HIPAA Administrative Simplification • Transactions—adopt financial and administrative data standards and require health plans to use those standards to exchange information electronically • Privacy—adopt standards for individually-identifiable health information that address the rights of individuals, procedures to exercise those rights, and uses and disclosures of information that are authorized or required • Security—adopt standards to protect the confidentiality of health information, prevent threats or hazards to the security or integrity of the information, and prevent unauthorized uses or disclosures

  13. Opportunities to Decrease Costs… • Enable the use of the Internet instead of expensive, private networks • Develop less costly “off-the-shelf” management information systems solutions • Reduce unnecessary paperwork—estimated to add at least ten cents on every health care dollar • Increase the speed and accuracy of transactions with other entities (faster third party collections, etc) • Expose fraud in ways that are impossible under the current, confusing, disjointed paperwork system

  14. Opportunities to Increase Quality… • Strengthen privacy and confidentiality associated with personal health information • Aggregate and compare data (non-standard code sets make this difficult to do today) • Provide the data consumers need to compare the value of insurance plans and health services • Forge stronger cooperative relationships with providers (“We’re all in this together”) • Upgrade existing but outdated technology

  15. Business Transformation • Administrative Simplification is a business challenge—not just a technical problem, like Y2K • Existing technology is applied to improve business practices—something most industries do already • People, paper, and postage are replaced with electronic communications to reduce costs and improve services • Health care organizations will either choose to treat administrative simplification as a conformance nuisance or use it as their catalyst to e-business

  16. Business Transformation

  17. ADMINISTRATIVE SIMPLIFICATION Concept Covered Entities Transactions Privacy Security Implementation

  18. Covered Entities • Health Plans—an individual or group plan that provides or pays the cost of medical care • Health Care Clearinghouses—an entity that processes or facilitates processing of information received from another entity • Health Care Providers—any provider of medical or other health services, and any other person furnishing health care services or supplies

  19. ERISA defined group health plan Health insurance issuer HMO Medicare Medicaid Medicare supplement Long-term care policy VA health care system Employee welfare benefit plan Health plan for active military CHAMPUS Indian Health Services Federal Employees Health Benefit Plan Or any combination Examples of Health Plans

  20. Health Plan Exclusions • Workers’ Compensation programs • Correctional Institutions • Disability insurance programs • Automobile insurance carriers • Property and casualty insurers • Nursing home fixed-indemnity policies

  21. Health Care Clearinghouse • A Public or private entity that • Receives a non-standard transaction from another entity and processes or facilitates the processing of health information into a standard format or standard data content or • Receives a standard transaction from another entity and processes or facilities the processing of health information into a non-standard format or non-standard data content

  22. Health Care Provider • Any person or organization who furnishes, bills, or is paid for health care in the normal course of business • Health care is defined as care, services or supplies related to the health of an individual, including: • Preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care • Counseling, service, assessment, or procedure with respect to physical or mental condition or functional status • Sale or dispensing of a drug, device, equipment or other item in accordance with a prescription

  23. Hybrid Covered Entities • Determine if “covered entity” functions are performed within a department or program (evaluate each area separately according to their respective functions) • If the component that provides the services is itself not a separate entity, then the entity to which it belongs is a “hybrid entity” • HIPAA rules apply to the component that performs the covered function and requires a “wall” between the covered functions and the rest of the entity • For example, the Ohio Department of Health runs a hemophilia program as a provider and a Black Lung clinic program as a health plan

  24. Business Associates • A person or entity to whom a covered entity discloses protected health information to perform a function on behalf of or to provide services to a covered entity • Includes lawyers, accountants, consultants, and accrediting agencies • Must have a contract obligating them to safeguard protected health information

  25. Business Associate Contracts • Must establish the permitted and required uses and disclosures of protected health information by the business associate and may not authorize further disclosure in violation of the regulations • If the covered entity knows of a practice or pattern of activity that constitutes a material breach of the business associate’s obligations under the contract, the covered entity must take reasonable steps to ensure cure of the breach or terminate the contract or report the problem to the Secretary

  26. Business Associate Obligations • Must not use or disclose protected health information in violation of the law or contract • Implement safeguards against improper use or disclosure • Ensure that any agents or subcontractors agree to fulfill contractual and legal obligations • Afford individual access to records; make available records for amendment by the individual; account to the individual for use or disclosure other than for payment, treatment, or operations • At termination of the contract, return or destroy protected health information

  27. ADMINISTRATIVE SIMPLIFICATION Concept Covered Entities Transactions Privacy Security Implementation

  28. Transaction Standards Enable Electronic Data Interchange • Health care electronic data interchange is commonly used and generally accepted—HHS estimates that at least 400 formats are used in the United States for health care claims processing • However, the lack of a standard format makes it difficult for vendors to develop software, inhibits potential efficiencies, and increases costs for health care providers and health plans • In order to perform electronic data interchange using a common interchange and data structure a widely adopted use of standards is required.

  29. Adopting Transaction Standards • HIPAA requires HHS to adopt standards for health care transactions that are: • Consistent with reducing the administrative costs of providing and paying for health care • Already “in use and generally accepted” • Developed or modified by a private sector standard development organization like the American National Standards Setting Institute • All of the current code sets have been developed by a private sector standard development organization

  30. Required Transaction Standards American National Standards Institute (ANSI) Accredited Standards Committee (ASC) Insurance Subcommittee (X12N) • Health care claim or encounter (837) • Health care claim payment and remittance (835) • Health care claim status inquiry/response (276, 277) • Health care eligibility inquiry/response (270/271) • Benefit enrollment and maintenance (834) • Referral certification and authorization (278) • Payment order and remittance (820)

  31. Required Code Sets • Diseases, injuries, impairments, and other health related problems • Prevention, diagnosis, treatment, management • Drugs and biologicals • Dental Services • Physician services, physical and occupational therapy services, radiological procedures, clinical laboratory tests, other medical diagnostic procedures, hearing and vision services, transportation services including ambulance

  32. Local Codes • HCFA Common Procedural Coding System (HCPCS) identifies health care procedures, equipment and supplies for billing purposes • Level I: AMA-owned physician CPT codes • Level II: CMS-maintained “other” • Level III: State Medicaid program local codes • Today states rely heavily on local codes • Local codes are scheduled to be eliminated (or rolled into level II) effective October 2002

  33. Migrating Local Codes • State programs forced to “crosswalk” local codes into a limited number of level II codes • Particularly challenging for waiver programs • National work underway to identify current or modified level III codes for addition to the level II code set • From over 30,000 to approximately 2000 of which about 100-200 are waiver codes

  34. Local Code Policy • Standardization of local codes may impair the payer’s ability to customize policies • Coding decisions shape coverage and reimbursement policies • A payer cannot cover a service for which a code does not exist • Congress did not intend to dictate health care policy or limit state policy discretion

  35. Implementation Strategies • Organization-wide general education and awareness • Risk assessment and gap analysis • Complete a cost/benefit analysis, strategic plan, and select tools • Update policies and procedures, and install tools and applications • Complete testing and audits and verify third-party compliance

  36. Transaction Compliance • Final transaction rule in effect August 2000 (HHS guidance published May 2001) • Most covered entities are required to comply by October 2002 (October 2003 for “small” health plans) • Covered entities may comply directly or use a health care clearinghouse • Penalties for non-compliance are $100 per incident up to $25,000 per standard per year

  37. System Readiness • Current timeframe to comply with transaction standards is unrealistic • Great confusion among providers • Could lead to the election of paper claims and overwhelm state payment systems—which today are 85 percent electronic • Paper claims cost more, take longer, and intensify provider frustration

  38. Staggered Release of Final Rules • Staggered effective dates make it difficult to plan • The transaction and code set rule is final but most individual code sets have not been determined • The compliance clock is ticking—but covered entities don’t have the information they need to implement • Covered entities will be required to move protected health information electronically beginning October 2002—six months ahead of new privacy standards and at least one year ahead of security standards

  39. ADMINISTRATIVE SIMPLIFICATION Concept Covered Entities Transactions Privacy Security Implementation

  40. Electronic Transactions Require Additional Privacy Protection • “Privacy” defines what information to protect • As the ease of exchanging individually-identifiable health information increases, there is a corresponding need to increase privacy protection • The new federal privacy rule provides a national standard “floor” to address the fundamental privacy rights of individuals

  41. No Change in Existing Federal Law • Privacy Act • Substance Abuse laws and regulations • Fraud and abuse prevention requirements • Medicare Act for dual eligibles • Medicaid beneficiary privacy protections • Section 1902(a)(7) of the Social Security Act • Regulations at 42 CFR 431.300 • 35 years of guidance and practice

  42. State Privacy Law Preempted • In general “contrary” State privacy laws are preempted by the new federal privacy rules • State law prevails if the HHS Secretary determines it is necessary for public health or State regulatory reporting • State law prevails if it is contrary to and more stringent than the HIPAA privacy rule

  43. Examples of More Stringent State Laws • Further limit the use or disclosure of protected health information • Provide individuals with greater rights of access or more information about their rights • Enhance protections afforded by an authorization • Impose greater record keeping requirements • Otherwise enhance privacy protection

  44. Protected Health Information • Individually Identifiable Health Information that • Relates to the past, present, or future • Physical or mental health or condition of an individual; • Provision of health care to the individual; • Payment for the provision of health care to an individual • Regardless of form • Excluding certain student records

  45. Consent and Authorization • In general a covered entity may use or disclose protected health information only • With the consent of the individual for treatment, payment, or health care operations • With the authorization of the individual for all other uses or disclosures • As permitted under the rule for certain public policy purposes

  46. No Consent or Authorization Required • Public health disclosures • FDA requirements • Work related injuries • Reports of abuse or neglect • Upon reasonable inference by a health care provider that the individual would not object to the disclosure of protected health information to a relative or personal friend (may be preempted)

  47. Privacy Rights of Individuals • Receive notice of information practices • See and copy own records • Request corrections • Obtain accounting of disclosures • Request restrictions and confidential communications • File complaints

  48. Administrative Requirements • Covered entities are required to have: • A designated privacy official and a privacy contact person • A defined complaint process • A process for responding to individual’s request for additional restrictions (not required to agree to the request) • A process for verifying the identity and legal authority of any person requesting personal health information • Training on privacy policies and procedures for each person who has contact with personal health information • Documentation that training requirements are satisfied • A process to sanction employees and business associates who violate protected health information

  49. Record Requirements • Covered entities are required to have: • Copies of signed authorizations • Log of non-routine disclosures • Written statements of denial of requests for information • Responses to requests for corrections • Notices of disagreement from individuals • Contracts with business associates • Signed employee compliance statements

  50. Restrictions on Marketing • Covered entities must obtain authorization before using or disclosing protected health information for marketing • Health care providers must secure consent for use of disclosure of protected health information for operations (including marketing) • There are specific limits on the use of protected health information for fundraising

More Related