[an error occurred while processing this directive] ACP-ASIM Observer, March 2002 - Tips to help comply with the first HIPAA regulation [an error occurred while processing this directive]

Tips to help comply with the first HIPAA regulation

A new rule should make filing claims electronically easier for everyone, but you must prepare your practice

From the March ACP-ASIM Observer, copyright 2002 by the American College of Physicians-American Society of Internal Medicine.

By William Hoffman

When it comes to your office computers, the new HIPAA regulations won't be anything like Y2K. If you don't prepare your practice for the new regulations, experts say, the fallout could be much worse than anything you expected from the millennium bug.

HIPAA, an acronym for the Health Insurance Portability and Accountability Act, is supposed to streamline health care administration. While many physicians are worried about HIPAA's privacy and security requirements, the law's first regulation focuses on something much more mundane: the way physicians, health plans and other organizations electronically exchange patient information.

The transactions and code sets final rule, as the regulation is known, will require everyone in health care to use the same format when electronically sending patient claims information. Considering that the industry currently uses more than 400 different formats to send and receive patient information, experts say the regulation is long overdue.

By simplifying claims submissions, the new rule is expected to decrease processing delays, increase billing accuracy and even reduce overhead at larger organizations. Physicians will theoretically enjoy faster, more reliable payment, and fewer claims should be rejected or denied.

How will all of this affect you? To start, you'll probably see dozens of new "data elements" on claim forms. For example, you may have to include health care provider taxonomy codes that identify physicians by subspecialty.

The state and local billing codes your practice currently uses may be replaced by uniform federal codes. State Medicaid agencies and employers that have negotiated custom codes with local providers will have to change their systems to meet the new rule.

While software vendors and health plans will have to do most of the work, you are responsible for ensuring that your office systems are HIPAA compliant. You'll have to start putting new—and probably unfamiliar—types of patient data in your claims forms. And you'll also have to make sure that your office's computer systems are ready to process those data elements.

If your practice isn't compliant by the deadline—October 16, 2002—you may face fines and penalties. Even worse, experts say, physicians who continue to submit noncompliant claims after the deadline may see payment for their services denied.

If you heard that the government has extended that October deadline, you're only half right. While the government did announce that it will grant extensions to organizations and physicians that need more time, it will not automatically give extensions to everyone.

To get the extension, you have to submit a compliance plan outlining why you need more time to comply. The government is supposed to release a model compliance form by the end of this month that you can complete to file for an extension. The Centers for Medicare and Medicaid Services (CMS), formerly HCFA, has said it will make this form available in different formats, including a version that can be completed online.

Even if you receive an extension, however, you must still start testing HIPAA-compliant transactions by April 16, 2003. As a result, an extension will really give you only an extra six months.

Whether you're aiming for the original October 2002 deadline or you plan to apply for an extension, time is running out. Industry experts offered the following tips to help you prepare for compliance:

Conduct a "gap analysis." Experts say you should start by examining how your practice currently records patient information—and what kind of information you now gather. That way, you'll know what changes you'll need to make. Both CMS and your state Medicaid agency should tell you what kinds of data elements you need to collect and include on electronic forms to comply with the transaction standard. Once you've identified the new data elements you need to use, make sure your vendor's software will allow you to enter the new information.

Check your payers' progress. Ask commercial insurers if they have updated their software to comply with the transaction standard. Also ask your state Medicaid agency about its progress reconciling local codes with the new federal standard. Ask both what they will need from you to ensure a smooth transition.

Follow the same advice if you use a clearinghouse to route transactions between your practice and your payers, or if your transactions go through other health care organizations such as clinics or hospitals.

If you use a clearinghouse for electronic transactions, ask whether it's been tested and certified for HIPAA compliance. CMS and some private companies, such as Claredi Corporation, offer HIPAA-compliance certifications. The problem, though, is that everyone scores the results differently.

One certification company might give a health plan a "5" on a scale of 1 to 7, indicating that all the plan's transactions are HIPAA compliant. A "5" from another certification company, however, could mean claims are compliant but remittances are not.

Experts also suggest keeping a close eye on how health plans and other payers process your claims during the transition period. Larrie W. Dawkins, director of compliance at Wake Forest University Physicians, a 480-doctor practice under the Wake Forest University Baptist Medical Center in Winston-Salem, N.C., said that the transition will be difficult for large insurers because they will have to modify millions of lines of computer code. Mr. Dawkins predicted that the claims adjudication process may become confused as payers try to comply with the HIPAA regulation, and he said your staff should scrutinize remittances during the transition process.

Talk to your software vendor. While you won't be able to hide behind your software vendor's noncompliant product if you are cited for violations, you still need your vendor's help to make sure your practice is compliant.

Vendors are taking different approaches to update their software and help you comply with the law. Officials from Physician Micro Systems Inc., for example, a Seattle company that sells the Practice Partner line of medical billing, electronic medical records and appointment scheduling software packages, said they plan to release a free upgrade to make its physician customers compliant.

Ask your vendor what it is doing to make your medical transaction software HIPAA compliant. What version of its software do you need to qualify for a free or discounted update? Does the vendor provide support for any testing of the installed update? Can the software handle current and new provider identifications and code sets during the transition? Can it produce the inbound and outbound transactions you want to implement, such as eligibility inquiry and verification, claims submission and remittance advice?

If your vendor can't answers these questions or is unresponsive, you may have to take action. In the short term, this could include contracting with a clearinghouse to "clean up" your claims and transmit HIPAA-compliant transactions. In a worst-case scenario, you may need to purchase new software. Either way, give yourself ample time to sort out any potential problems.

Designate a compliance officer. This doesn't necessarily mean hiring a new employee. "It is imperative that someone inside your organization owns this process," said Bruce Kleaveland, senior vice president for sales and marketing at Physician Micro Systems Inc. As your practice complies with the transactions standard, he said, this individual will be responsible for contacting software vendors; securing, installing and testing upgrades; and coordinating services or advice from other health care organizations. And because HIPAA security and privacy rules will follow on the heels of the transactions standard, your practice should consider appointing a staff person to oversee your practice's compliance with all HIPAA rules.

Train your staff. Everyone agrees that the most difficult and costly part of the transition will be training office personnel, physicians assistants, nurses and even doctors to be HIPAA compliant. Start gathering the new information identified during the gap analysis as soon as it is complete so you can get everyone in the habit of working with the new data. This can be difficult because current forms may not yet have appropriate spaces for the data, but it will remind all personnel of the new routine.

Get help—carefully. The best place to start is the College's Practice Management Center, which offers members the "HIPAA Electronic Transactions Manual." (This free member benefit is available online at www.acponline.org/pmc/regulatory.htm.)

HIPAA consultants are also available to help you with much of this work. When looking for consultants, be sure their experience matches your practice size and type. Consult an attorney first; a solid contract with the consultant can protect you from abuse.

Health care executives say to watch out for consultants who expand gap analysis beyond a practice's actual information needs in order to pad their bills. Avoid pitches that include wild claims of savings or freebies such as handheld computers.

There are no true "experts" on HIPAA, Mr. Dawkins from Wake Forest said. "Anybody who says he is a HIPAA transactions standard expert doesn't know what he's talking about."

William Hoffman is a freelance writer in Fairfax, Va.


[an error occurred while processing this directive] [an error occurred while processing this directive]