HIPAA Regulatory Alert: Intensify efforts at transaction compliance, HHS says
Intensify efforts at transaction compliance, HHS says
No postponements expected as deadline nears
As the Oct. 16 deadline for covered entities to comply with HIPAA’s electronic code set and transaction provisions approaches, organizations should be intensifying their efforts toward achieving compliance, according to the Department of Health and Human Services (HHS). An HHS guidance issued in mid-July made clear there would be no postponement of the deadline, although enforcement will be flexible initially.
In addition to encouraging health plans and providers to intensify their compliance efforts, the department also stated that health plans should assess the readiness of their provider communities to determine the need to implement contingency plans that maintain the flow of payments while continuing to work toward compliance. Some analysts are questioning the wisdom of possible contingency plans such as reverting to paper claims.
The HHS guidance maintains that the Centers for Medicare & Medicaid Services (CMS), which has been given principal responsibility for enforcing the electronic transactions and code sets provisions of HIPAA, initially will focus on voluntary compliance and use a complaint-driven approach for enforcement of the code sets and transaction provisions.
According to the guidance, "when CMS receives a complaint about a covered entity, it will notify the entity in writing that a complaint has been filed. Following notification from CMS, the entity will have the opportunity to 1) demonstrate compliance; 2) document its good-faith efforts to comply with the standards; and/or 3) submit a corrective action plan."
The agency plans to use the flexibility inherent in the "good-faith" provisions of the Social Security Act that allow it to forego imposing civil monetary penalties when a failure to comply is based on reasonable cause and is not due to willful neglect, and the failure to comply is cured within 30 days. In addition, the agency has authority to extend the 30-day period "based on the nature and extent of the failure to comply."
CMS will look at both ends of transaction
The guidance acknowledges that transactions often require the participation of two covered entities and that noncompliance by one entity may put the other covered entity in a difficult position. Thus, "during the period immediately following the compliance date, CMS intends to look at both covered entities’ good-faith efforts to come into compliance with the standards in determining, on a case-by-case basis, whether reasonable cause for the noncompliance exists and, if so, the extent to which the time for curing the noncompliance should be extended."
The agency says penalties will not be imposed on covered entities that deploy contingencies to ensure the smooth flow of payments if they have made reasonable and diligent efforts to become compliant and, in the case of health plans, to facilitate the compliance of their trading partners. "Specifically," the guidance says, "as long as a health plan can demonstrate to CMS its active outreach/testing efforts, it can continue processing payments to providers. In determining whether a good-faith effort has been made, CMS will place a strong emphasis on sustained actions and demonstrable progress."
So how can plans and providers demonstrate that they are making a good-faith effort? CMS says it will look at things such as increased external testing with trading partners; lack of availability of, or refusal by, the trading partners prior to Oct. 16, 2003, to test the transactions with the covered entity whose compliance is at issue; and in the case of a health plan, concerted efforts before the deadline and continued efforts after to conduct outreach and make testing opportunities available to its provider community.
Documentation of efforts needed
The guidance also gives a case study of a possible type of complaint that CMS would receive and the steps the agency would take to investigate and determine if the plans has made good-faith efforts. Organizations that have exercised good-faith efforts to correct problems and implement the changes required to comply with HIPAA should be prepared to document the efforts in the event of a complaint being filed, according to HHS. The agency says the approach it is taking "will permit health plans to mitigate unintended adverse effects on covered entities’ cash flow and business operations during the transition to the standards, as well as on the availability and quality of patient care."
After Oct. 16, in addition to possible fines and penalties imposed, CMS will expect noncompliant covered entities to submit plans to achieve compliance in a manner and time acceptable to the HHS Secretary. The agency intends to provide more detailed information on corrective action plans.
HHS maintains that, although transaction and code set compliance is a huge undertaking, "the result will be greatly enhanced by electronic communication throughout the health care community. Successful implementation will require the attention and cooperation of all health plans and clearinghouses, and of all providers that conduct electronic transactions. There is considerable industry support for transaction and code sets, and we all look forward to realizing the many advantages of its successful implementation."
Responding on behalf of health plans represented by the American Association of Health Plans (AAHP), CEO Karen Ignani said plans were "pleased that CMS has issued this prudent and reasonable guidance that balances the goal of updating transaction systems as quickly as possible with flexibility toward segments of the health care community that — despite working in good faith to implement these complex and significant standards — will be unable to complete their work before the Oct. 16 deadline. We will continue to work with CMS on ways to ensure that the standards outlined by HIPAA are implemented in a manner that best serves consumers and the health care system they rely on."
Not far enough’
Before the guidance was issued, a coalition of health care organizations — the American Clinical Laboratory Association, the American Health Care Association, the American Hospital Association, the American Medical Association, Premier, Inc., and VHA Inc. — wrote to HHS Secretary Tommy Thompson urging him to act to prevent disruption of the health care system that could come with implementation of the transaction requirements. The group said that despite substantial progress by both payers and providers, many payers have indicated they will not be prepared to accept the new format by the deadline, while others are unable to test the format with providers, meaning providers won’t know if their submissions will be accepted. Also, the new format and content standards require information, such as detailed demographic information on patients, referring physician identifiers, and diagnosis codes, that providers do not currently collect and that are not required to pay claims.
The group’s letter to Thompson asked that the department take several steps to prevent disruption in the system, including making it clear that for a reasonable period of time after Oct. 16, compliance with HIPAA standards would require only that claims be in the standard format and contain only the information required to pay them.
American Clinical Laboratory Association president Alan Mertz says that the only positive aspect in the guidance is that CMS recognizes the potential for problems and wants to avoid them. But, he says, the guidance does not go nearly far enough.
Need definition of compliant claim
As requested in the group’s initial letter, Mertz says his association and the other provider groups believe that CMS needs to make it clear that, for a reasonable period beginning October 16, compliance should require only that claims be in the HIPAA standard format, use the standard codes, and contain only the data elements necessary for adjudication. The department then could establish progressive targets for completion of more robust testing of live claims transactions to facilitate the transition to standard transactions with increasingly more complex data content, Mertz says.
To ensure an adequate level of cash flow to providers, the groups called for use of claims submitted in legacy formats during the testing period while trading partners work through implementation issues with the standards.
Earlier this summer, the Chicago-based American Hospital Association (AHA) wrote to Thompson on its own, calling for development of a systemwide implementation plan to prevent delays in claims processing and payment when the new rule takes effect. "Even a slight decrease in claims processing volumes or lengthening of the payment cycle could negatively affect hospitals’ ability to care for their patients," wrote AHA executive vice president Rick Pollack.
The organization said HHS should clearly outline remedial actions it would take to ensure an adequate level of cash flow to hospitals during the transition to HIPAA standardized claims, require insurers to identify deficiencies in the standard claims a provider submits, and trigger a contingency payment from government payers if the provider’s daily volume of processed claims or payments received falls more than 5% below the provider’s daily average for the previous year.
AHA encouraged but wants more
After the guidance came out, AHA said it was encouraged by the guidance and by statements from CMS that recognize that hospitals and other providers must continue to receive payment from payers, and that potential harm to patients could result if payments are threatened or delayed.
While CMS took a necessary first step in endorsing AHA’s contingency payment recommendation by indicating that penalties will not be imposed on covered entities that deploy contingencies under certain circumstances, AHA expressed concern that it failed to establish in the guidance a "real safety net for providers" by adopting AHA’s recommendations on payment of Medicare claims to providers after Oct. 16.
AHA said that CMS still is undecided as to whether a claim that is missing data elements but complies with the HIPAA format and code set requirements is compliant.
Milliman USA health care management and technology consultant John Phelan tells HIPAA Regulatory Alert that the CMS guidance was no surprise given that the agency already had given a one-year extension for the deadline. "There is the potential for a certain amount of chaos in implementation as there would be with any other standard of this magnitude," he says. But Phelan says he is not yet convinced the Oct. 16 deadline will be an "absolute calamity," saying the first rule for all those involved should be to not panic, especially since CMS has said that it will hold back on enforcement.
Questioning the request made by the clinical laboratories group and others for a CMS definition of compliant claims, Phelan says that it makes sense for CMS to wait to see how the industry will respond before stepping in. "People are too focused on the potential for government penalties," he cautions. "The real problem is that different organizations are interpreting the standards in various ways and thus there are communication problems. Those are the things that need to be brought into line."
Feds shouldn’t back off
Phelan is adamant that government relaxation of the implementation requirements will not solve the problem of varying interpretations. "If the government gets unreasonable, we can always respond to that," he says. "Meanwhile, the industry needs to step up and come together to work on the problem. I think government is a slow and cumbersome device through which to get things implemented. But industry has the ability to move more quickly and could come up with a consistent approach that the government would then be likely to adopt."
[Editor’s note: CMS information is available at www.cms.gov and www.hhs.gov. Contact Ms. Ignani at (202) 778-3200; Mr. Mertz at (202) 637-9466; Mr. Pollack at (202) 638-1100; and Mr. Phelan at (818) 707-7818.]
As the Oct. 16 deadline for covered entities to comply with HIPAAs electronic code set and transaction provisions approaches, organizations should be intensifying their efforts toward achieving compliance, according to the Department of Health and Human Services.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.