HHS releases tentative release dates for HIPAA
HHS releases tentative release dates for HIPAA
AHIMA updates its HIPAA checklist
Many health information management (HIM) professionals might be wondering when the final standards on electronic health information, required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), will be issued. The Department of Health and Human Services (HHS) in Washington, DC, has now released a tentative schedule. (See box, p. 109.)
HHS says the length of time from the publication of the notice of proposed rulemaking (NPRM) to the publication of the final rule is needed to review and respond to the large number of comments received on the NPRMs. In addition, the rules need to be reviewed not only within the HHS and a number of its subordinate agencies, but also with several other federal departments affected by the rules.
Standards are required to be implemented within two years of the effective date of the final rule; generally 60 days after publication of the rule. However, the effective date for the National Provider Identifier is planned to be no earlier than July 2000, to give the department enough time to develop the system for implementing the identifier.
In August 1998, Hospital Payment & Information Management printed a checklist of steps, published by the American Health Information Management Association (AHIMA) in Chicago, that organizations can take to prepare for the final standards. AHIMA has since updated the checklist, revising some of the categories and adding steps to prepare for the electronic signature standard.
Here is the new version, as prepared by Sandra Fuller, MA, RRA, vice president of practice leadership, and Julie J. Welch, RRA, an HIM practice manager for AHIMA.
General
Assign responsibility for tracking the progress of regulations as they develop. Continue to inform key internal stakeholders about HIPAA and its impact on your information systems and processes. Seek current information on the industry’s approach to HIPAA compliance. Develop resources — such as publications, seminars, Web sites, and professional networking — to facilitate development of your approach to HIPAA requirements. Plan internal educational programs to describe HIPAA requirements to those responsible for implementing the changes. Obtain and read copies of the proposed rules from the Federal Register, which can be accessed via the Health Care Financing Administration’s (HCFA’s) Web site at http://www.hcfa.gov. Read the reports and recommendations from the National Committee on Vital and Health Statistics (NCVHS). The NCVHS serves as the statutory public advisory body to the Secretary of Health and Human Services in the area of health data and statistics. (The reports and recommendations can be accessed via the NCVHS Web site at http://aspe.os.dhhs.gov/ncvhs through NCVHS Reports and Recommendations.) Obtain and read a copy of the Internet security policy from HCFA’s Web site. Meet with key staff in information services to discuss the requirements, identify the people who need to be involved, and develop a plan of action.Share sections of the Federal Register with individuals who need to be involved in preparing for the regulations.
Perform a gap analysis of your existing policies and procedures compared to the requirements of the proposed standards. Have individuals who need to be involved send you copies of their policies and procedures that address the requirements. Develop a checklist to help identify those policies and procedures that you will need.Standardization of code sets
Monitor payer compliance with official coding guidelines. Perform regular coding quality control studies. Provide feedback on documentation issues that have an impact on the quality of coded data. Routinely train coding staff on current coding practice. Provide access to resources available on coding guidelines and best practices. Efficiently update the ICD-9-CM codes in October and the CPT-4 codes (for both transaction and analysis systems) in January.Health care identifiers
Become familiar with the NPRM for the employer identifier number, the taxpayer identification number for employees that is assigned by the Internal Revenue Service. Read the NPRM for the national provider identifier. Assess the quality of the master person index (MPI). Perform required cleanup and eliminate duplications in the MPI. Institute procedures to maintain the integrity of the MPI. Train staff on the importance of data quality in an MPI. Make necessary data quality improvements in registration systems. Assign responsibility for the maintenance of MPI data integrity. Perform routine data integrity checks on the provider database. Develop effective procedures to maintain provider tables. Integrate or interface provider tables with necessary systems. Monitor data quality for unique personal identification numbers (UPINs) on billing documents. Provide easy access to UPIN tables. Maintain current, complete payer tables. Perform data quality checks on payer data entry. Develop feedback loops from the billing process to data collection processes regarding payer data.Claims transactions
Maintain effective communication regarding claims processing with all affected parties. Perform routine maintenance on the chargemaster. Use electronic claims processing and electronic data interchange. Explore the feasibility of converting to electronic claims processing or outsourcing that function. Have comprehensive documentation of claims processing. Routinely monitor remittance information against claims data. Have an effective process for handling rejected claims. Aggregate data about rejected claims to improve claims processing. Become familiar with transaction standards and standards development organizations.Information security
Review the proposed standards and assess your organization’s level of compliance by performing a gap analysis. Become familiar with the information security standards and standards development organizations. Identify existing organizational structures to aid development and implementation of an information security program. Ensure that policies exist to control access to, and release of, patient-identifiable health information. Ensure that users of electronic health information have unique access codes. Ensure that each user’s access is restricted to the information needed to do his or her job. Outline physician responsibilities for protecting the confidentiality of health information in the medical staff bylaws or rules and regulations. Outline employee responsibilities for protecting the confidentiality of health information in the employee handbook. Train everyone with access to health information about confidentiality and their responsibilities regarding confidentiality. Review vendor contracts for outsourcing of health information to ensure that they include provisions regarding confidentiality and information security. Ensure that system managers, network managers and programmers do not have unlimited and unrecorded access to patient information. Monitor access to information and put corrective action plans in place for violation of organization policy. Perform risk assessments to prioritize and continually improve the security of the systems. Maintain current knowledge of information security issues and industry response to these issues. Read books and publications and attend seminars.Electronic signature
Identify the use of the electronic signature in your organization. Perform a gap analysis for electronic signature applications to assess compliance with proposed standards for electronic signatures. Become familiar with the electronic signature standards and standards development organizations. Discuss the proposed requirements with current vendors who may be supporting your organization’s information systems. Familiarize yourself and employees with new and emerging information security technologies. Research various certificate authorities to determine costs and identify a potential candidate.Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.