|
Send
this issue to a friend
|
|
The Managed Care Insider eNews
Volume 4 Number 4
April 2002
Welcome to The Managed Care Insider eNews.
You are receiving this because you have subscribed; the eNews is never sent unsolicited.
Subscribe/unsubscribe information can be found at the end of this eNews. The
Managed Care Insider eNews is published, copyrighted, and owned by The Scheur
Management Group, Inc. (SMG), http://www.scheur.com and
is distributed monthly, free to subscribers. If you wish to forward this edition,
you may do so only if the edition is forwarded in its entirety. No reproduction
of any part of this publication is permitted without the express permission of
the publishers.
----------------------------------------------------------------
The focus of this issue of The Managed Care Insider eNews is about implementing
HIPAA. No doubt you've seen the plethora of articles on the complexities of HIPAA
implementation. But unlike all other articles you may have read, in true Insider
style, Diane L. Stone gives advice on identifying and selecting the needed resources
to get off your HIPAA and "just do it." Read on and, as always, please
email your comments to insider@scheur.com.
----------------------------------------------------------------
HIPAA, HYPE-A, HELP-A
by Diane L. Stone
Have you had it with HIPAA PowerPoint presentations and just want to know how
to address your covered entity's HIPAA remediation projects now? This article
is intended to let you know you can do it! Let's not worry about what you didn't
do last year. There are advantages to having waited, and that is what you avoided
and what you gained.
You have avoided 15 months arduous analysis, incredulous interpretations, frenzied
listings of questions, many meetings among covered entities grappling with the
enormity of the tasks, and solicitous HIPAA products and services that weren't
ready to solve your challenges. You have gained from the hard work of the HIPAA
pioneers (large health plans and hospital systems that started early), including
a 12-month extension to the standard transaction and code set requirements. Materials
exist today to make the process easier. How to start is well documented, assessment
tools and materials to implement policies, procedures, notices, forms, and contract
language exist for health plan and provider settings. Most information is openly
shared on Web sites, some toolsets are free, and some may have to be purchased.
They are available from law firms, consulting firms, medical associations, health
care associations and industry collaboratives. Even the HIPAA author, the Department
of Health and Human Services (HHS), provides accessible up-to-date information
(see Sights & Sounds on the Internet in this issue). Yes, you will need a
little bit of time to review Web sites.
But now you have to start. In less than 200 days, by October 16, 2002, all covered
entities should submit a standard transaction and code set extension request,
to give you till October 16, 2003 to be ready to submit most electronic healthcare
data in the standard specified format. For Privacy Standards, a covered entity
has 365 days till April 14, 2003 to address improved confidentiality and security
of individually identifiable health information. There are also Security Standards,
but as of this date the requirements have not been published in Final form.
HIPAA is the acronym for the Health Insurance Portability and Accountability
Act of 1996. True, the title does not provide much help for what you have to
do if you are a covered entity -- a hospital, a health plan, a physician, other
providers or a healthcare electronic processing clearinghouse. HIPAA has a primary
focus to improve health insurance accessibility to people changing employers,
but a covered entity's focus relates to Title II of this Act, Administrative
Simplification. The requirements relate to the electronic transmission of health-related
data. They mandate national electronic transmission standards and specific protections
for patient/protected health information (PHI), including security standards
to structurally safeguard confidentiality.
HIPAA HYPE
There has been some hype about HIPAA -- that it doesn't make sense, that the
healthcare industry did not need these changes, that it will be impossible to
accomplish because it is too far reaching, too expensive. The truth is that HIPAA
is reasonable although complicated. Standard Transactions and code set requirements
are an entirely different project from privacy and security implementation. The
two tracks come together where business processes have to change and the full
organization must be HIPAA trained. The standards make good business sense. The
requirements emphasize the need for each entity to understand the standards,
evaluate to its operation, and implement necessary changes in order to comply
to a level reasonable for the size and scale of the entity. However, the hard
truth is that the regulations may require significant changes to a covered entity's
billing and data collection systems, as well as the need to develop new policies
and procedures to ensure that patient health data is protected.
The hope of HIPAA is that administrative simplification efforts will all have
been worthwhile. You have to believe that reducing the 400 different electronic
claim transaction formats to ONE will save administrative and claims money in
terms of both efficiency and the reduction of errors. For privacy and security,
you have to hope patients and health plan members will receive an improved consistent
level of confidentiality, because those who handle their information are more
aware of the need to protect its use and disclosure.
HIPAA HELP
Now the help for HIPAA. First, get your hands on the three sets of regulations:
- Standards for Electronic Transactions,
published Final Rules August 17, 2000. The requirements are 7 pages
long. The summary, background, comment and response section is 52
pages long.
- Standards for Privacy of Individually
Identifiable Health Information, published Final Rules December 28,
2000. The requirements are 31 pages long. The summary, background,
preamble, comments and responses section is 335 pages long.
- Security, published Proposed Rules August
1998. The proposed requirements are 16 pages long. The summary, background,
preamble, comments and responses section is 21 pages long.
Second - attention to Standard Transactions and Code Sets. If you are a health
plan, you must be capable of accepting all the required standard transaction
submissions on October 16, 2003. Please note: this date represents a 12-month
delay. All covered entities wanting the additional time must submit an extension
request to the Department of Health and Human Services by October 16, 2002. A
provider who submits claims electronically, and/or makes eligibility, benefit,
claims status, and claims inquiries electronically, must transmit these transactions
to the health plan in the American National Standards Institute Accredited Standards
Committee standard (ANSI X12N) format. Each standard has a prescribed format
and content for electronic transmission (see chart).
ANSI Electronic Transmission
Standards
| Required X12N Standards |
Description |
Comment |
| 837 |
Health Claims and encounter information
for professionals, institutions and dentists, and for coordination of
benefits |
Replaces UB 92 and HCFA 1500 |
| 835 |
Standard for health care payment
and remittance advice |
Health plan payment back to providers |
| 276/277 |
Standard for health care claims
status |
Provider request and health plan
response |
| 834 |
Standard for benefit enrollment
and disenrollment in a health plan |
Used by employers to enroll members
in health plans (employers not required to use) |
| 270/271 |
Standard for health care eligibility
benefit inquiry and response |
Dental, professional and institutional |
| 820 |
Standard for health plan premium
payments |
Used by employers to pay premiums
(employers not required to use) |
| 278 |
Standard for referral certification
and authorization |
Request for review and response |
Health plans and healthcare clearinghouses have to
be able to accept all ASC X12N standards formats and content. Providers have
options. Providers may continue relying on a clearinghouse to convert claims
to standard format, and to add required data content. A clearinghouse (e.g. Envoy,
NDC) would re-format the transactions and then submit to the respective health
plan. Providers may choose to send standard content to health plans through the
Internet (if the health plan is set up for this); this is called direct data
entry. Finally, providers may be able to adopt the standard format themselves
and submit the standard content and format to the clearinghouse or health plan
directly. Providers have some choice, but should not be considering slipping
back to paper. That will only clog the system.
Providers, contact your practice management vendor, ask for the list of all required
data elements, the vendor's map of the data elements currently existing in the
patient accounting system product, and the plan for acquiring the remaining data
elements. Get the timeline for modification, cost and process to follow. Be prepared
to push and be aggressive.
Third - Privacy Requirements framework for what you have to consider as tasks.
Phase I:
- Become knowledgeable about the regulations
and reliable reference resources. Download the regulations from the HHS
Web site; select the PDF file format for the official Federal Register
copy.
- Designate your Privacy Officer, whether you
are a one-person or multi-person organization, someone who is process-oriented
and informed about your organization, preferably a team player.
- Call your health plan payers, check in with
them for status and any assistance.
- Assemble a workgroup, often called the steering
committee.
- Compare standards for use and disclosure and
consumer rights procedures for your present operation.
- Identify and prioritize the differences between
what you do and what you have to do.
- Estimate time, resources and budget to accomplish.
At the end of Phase 1 you may want to consider working
with a consultant to validate your interpretations and findings. You can look
externally for toolsets and advice to guide your process.
Phase 2 (once you have reached agreement on the gaps and how these will be addressed):
- Develop implementation plan and timeline.
- Assemble the workgroup.
- Begin remediation projects.
- Track who has access to protected health information
(PHI).
- Revise or develop policies and procedures.
- Develop privacy notices, consent and authorization,
including a system to manage.
- Revise contracts with vendors (called business
associates) who handle PHI to reflect your HIPAA expectations from them.
- Train all staff on the increased awareness
and safeguards to patient privacy and security. Make sure all employees
know what HIPAA is.
Again, it would make sense to explore an arrangement
with an operationally-focused consultant to help you pace the process, fine tune
your thinking and identify the correct resources for your needs.
In summary, get going. The time for discussion is over. In a sense, there is
just as much to discuss and decide as there is to do. So just do it.
About the author: Diane L. Stone, SMG's special consultant in HIPAA project management,
assists health plans, hospitals and physicians addressing the issues, interpretations
and next steps to responsibly implement HIPAA. Her career spans over 25 years
in healthcare management and business operations, including executive management
positions with several New England HMOs, healthcare associations, provider networks,
PHOs, employers and integrated delivery systems.
----------------------------------------------------------------
Sites and Sounds on the 'Net
In keeping with this issue's focus on HIPAA implementation, we present the following
Web sites that cover this area.
DHHS Final and Proposed Administrative HIPAA provisions, milestones, updates,
questions and answers and other site references at http://aspe.hhs.gov/admnsimp/index.htm
Washington Publishing Company site contains transactions standards, implementation
guides and a data dictionary at http://www.wpc-edi.com/hipaa/HIPAA_40.asp
Summaries, legislative background, HIPAA events and a resource library at Massachusetts
Health Data Consortium - http://mahealthdata.org
Phoenix Health Systems HIPAAdvisory is a good source of information, alerts,
tools, updates, glossary and links - http://www.hipaadvisory.com
American Health Information Management Association offers succinct journal articles
at http://www.ahima.org/journal/index.html
American Medical Association posts an advisory to members as well as non-members
at http://www.ama-assn.org/
http://www.healthkey.org/tools.htm is
a multi-state collaborative advancing e-health security. This site provides some
suggested frameworks, processes and tools.
For publications and HIPAA discussion points, visit the Medical Group Management
Association at http://www.mgma.com Search HIPAA.
American Hospital Association, http://www.aha.org/hipaa,
provides updates, tools, resources and links to further information.
----------------------------------------------------------------
WE CAN SHOW YOU THE MONEY...
If you're looking for extra profit margin in your health plan or provider organization,
SMG can show you several areas for increased margin that you may not have considered.
Coordination of benefits allows you to shift responsibility for payment when
there is double coverage or where individuals are covered by both insurance and
Medicare. Third Party Liability claims offer you another opportunity for maximizing
revenue, in the range of $0.70 to $1.00 PMPM.
We are the national experts on COB and TPL. In fact, our team wrote the chapter
in The Managed Health Care Handbook. We've helped hundreds of organizations maintain
or improve their financial and organizational health.
Our team will assess, evaluate and deliver a treatment plan that speaks to your
bottom line. We can perform this service as a one-time check-up or on a periodic,
as-needed basis. Or if you prefer, we can show you how to get the information
you need to effect change on your own. Contact us at webmaster@scheur.com or http://www.scheur.com.
----------------------------------------------------------------
End of The Managed Care Insider eNews,
Volume 4, Number 4.
Scheur Management Group (SMG) is one of the most experienced specialized healthcare
operations management and business revitalization consulting firms in the country.
Our expertise is in time-sensitive analyses, strategic business and market planning,
operational re-engineering, and communications, as well as implementation of
start-ups, expansions, and new products. The firm's clients cover the spectrum
of insurers, managed care organizations, physician groups, integrated delivery
systems, hospitals, employers, governmental entities, vendors, and other providers.
Contributing to this edition is Diane L. Stone. Editing and Research by Judith
Jaffe.
TO SUBSCRIBE: visit http://www.scheur.com/smghome.nsf/webcontent/ezine.html or
send e-mail to insider@scheur.com with the word SUBSCRIBE in the subject and
name, email, company, title, and country in the message.
TO UNSUBSCRIBE: send email message to insider@scheur.com with the word UNSUBSCRIBE
in the subject.
Please take a minute to visit our eNews page at http://www.scheur.com/scheur.nsf/smg/ezine.htm for
archives, subscriber information and to RATE our ezine.
Get up-to-the-minute health care news on-line at www.scheur.com |
