Health Care Services Update

Cutting Through the Chaos:HHS Issues Standards for E-Health Transactions

On August 17, 2000, the U.S. Department of Health and Human Services (HHS) issued the Final Rule adopting standards for electronic transactions and code sets for the processing of health care claims. The Rule implements some of the requirements of the Administrative Simplification Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and becomes effective in October 2000. Covered entities, defined as health plans, health care clearinghouses and health care providers, will have until October 2002 to comply. Smaller health care plans, those with a maximum of $5 million in annual receipts, will have an additional year to comply, or until October 2003.

Currently, the health care industry uses more than 400 different formats to transmit information for health care claims. The government expects that standardizing transactions and code sets will streamline the health care claims process, improve operations of health care providers and insurers, and result in better service to patients. The government also anticipates a $29.9 billion savings in health care costs over a 10-year period.

According to an HHS press release, provisions of the Rule include the following:

• Health plans will be able to pay providers, authorize services, certify referrals and coordinate benefits using a standard electronic format for each transaction. Providers also will be able to use a standard format to determine eligibility for insurance coverage, ask the status of a claim, request authorizations for services or specialist referrals, and receive electronic remittance to post receivables.
• The regulation also includes new standards for common transactions and coding standards for reporting diagnoses and procedures in the transactions.
• Employers who provide health insurance to workers and their dependents also will be able to use a standard electronic format to enroll or disenroll employees and to submit premium payments to any health plan they contract with.
• The regulation outlines a process for maintaining the format and content of the standard transactions system. National health care standard organizations and data comment committees will accept and review requests for changes to the standards.

The Rule regulates eight electronic transactions and the code sets to be used in them. It also includes requirements for the use of these standards by health plans, health care clearinghouses and certain health care providers. A transaction is defined as "the exchange of information between two parties to carry out financial or administration activities related to health care."

The eight transactions adopted by HHS are:

• health care claims and equivalent encounter information
• health plan eligibility
• health care enrollments and disenrollments
• health care payment and remittance
• health plan premium payments
• health care claim status
• referral certification and authorization
• coordination of benefits.

Standards for first report of injury and claims attachments will be adopted at a later time. The Secretary of HHS is also authorized to adopt additional standards as determined to be appropriate.

Recommended Actions

1. Create a multi-disciplinary committee which includes, at a minimum, representatives from administration, information management, compliance, medical records and the medical staff. If your organization has a security and privacy administrator, he or she should also be included.
2. Audit how your organization transmits and receives individually identifiable patient information, as well as where electronic data is stored, and who uses it.
3. Identify your business partners and others who are, or will be, receiving or sending identifiable patient health information electronically.
4. Develop an educational program for employees, medical staff and vendors.
5. Review third-party contracts for HIPAA compliance language.

One final note — HHS expects that by the time the Rule takes effect in October 2002, the proposed privacy regulations under HIPAA will be in effect. If the privacy regulations are not final, HHS will consider suspending or withdrawing the transaction regulations pending the finalization of the privacy regulations. However, sources in the government tell us that this is unlikely to happen, as the government is confident that a Final Rule on privacy will be published prior to the implementation date for the transactions and code sets.

In addition to standards for the protection of privacy of individual identifiable health care information, HIPAA calls for security standards. Proposed regulations for security were published in the Federal Registry in August 1998 and for privacy in November 1999. These regulations are expected to be finalized later this year. However, DHHS received more than 150,000 comments concerning the privacy regulations. It remains to be seen if all of the comments received can be reviewed and addressed by the time the transactions and code sets must be implemented.

The proposed regulations on privacy were discussed in the December 1999 Health Care Services Update, "Confidentially Speaking: The Government’s Proposed Standards for Protecting Your Health Care Information."

Health Care Services Update is a publication of Pepper Hamilton LLP. The material in this newsletter is based on laws, court decisions, administrative rulings and congressional material, and should not be construed as legal advice or legal opinions on specific facts.