Hot Issues

Contingency Plans Instructions for Requesting Testing with Maryland Medicaid Programs Medicare Contingency Plans Announced

The Health Insurance Portability & Accountability Act of 1996 (HIPAA), Public Law was passed by Congress:

• To improve portability and continuity of health insurance coverage in the group and individual markets
• To combat waste, fraud, and abuse in health insurance and health care delivery
• To reduce costs and the administrative burdens of health care by improving efficiency and effectiveness of the health care system by standardizing the interchange of electronic data for specified administrative and financial transactions
• To ensure protecting the privacy of Americans’ personal health records by protecting the security and confidentiality of health care information

Administrative Simplification is a method of making business practice (the billing, claims, computer systems and communication) uniform in order that providers and payers do not have to change the way in which they interact with each other through each other's proprietary systems.  The changes will affect such activities as:

• Enrolling an individual in a health plan

• Paying health insurance premiums

• Checking eligibility

• Obtaining authorization to refer a patient to a specialist

• Processing claims

• Notifying a provider about the payment of a claim

Significant resources need to be invested over the next several years to achieve compliance with the HIPAA legislation and to realize the long-term benefits. The benefits of HIPAA include:

• Lowering administrative costs

• Improved efficiency for patients and providers

• Increasing customer satisfaction

• Improved security and privacy of information

• Health Plans

• Health Care Providers who use certain electronic transactions

• Health Care Clearinghouses

• Transaction Standards and Code Sets

• Privacy

• Security

• National Standard Identifiers

• Provider 

• Employer 

• Health Plan

• Individual

The rules for Transactions and Code sets were published on August 17, 2000 and with modifications published in May 2002.  The compliance date was October 16, 2002. On December 27, 2001 President Bush signed HR3323, which provides for a delay in the implementation of the TCS rules of HIPAA. This extended the compliance due date to October 16, 2003, if a compliance extension is requested.

Further modifications to the final rule were published in February 2003.  This rule finalizes provisions applicable to electronic data transaction standards from two related proposed rules published in the May 31, 2002 Federal Register. It adopts proposed modifications to implementation specifications for health care entities and for several electronic transaction standards that were omitted from the May 31, 2002 proposed rules.

The purpose of these regulations is to standardize the electronic exchange of information (transactions) between trading partners. These transactions are mandated to be in the ANSI ASC X12 version 4010 format. The covered transactions include:

• 270 = Eligibility Inquiry

• 271 = Inquiry and Response

• 276 = Claim Status Inquiry

• 277 = Claim Status Inquiry and Response

• 278 = Authorization Request and Authorization Response

• 820 = Health Insurance Premium Payment

• 834 = Beneficiary Enrollment

• 835 = Remittance / Payment

• 837 = Claim or Encounter

The HIPAA Code Set Regulations establish a uniform standard of data elements used to document reasons why patients are seen and the procedures performed during health care encounters. HIPAA specified code sets to be used are:

• Diagnoses - ICD 9

• Procedures - CPT 4, CDT

• Supplies/Devices – HCPCS

• Additional Clinical Data - Health Level Seven (HL7)

HIPAA specified administrative codes set for use in conjunction with certain transactions and HIPAA eliminated local codes.

These regulations establish standards for protecting individually identifiable health information and for guaranteeing the rights of individuals to have more control over such information. HIPAA covered programs must comply with the privacy regulations by April 14, 2003.

These regulations establish standards for all health plans, clearing houses, and storage of health care information to ensure the integrity, confidentially, and availability of electronic protected health information. Proposed rules were published on August 12, 1998. Final rules were published February 20, 2003 and compliance must occur by April 20, 2005.

These regulations establish standard numerical identifiers for health plans, providers, and employers to simplify administrative processes, such as referrals and billing, to improve accuracy of data, and reduce costs.   The final rule for the Employer Identifier which became effective in July 2002 establishes a standard for a unique employer identifier and requirements concerning its use by health plans, health care clearinghouses, and health care providers. The health plans, health care clearinghouses, and health care providers must use the identifier, among other uses, in connection with certain electronic transactions.

Final rules are pending for the National Standard Health Care Provider Identifier, the National Individual Identifier, and Standard Unique Health Plan (Payer) Identifier.

The legislation carries heavy civil and criminal penalties for failure to comply. US DHHS Office for Civil Rights will enforce civil penalties that may include penalties from $100 per violation to $25,000 per calendar year. US Department of Justice will enforce criminal penalties which may include up to 10 years imprisonment and a $250,000 fine.

An interim final rule on Enforcement was published in April 2003.  It establishes rules of procedure for the imposition, by the Secretary of Health and Human Services, of civil money penalties on entities that violate standards adopted by the Secretary under HIPAA.  The Interim Rule is effective until September 16, 2004.