HIPAA UPDATE - PowerPoint PPT Presentation

1 / 39

About This Presentation

Title:

HIPAA UPDATE

Description:

Implementation guides and data dictionaries to support standards. Scope: ... and privacy are primarily consumer concerns-not addressing them proactively ... – PowerPoint PPT presentation

Number of Views:90

Avg rating:3.0/5.0

Slides: 40

Provided by: lorrie4

Category:

more less

Transcript and Presenter's Notes

Title: HIPAA UPDATE

1
HIPAA UPDATE

Presentation for CC USA
Annual Conference
September 2003

L3 P Associates, LLC
2
Privacy Regulations
3
Status Check

This is what you should have done
Privacy Officer Appointed
NPP complete and disseminated to all clients who
have received services since April 14, 2003
Determined method to manage restriction requests
on NPP
Determined means to handle confidential
communications
Revised Authorization as required
Staff Training on HIPAA
Developed Mechanisms for Client Access to Record

4
Status Check (cont)

Assessed Business Associates and begun to revise
contracts as they come up for renewal
Developed required policies (examples)
Minimum Necessary Disclosure
Mandatory Reporting
Authorization
Clients Rights
Disclosure Accounting
Complaint and Grievance

5
Status Check (cont)

Assess agency use of psychotherapy notes
Developed Employee Sanction Policy
Completed an audit to assess agency privacy
risks.
Mediation of those risks (examples)
Transportation of PHI in unsecured manner
Files unsecured in office settings
Lack of confidential oral practices

6
Spot Checks Yes or No?

WHAT ARE YOU HEARING?

7
What You Should be Thinking About

Risk Analysis
Determination of approach to required and
addressable standards of the Security Regulations
Business Continuity Planning

8
Topics that You Need to Discuss

Completing the policieswhich polices are you
struggling with the most?
Policy processprogram or agency wide
Separate HIPAA specific or integrated into the
agency
Forms
Testing of the forms
Staff training and understanding
Business Associates
Translation of forms
T/CS
Security
Senior Management
Please send the vendor template as part of the
next call

9
Transactions and Code Sets

Are You Testing?

10
Due Date

October 16, 2003

11
Making the Distinction
12
Transactions, Code Set and Identifier Overview
13
Applicability

The transaction standards, code sets, and
identifiers together, completely define all of
the values that they can contain.
In general, the rules override any existing state
or local specific rules.
Discovered over the past months, that the payer
provides the envelopecertification of the
envelope but not what is in it.
Testing ensures that you get from them what they
require.
837 from one payermay not get by another payer.

14
Transactions
15
HIPAA Transaction Standards

Payers, clearinghouses and software vendors will
clearly have the majority of the burden to
remediate their information systems.
Providers should be aware of the state of
readiness of all third parties and be prepared
for changes they must make to their
infrastructure.
To the extent they may develop and maintain
custom applications and interfaces, providers
will have a responsibility to remediate their own
applications (or customization to vendor supplied
applications) to comply with HIPAA standards.

16
What standards were chosen?

American National Standard Institute ASC X12N
standards, Version 4010, were chosen for all of
the transactions except retail pharmacy
transactions.
Standard headers, trailers (claim lines)
letter size envelope, defined number of things
that can differ from payer to payer.
Can you different deliminatorspayer can dictate

17
Who is required to use the standards?

All private sector health plans (including
managed care organizations and ERISA plans, but
excluding certain small self administered health
plans) and government health plans (including
Medicare, State Medicaid programs, the Military
Health System for active duty and civilian
personnel, the Veterans Health Administration,
and Indian Health Service programs), all health
care clearinghouses, and all health care
providers that choose to submit or receive these
transactions electronically are required to use
these standards.
These "covered entities" must use the standards
when conducting any of the defined transactions
covered under the HIPAA.
Then there is the case of Ohio and Hawaii where
the states Medicaid systems are requiring that
every provider submit the 837 according to the
HIPPA standards.

18
Who is required to use the standards?

To comply with the transaction standards, health
care providers and health plans may exchange the
standard transactions directly, or they may
contract with a clearinghouse to perform this
function.
Clearinghouses may receive non-standard
transactions from a provider, but they must
convert these into standard transactions for
submission to the health plan. Similarly, if a
health plan contracts with a clearinghouse, the
health plan may submit non-standard transactions
to the clearinghouse, but the clearinghouse must
convert these into standard transactions for
submission to the provider.

19
What does the law require of state Medicaid
programs?

Section 1171(5)(E) of the Social Security Act, as
enacted by HIPAA, identifies the State Medicaid
programs as health plans, which therefore must be
capable of receiving, processing, and sending
standard transactions electronically.
Medicaid programs will need the capacity to
process standard claim, encounter, enrollment,
eligibility, remittance advice, and other
transactions.

20
Clarification

A health plan cannot refuse to accept a claim
from a health care provider because the health
care provider electronically submits the
standard transaction.
However, the health plan is not required to pay
the claim merely because the health care provider
submitted it in standard format, if other
business reasons exist for denying the claim (for
example, the service for which the claim is being
submitted is not covered).
This rule does not require a health care provider
to send or accept an electronic transaction.

21
An example

A State Medicaid plan enters into a contract with
a managed care organization (MCO) to provide
services to Medicaid recipients. That
organization in turn contracts with different
health care providers to render the services.
When a health care provider submits a claim or
encounter information electronically to the MCO,
is this activity required to be a standard
transaction?
The entity submitting the information is a health
care provider, covered by this rule, and the MCO
meets our definition of health plan.
The activity is a health care claims or
equivalent encounter information transaction
designated in this regulation.
The transaction must be a standard transaction.

22
Transactions

Health claims and equivalent encounter
information.
Enrollment and disenrollment in a health plan.
Eligibility for a health plan.
Health care payment and remittance advice.
Health plan premium payments.
Health claim status.
Referral certification and authorization.
Coordination of benefits.
Standards for the first report of injury and
claims attachments (also required by HIPAA) will
be adopted at a later date.

23
Summary of HIPAA Transactions
24
(No Transcript)
25
Code Sets
26
Code Sets Affected

Code Sets
Diagnosis
ICD-9 (International Classification of Diseases)
May soon by the ICD-10
(Notice that there is no DSM IV)
Treatment
CPT-4 (Current Procedural Technology)
HCPCS (Health Care Procedure Code Set existing)
HCPCSproposed behavioral health, mental health
and AOD
Medical Procedures
Drugs
Dental Procedures

27
Identifiers
28
Standard Identifiers Include..

Provider (NPID)
May have greatest impact on processing logic
Registration process will be defined Obtain from
HIPAA specified source (HCFA or contractor)
Only one per provider
Will replace UPIN and all proprietary provider ID
codes
Employer (EIN)
Health Plan (PAYERID)
Individual
Explicitly excluded by Congress because of
privacy concerns
Entities will have to maintain their own
person/patient identifiers within privacy and
confidentiality requirements
Should accelerate the need for EMPI-like
applications

29
Impact on Providers

Assessment and implementation will take time,
planning, resources and change-this is not an
overnight fix
Security and privacy are primarily consumer
concerns-not addressing them proactively will
result in loss of trust, credibility, and
potentially revenue
Penalties and fines are modest for non-compliance
with transactions
Major impact is on the ability to do business

30
Impact on Provider Partners

Payers have customized systems that will require
significant modifications/remediation/replacement
Payers will be required to accept the standard
transactions
But remember they can dictate much of the data
requirements. Sohave you begun your testing?
October 16 is going to be a train wrecknot all
payers are readyState Medicaid agencies are most
behind.
80 of providers have not started testing, much
less testing with their major providers.
Software vendors have an opportunity to provide
direct connectivity and reduce reliance on claims
editing/clearinghouse vendors
Clearinghouses will become a commodity

31
Contingency Plans

Start the testing with major payers immediately.
Rely on vendor or they hire the skill set to
complete the testing.
Increased Lines of Credit just in case payer is
not ready to process claim or provider is not
really ready to submit.
Paper Claimsnot able to process increased number
of paper claims.

32
Security Rules
33
22 HIPAA Security Standards Addressable