ADMINISTRATIVE SIMPLIFICATION - PowerPoint PPT Presentation

1 / 69
About This Presentation
Title:

ADMINISTRATIVE SIMPLIFICATION

Description:

Title: Workforce Investment Act of 1988 Author: ODHS User Last modified by: GOV Created Date: 7/25/2001 4:15:46 PM Document presentation format: On-screen Show – PowerPoint PPT presentation

Number of Views:226
Avg rating:3.0/5.0
Slides: 70
Provided by: odhs
Category:

less

Transcript and Presenter's Notes

Title: ADMINISTRATIVE SIMPLIFICATION


1
ADMINISTRATIVE SIMPLIFICATION
  • Concept
  • Covered Entities
  • Transactions
  • Privacy
  • Security
  • Implementation

2
Inevitable Transformation...
  • Today health data is keyed into a computer,
    printed, mailed or transmitted, re-keyed into
    another computer
  • The constant demand for more information in less
    time is pushing health care systems toward
    electronic data interchange, the
    computer-to-computer exchange of information in a
    standard format
  • Institutions pursue electronic data interchange
    internally, but encounter barriers to sharing
    data externally, among institutions

3
Barriers to Transformation
  • Lack of data standardsno single entity has the
    market power to move the health care industry
    toward a common electronic standard
  • Legal ambiguityantiquated state licensing laws
    make computerized medical records technically
    illegal in 12 states and legally ambiguous in 16
    others
  • Privacy concernshealth information is private
    today not because it is secure but because it is
    difficult to accessand making it more accessible
    makes it less secure

4
Standards Leverage Transformation
  • Money as a standard replaced barter
  • East and West coast railroads needed a standard
    gauge to meet at Promontory Point
  • Appliances and motors were custom made before
    electrical current was standardized
  • Electronic transaction standards have been the
    norm in banking for two decades
  • Our centurys great innovationthe Internetis a
    web of connection standards

5
Congress Acts
  • The Health Care Modernization and Security Act of
    1993 (or Data Bill)
  • Sponsored by Sens. Kit Bond (R-MO) and Joseph
    Lieberman (D-CT) and Reps. Dave Hobson (R-OH) and
    Tom Sawyer (D-OH)
  • Congress established a process to adopt standards
    for health information and required health plans
    to use the standards and transmit data
    electronically

6
Guiding Themes
  • National Policy Frameworkthe barriers to
    modernizing health information systems are
    national in scope, and require national solutions
  • Technology Neutralencourage continued innovation
    and intentionally avoid locking in a technology
    today that could be useless tomorrow
  • Private/public partnershipbuild on the extensive
    use of electronic data interchange in the private
    sector by adopting standards already in use and
    generally accepted

7
Broad Support
  • The Working Group for Healthcare Administrative
    Simplification
  • American Association of Retired People,
    American College of Physicians, American Hospital
    Association, American Association of Medical
    Colleges, American Health Information Management
    Association, American National Standards
    Institute, American Academy of Pediatrics,
    Ameritech, Association for Electronic Healthcare
    Transactions, Bellcore, Blue Cross/Blue Shield
    Association, CCH Inc, Center for Health Care
    Information Management, CIS Technologies, COB
    Clearinghouse, Digital Equipment, Dun
    Bradstreet, Electronic Data Systems, ERIC,
    Federation of American Health Systems, First
    Health, Fleishman-Hillard Inc, Health Industry
    Manufacturers Association, Health Care Financial
    Management Association, Hewlett-Packard, Health
    Insurance Association of America, IBM,
    Information Industry Association, ITAA, JCAHO,
    MetPath, Mutual of Omaha, National Association of
    Medical Equipment Suppliers, National Association
    of Chain Drug Stores, National Electronic
    Information Corporation, Orkand Corporation, PCS
    Health Systems, Podesta Associates, Prudential,
    Public Health Foundation, Rossman Health Industry
    Consulting, SAIC, SmithKline Beecham, Society of
    Professional Benefits Administrators, Travelers,
    Davidson Colling Group, UNISYS

8
President Clintons Health Security Act
  • Comprehensive health care reform dominated the
    national political agenda in 1992
  • Increasing access vs. decreasing costs
  • Administrative simplification contributes to both
  • Local storage vs. central storage
  • The Clinton Administrations emphasis on research
    triggered a debate about how and who could use
    sensitive patient data and overwhelmed the effort
    to harmonize data standards

9
Medicare Reform
  • Balancing the federal budget dominated the
    national political agenda in 1994
  • Medicare was estimated to be bankrupt in four
    years
  • Administrative simplification was refocused on
    eliminating Medicare fraud and catching the
    Medicare secondary payer problem up front,
    rather than recovering dollars after-the-fact
  • Rolled back the scope to financial (not clinical)
    data

10
Health Insurance Portability and Accountability
Act of 1996 (HIPAA)
  • Administrative simplification reached its
    maturity along with incremental health insurance
    reform
  • Bipartisan throughout two bitterly partisan
    debates
  • Broad-based, private-sector support
  • Enacted 421 to 2 in the House, 98 to 2 in the
    Senate, and signed by President Clinton on August
    21, 1996
  • The basic framework enacted by Congress passed to
    the U.S. Department of Health and Human Services
    for rulemaking and implementation

11
HIPAAs Three Purposes
  • Health Insurance Portabilityimprove the
    portability and continuity of health insurance
    coverage for groups and individuals
  • Accountabilitycombat waste, fraud, and abuse in
    health insurance and health care delivery
  • Administrative Simplificationsimplify health
    care billing by adopting standards that allow
    health plans to transmit data electronically

12
HIPAA Administrative Simplification
  • Transactionsadopt financial and administrative
    data standards and require health plans to use
    those standards to exchange information
    electronically
  • Privacyadopt standards for individually-identifia
    ble health information that address the rights of
    individuals, procedures to exercise those rights,
    and uses and disclosures of information that are
    authorized or required
  • Securityadopt standards to protect the
    confidentiality of health information, prevent
    threats or hazards to the security or integrity
    of the information, and prevent unauthorized uses
    or disclosures

13
Opportunities to Decrease Costs
  • Enable the use of the Internet instead of
    expensive, private networks
  • Develop less costly off-the-shelf management
    information systems solutions
  • Reduce unnecessary paperworkestimated to add at
    least ten cents on every health care dollar
  • Increase the speed and accuracy of transactions
    with other entities (faster third party
    collections, etc)
  • Expose fraud in ways that are impossible under
    the current, confusing, disjointed paperwork
    system

14
Opportunities to Increase Quality
  • Strengthen privacy and confidentiality associated
    with personal health information
  • Aggregate and compare data (non-standard code
    sets make this difficult to do today)
  • Provide the data consumers need to compare the
    value of insurance plans and health services
  • Forge stronger cooperative relationships with
    providers (Were all in this together)
  • Upgrade existing but outdated technology

15
Business Transformation
  • Administrative Simplification is a business
    challengenot just a technical problem, like Y2K
  • Existing technology is applied to improve
    business practicessomething most industries do
    already
  • People, paper, and postage are replaced with
    electronic communications to reduce costs and
    improve services
  • Health care organizations will either choose to
    treat administrative simplification as a
    conformance nuisance or use it as their catalyst
    to e-business

16
Business Transformation
Functional Area Impacted EDI Identifiers Code Sets Privacy Security
Billing and Patient Accounting X X X X X
Medical Records X X X X
Claims and Encounters X X X X X
Enrollment X X X X
Eligibility X X X X X
Medical Management X X X X X
Case Management X X X X X
Customer Service X X X X
Marketing X X X
Sales and Underwriting X X X X X
Benefit Design X X X X X
Reporting and Analytics X X X X
Physician Contracting X X X X X
Nursing X X X
Physicians and Clinicians x X X X
Source GartnerGroup December 2000 Source GartnerGroup December 2000 Source GartnerGroup December 2000 Source GartnerGroup December 2000 Source GartnerGroup December 2000 Source GartnerGroup December 2000
17
ADMINISTRATIVE SIMPLIFICATION
  • Concept
  • Covered Entities
  • Transactions
  • Privacy
  • Security
  • Implementation

18
Covered Entities
  • Health Plansan individual or group plan that
    provides or pays the cost of medical care
  • Health Care Clearinghousesan entity that
    processes or facilitates processing of
    information received from another entity
  • Health Care Providersany provider of medical or
    other health services, and any other person
    furnishing health care services or supplies

19
Examples of Health Plans
  • ERISA defined group health plan
  • Health insurance issuer
  • HMO
  • Medicare
  • Medicaid
  • Medicare supplement
  • Long-term care policy
  • VA health care system
  • Employee welfare benefit plan
  • Health plan for active military
  • CHAMPUS
  • Indian Health Services
  • Federal Employees Health Benefit Plan
  • Or any combination

20
Health Plan Exclusions
  • Workers Compensation programs
  • Correctional Institutions
  • Disability insurance programs
  • Automobile insurance carriers
  • Property and casualty insurers
  • Nursing home fixed-indemnity policies

21
Health Care Clearinghouse
  • A Public or private entity that
  • Receives a non-standard transaction from another
    entity and processes or facilitates the
    processing of health information into a standard
    format or standard data content or
  • Receives a standard transaction from another
    entity and processes or facilities the processing
    of health information into a non-standard format
    or non-standard data content

22
Health Care Provider
  • Any person or organization who furnishes, bills,
    or is paid for health care in the normal course
    of business
  • Health care is defined as care, services or
    supplies related to the health of an individual,
    including
  • Preventive, diagnostic, therapeutic,
    rehabilitative, maintenance, or palliative care
  • Counseling, service, assessment, or procedure
    with respect to physical or mental condition or
    functional status
  • Sale or dispensing of a drug, device, equipment
    or other item in accordance with a prescription

23
Hybrid Covered Entities
  • Determine if covered entity functions are
    performed within a department or program
    (evaluate each area separately according to their
    respective functions)
  • If the component that provides the services is
    itself not a separate entity, then the entity to
    which it belongs is a hybrid entity
  • HIPAA rules apply to the component that performs
    the covered function and requires a wall
    between the covered functions and the rest of the
    entity
  • For example, the Ohio Department of Health runs a
    hemophilia program as a provider and a Black Lung
    clinic program as a health plan

24
Business Associates
  • A person or entity to whom a covered entity
    discloses protected health information to perform
    a function on behalf of or to provide services to
    a covered entity
  • Includes lawyers, accountants, consultants, and
    accrediting agencies
  • Must have a contract obligating them to safeguard
    protected health information

25
Business Associate Contracts
  • Must establish the permitted and required uses
    and disclosures of protected health information
    by the business associate and may not authorize
    further disclosure in violation of the
    regulations
  • If the covered entity knows of a practice or
    pattern of activity that constitutes a material
    breach of the business associates obligations
    under the contract, the covered entity must take
    reasonable steps to ensure cure of the breach or
    terminate the contract or report the problem to
    the Secretary

26
Business Associate Obligations
  • Must not use or disclose protected health
    information in violation of the law or contract
  • Implement safeguards against improper use or
    disclosure
  • Ensure that any agents or subcontractors agree to
    fulfill contractual and legal obligations
  • Afford individual access to records make
    available records for amendment by the
    individual account to the individual for use or
    disclosure other than for payment, treatment, or
    operations
  • At termination of the contract, return or destroy
    protected health information

27
ADMINISTRATIVE SIMPLIFICATION
  • Concept
  • Covered Entities
  • Transactions
  • Privacy
  • Security
  • Implementation

28
Transaction Standards Enable
Electronic Data Interchange
  • Health care electronic data interchange is
    commonly used and generally acceptedHHS
    estimates that at least 400 formats are used in
    the United States for health care claims
    processing
  • However, the lack of a standard format makes it
    difficult for vendors to develop software,
    inhibits potential efficiencies, and increases
    costs for health care providers and health plans
  • In order to perform electronic data interchange
    using a common interchange and data structure a
    widely adopted use of standards is required.

29
Adopting Transaction Standards
  • HIPAA requires HHS to adopt standards for health
    care transactions that are
  • Consistent with reducing the administrative costs
    of providing and paying for health care
  • Already in use and generally accepted
  • Developed or modified by a private sector
    standard development organization like the
    American National Standards Setting Institute
  • All of the current code sets have been developed
    by a private sector standard development
    organization

30
Required Transaction Standards
  • American National Standards Institute (ANSI)
  • Accredited Standards Committee (ASC)
  • Insurance Subcommittee (X12N)
  • Health care claim or encounter (837)
  • Health care claim payment and remittance (835)
  • Health care claim status inquiry/response (276,
    277)
  • Health care eligibility inquiry/response
    (270/271)
  • Benefit enrollment and maintenance (834)
  • Referral certification and authorization (278)
  • Payment order and remittance (820)

31
Required Code Sets
  • Diseases, injuries, impairments, and other health
    related problems
  • Prevention, diagnosis, treatment, management
  • Drugs and biologicals
  • Dental Services
  • Physician services, physical and occupational
    therapy services, radiological procedures,
    clinical laboratory tests, other medical
    diagnostic procedures, hearing and vision
    services, transportation services including
    ambulance

32
Local Codes
  • HCFA Common Procedural Coding System (HCPCS)
    identifies health care procedures, equipment and
    supplies for billing purposes
  • Level I AMA-owned physician CPT codes
  • Level II CMS-maintained other
  • Level III State Medicaid program local codes
  • Today states rely heavily on local codes
  • Local codes are scheduled to be eliminated (or
    rolled into level II) effective October 2002

33
Migrating Local Codes
  • State programs forced to crosswalk local codes
    into a limited number of level II codes
  • Particularly challenging for waiver programs
  • National work underway to identify current or
    modified level III codes for addition to the
    level II code set
  • From over 30,000 to approximately 2000 of which
    about 100-200 are waiver codes

34
Local Code Policy
  • Standardization of local codes may impair the
    payers ability to customize policies
  • Coding decisions shape coverage and reimbursement
    policies
  • A payer cannot cover a service for which a code
    does not exist
  • Congress did not intend to dictate health care
    policy or limit state policy discretion

35
Implementation Strategies
  1. Organization-wide general education and awareness
  2. Risk assessment and gap analysis
  3. Complete a cost/benefit analysis, strategic plan,
    and select tools
  4. Update policies and procedures, and install tools
    and applications
  5. Complete testing and audits and verify
    third-party compliance

36
Transaction Compliance
  • Final transaction rule in effect August 2000 (HHS
    guidance published May 2001)
  • Most covered entities are required to comply by
    October 2002 (October 2003 for small health
    plans)
  • Covered entities may comply directly or use a
    health care clearinghouse
  • Penalties for non-compliance are 100 per
    incident up to 25,000 per standard per year

37
System Readiness
  • Current timeframe to comply with transaction
    standards is unrealistic
  • Great confusion among providers
  • Could lead to the election of paper claims and
    overwhelm state payment systemswhich today are
    85 percent electronic
  • Paper claims cost more, take longer, and
    intensify provider frustration

38
Staggered Release of Final Rules
  • Staggered effective dates make it difficult to
    plan
  • The transaction and code set rule is final but
    most individual code sets have not been
    determined
  • The compliance clock is tickingbut covered
    entities dont have the information they need to
    implement
  • Covered entities will be required to move
    protected health information electronically
    beginning October 2002six months ahead of new
    privacy standards and at least one year ahead of
    security standards

39
ADMINISTRATIVE SIMPLIFICATION
  • Concept
  • Covered Entities
  • Transactions
  • Privacy
  • Security
  • Implementation

40
Electronic Transactions Require Additional
Privacy Protection
  • Privacy defines what information to protect
  • As the ease of exchanging individually-identifiabl
    e health information increases, there is a
    corresponding need to increase privacy protection
  • The new federal privacy rule provides a national
    standard floor to address the fundamental
    privacy rights of individuals

41
No Change in Existing Federal Law
  • Privacy Act
  • Substance Abuse laws and regulations
  • Fraud and abuse prevention requirements
  • Medicare Act for dual eligibles
  • Medicaid beneficiary privacy protections
  • Section 1902(a)(7) of the Social Security Act
  • Regulations at 42 CFR 431.300
  • 35 years of guidance and practice

42
State Privacy Law Preempted
  • In general contrary State privacy laws are
    preempted by the new federal privacy rules
  • State law prevails if the HHS Secretary
    determines it is necessary for public health or
    State regulatory reporting
  • State law prevails if it is contrary to and more
    stringent than the HIPAA privacy rule

43
Examples of More Stringent State Laws
  • Further limit the use or disclosure of protected
    health information
  • Provide individuals with greater rights of access
    or more information about their rights
  • Enhance protections afforded by an authorization
  • Impose greater record keeping requirements
  • Otherwise enhance privacy protection

44
Protected Health Information
  • Individually Identifiable Health Information that
  • Relates to the past, present, or future
  • Physical or mental health or condition of an
    individual
  • Provision of health care to the individual
  • Payment for the provision of health care to an
    individual
  • Regardless of form
  • Excluding certain student records

45
Consent and Authorization
  • In general a covered entity may use or disclose
    protected health information only
  • With the consent of the individual for treatment,
    payment, or health care operations
  • With the authorization of the individual for all
    other uses or disclosures
  • As permitted under the rule for certain public
    policy purposes

46
No Consent or Authorization Required
  • Public health disclosures
  • FDA requirements
  • Work related injuries
  • Reports of abuse or neglect
  • Upon reasonable inference by a health care
    provider that the individual would not object to
    the disclosure of protected health information to
    a relative or personal friend (may be preempted)

47
Privacy Rights of Individuals
  • Receive notice of information practices
  • See and copy own records
  • Request corrections
  • Obtain accounting of disclosures
  • Request restrictions and confidential
    communications
  • File complaints

48
Administrative Requirements
  • Covered entities are required to have
  • A designated privacy official and a privacy
    contact person
  • A defined complaint process
  • A process for responding to individuals request
    for additional restrictions (not required to
    agree to the request)
  • A process for verifying the identity and legal
    authority of any person requesting personal
    health information
  • Training on privacy policies and procedures for
    each person who has contact with personal health
    information
  • Documentation that training requirements are
    satisfied
  • A process to sanction employees and business
    associates who violate protected health
    information

49
Record Requirements
  • Covered entities are required to have
  • Copies of signed authorizations
  • Log of non-routine disclosures
  • Written statements of denial of requests for
    information
  • Responses to requests for corrections
  • Notices of disagreement from individuals
  • Contracts with business associates
  • Signed employee compliance statements

50
Restrictions on Marketing
  • Covered entities must obtain authorization before
    using or disclosing protected health information
    for marketing
  • Health care providers must secure consent for use
    of disclosure of protected health information for
    operations (including marketing)
  • There are specific limits on the use of protected
    health information for fundraising

51
Implementation Strategies
  1. Assess the application of the new privacy rule to
    your organization
  2. Assess the application of more stringent State
    privacy requirements
  3. Assess your current privacy policies and
    practices to identify gaps
  4. Seek legal assistance to resolve ambiguity
  5. Apply the new federal or more stringent State
    privacy standards to your organization

52
Privacy Compliance
  • Final privacy rule in effect April 2001 (HHS
    guidance published July 2001)
  • Most covered entities are required to comply by
    April 2003 (February 2004 for small health
    plans)
  • Criminal penalties of up to 250,000 and 10 years
    imprisonment for use of protected health
    information for commercial gain

53
ADMINISTRATIVE SIMPLIFICATION
  • Concept
  • Covered Entities
  • Electronic Transactions
  • Privacy
  • Security
  • Implementation

54
Additional Privacy Requires
More Secure Systems
  • Security defines how to protect information
  • Security is an outcome, not a technology
  • Covered entities must be able to
  • Control access to data
  • Protect data from accidental or intentional
    disclosure to unauthorized persons
  • Protect information from alteration, destruction,
    or loss

55
Administrative Requirements
  • Covered entities are required to have
  • Documented security management process
  • Computer system/network accreditation
  • Contingency and disaster recover plans
  • Data processing policies and information access
    controls
  • Internal audit function
  • Security incident reporting procedures
  • Adequate supervision and training for staff

56
National Identifiers
  • Unique national identifiers will be required for
    providers, employers, and health plans
  • National identifiers will not include embedded
    information
  • Delayed adoption of national identifiers is
    making it difficult for covered entities to plan
    system requirements

57
Implementation Strategies
  1. Assign security responsibility to a specific
    individual or group
  2. Develop and maintain physical access controls
  3. Develop and maintain policies for workstation use
    and control
  4. Develop policies for personnel authorization
    control, data authentication, and entity
    authentication

58
Security Compliance
  • Final security rule is expected early in 2002 (it
    is expected to be similar to the proposed rule
    published in August 1998)
  • Covered entities will be required to comply two
    years after the rule becomes final
  • Penalties capped at 25,000 in a calendar year
    for each standard violated, unless patient data
    is disclosed, then penalties for privacy
    violations apply

59
ADMINISTRATIVE SIMPLIFICATION
  • Concept
  • Covered Entities
  • Transactions
  • Privacy
  • Security
  • Implementation

60
Organizational Objectives
  • Assure compliance with HIPAA administrative
    simplification requirements
  • Assure that technical systems and business
    processes are integrated across agencies
  • Develop work products and tools to promote cost
    effective implementation
  • Develop effective education and outreach programs
  • Promote a consistent national legislative and
    policy agenda

61
Ohios Participating Agencies
  • Governors Office
  • Auditor of State
  • Attorney General
  • Administrative Services
  • Aging
  • Alcohol and Drug Addiction Services
  • Budget and Management
  • Health
  • Mental Health
  • Job and Family Services
  • Mental Retardation and Developmental Disabilities
  • Rehabilitation and Corrections
  • Workers Compensation
  • Veterans Services

62
Ohios Organizational Model (similar
approaches in CA, MN, NC, WA)
                                 
 
 
Governors Office Sponsor
Cabinet Director Executive Leadership Committee
Deputy Director Project Management Team
Technical Partners Committee
Business Partners Committee
Privacy Workgroup
Security Workgroup
Contracts Workgroup
Education Workgroup
Code Set Workgroup
63
Organizational Leadership
  • Governors Officeproject sponsor and primary
    coordination among agencies
  • Cabinet-Level Executive Leadership
    Committeeproject champions and oversight make
    final business decisions coordinate national
    issues
  • Deputy-Level Project Management Teamdevelop and
    maintain strategic plan receive and review
    recommendations assess resources for budget
    requirements

64
Organizational Assignments
  • Business Partners Committee (policy and program
    experts)define and validate functional
    requirements formulate workgroups resolve
    policy issues formulate recommendations for the
    Executive Leadership Committee (ELC)
  • Technology Partners Committee (information
    technology experts)determine optimal technical
    platform determine tool development, testing,
    and production formulate workgroups resolve
    information technology issues formulate
    recommendations for the ELC

65
Organizational Workgroups
  • Privacydevelop statewide, HIPAA-compliant,
    baseline privacy standards
  • Securitydevelop statewide, HIPAA-compliant,
    baseline security standards, both technical and
    related to personnel
  • Code Setsprovide a forum for agencies to
    identify and resolve interagency code issues and
    work arounds
  • Educationidentify stakeholders and their
    educational needs and develop training materials
  • Contractsidentify and analyze existing contracts
    in light of HIPAA regulations and develop
    template agreements

66
Implementation Challenges
  • Enterprise-wide Transformation
  • Engaging Business Associates
  • Converting Local Codes
  • System Readiness
  • Staggered Release of Rules
  • Funding

67
Funding
  • Enhanced federal financial participation is
    available for systems remediation (90/10)
  • Systems remediation sends a signal that
    administrative simplification is like Y2Kjust
    another technical problem
  • A greater commitment of resources is needed for
    business transformation
  • Difficult to estimate implementation costs
  • Initially, costs will far exceed savings

68
Congressional Update
  • H.R. 3323
  • Allow covered entities to delay compliance for
    transactions and code sets until October 2003
  • But only if the entity submits a plan to HHS that
    certifies progress toward compliance
  • Any entity that does not meet original deadlines
    or submit a plan cannot participate in Medicare
  • Privacy takes effect April 2003 as planned
  • After October 2003 Medicare will charge certain
    providers a 1 fee for every paper claim

69
Implementation Resources
  • U.S. Department of Health and Human Services
    HIPAA Home Page
  • http//aspe.os.dhhs.gov/admnsimp/
  • HHS Office of Civil Rights
  • http//www.os.dhhs.gov/ocr/hipaa/
  • HHS Center for Medicare and Medicaid Services
  • http//www.hcfa.gov/hipaa/hipaahm.htm
  • HHS links to other resources
  • http//aspe.hhs.gov/admnsimp/aslinks.htm
  • HIPAA Ohio
  • http//www.state.oh.us/hipaa/index.htm
Write a Comment
User Comments (0)
About PowerShow.com