MEDICAL ASSISTANCE BULLETIN COMMONWEALTH OF PENNSYLVANIA * DEPARTMENT OF PUBLIC WELFARE SUBJECT BY Health Insurance Portability & Accountability Act (HIPAA) NUMBER: 99-02-07 Peg J. Dierkers, Ph.D. Deputy Secretary for Medical Assistance Programs ISSUE DATE: June 25, 2002 EFFECTIVE DATE: June 25, 2002 PURPOSE: The purpose of this bulletin is to provide you with information concerning the Health Insurance Portability & Accountability Act (HIPAA). SCOPE: This bulletin applies to all providers enrolled in the Medical Assistance (MA) Program and all managed care organizations under contract with the Department of Public Welfare. BACKGROUND/DISCUSSION: WHAT IS HIPAA? HIPAA became public law on August 21, 1996 (P.L. 104-191). HIPAA is a federal bi-partisan law based on the Kennedy- Kassebaum bill. The primary goal of the law is to make it easier for people to keep health insurance and to help the industry control administrative costs by standardizing health care transactions for all health plans, clearinghouses and providers who submit claims electronically. HIPAA is divided into five Titles or sections. Title I is portability. This Title has been fully implemented. Portability allows individuals to carry their health insurance from one job to another so that they do not have a lapse in coverage. It also restricts health plans from imposing pre-existing condition limitations on individuals who switch from one health plan to another. Title II is called Administrative Simplification. Title II was designed to: Reduce health care fraud and abuse; Guarantee security and privacy of health information; Enforce standards for health information and transactions; and Reduce the cost of health care by standardizing the way the industry communicates information. Titles III, IV and V have not been defined. The main benefit of HIPAA is standardization. Effective 2003, HIPAA will require the adoption of industry-wide standards for administrative health care transactions; national code sets; and privacy protections. Standards are being developed for unique identifiers for providers, health plans, employers, security measures and electronic signatures. WHAT IS ADMINISTRATIVE SIMPLIFICATION? The goal of administrative simplification is to reduce health care administrative costs and promote quality and continuity of care by facilitating electronic data interchange (EDI). HIPAA establishes standards for eight electronic health care
transactions, national code sets and unique identifiers for providers, health plans and employers. It will eventually establish standards for ensuring the security of electronic health care transactions. Currently, no industry standards exist for EDI. Although industry use of EDI is growing, health care transactions are transported and processed in over 400 different file structures and record layouts. It is important to remember two things: 1. HIPAA does not require providers to submit claims or receive remittance advices electronically. 2. HIPAA does not directly address paper claims. But, while the above two considerations exist, if the industry is going to go through this huge effort to standardize electronic transactions, it is in the provider s best interest to take advantage of it. Why standardize electronic submission? Many industries are standardized. If you buy a light bulb in Pennsylvania it will also work anywhere in the United States, and you know it will work. Our electronic claim submission process in the United States is very much like the electric industry world-wide. If you travel to another country you need to carry a transformer to ensure that your manufactured hair dryer is going to work in the European electrical outlet. Administrative simplification is going to get us to the point where all electronic health care submissions are standard. Once the transaction standards are implemented nationally, you will be able to submit the same transaction in the same format to any health plan. NO TRANSFORMER NECESSARY. INDUSTRY IMPACT How does this change affect us? 1. HIPAA is the most sweeping legislation to affect the health care industry in over 30 years. 2. The impact of HIPAA will be more extensive than the year 2000 (Y2K) conversion. 3. Experts predict that large health plans will have to spend $50 to $200 million to become HIPAA compliant. 4. HIPAA applies to covered entities such as Medicare, Medicaid and group health plans, clearinghouses and providers who submit claims electronically. 5. Nearly everyone in health care will be affected. Payers, employers, providers, clearinghouses, health care information systems vendors, billing agents and service organizations. While experts forecast that large health plans could spend $50 to $200 million to become HIPAA compliant, they also forecast from $20 to $30 billion in savings over ten years. WHEN WILL THE STANDARDS BECOME EFFECTIVE? Notices of Proposed Rule Makings (NPRM) Already Published: Standard NPRM Published Final Rule Publication Date Compliance Required Transactions and Code Sets 5/01/1998 8/17/2000 10/16/2002 Extended to 10/16/2003 National Provider Identifier 5/07/1998 National Employer Identifier 6/16/1998
Security 8/12/1998 Privacy 11/03/1999 12/28/2000 4/14/2003 NPRMs in Development: Standard National Health Plan Identifier Claims Attachments Expected NPRM Publication Expected Final Rule Publication Expected Summer 2002 Expected Date Compliance Required On hold TRANSACTIONS ADOPTED Health claims Professional (American National Standards Institute (ANSI) 837P) Institutional (ANSI 837I) Dental (ANSI 837D) Retail Pharmacy (National Council for Prescription Drug Programs (NCPDP-5.1) Health Care Payment and Remittance Advice (ANSI 835) Enrollment and Disenrollment in a Health Plan (ANSI 834) Eligibility Inquiries and Responses (ANSI 270/271 & NCPDP 5.1) Health Plan Premium Payments (ANSI 820) Health Claims Status Inquiries and Responses (ANSI 276/277) Referral Certification and Authorization (ANSI 278) CODE SETS ADOPTED International Classification of Diseases, Ninth Revision, Clinical Modification (ICD-9-CM) Diagnoses (all services) and inpatient hospital procedures National Drug Codes (NDC) Drugs, biologicals Current Dental Terminology, third edition (CDT-3) Dental services Current Procedural Terminology, fourth revision (CPT-4) Physician and all other services CPT-4 - HCFA Common Procedural Coding System (HCPCS) Level II Medical equipment, injectible drugs, transportation services, and other services not found in CPT-4 HCFA Health Care Claim Adjustment Reason Codes and Remittance Advice Remarks Codes NOTE: Effective October 2003, type of service will no longer be allowed. Until then, the Office of Medical Assistance Programs (OMAP) will require providers to submit type of service as a procedure code modifier. WHY COMPLY?
Penalties For the two rules released to date, there have also been penalties outlined. The penalties for the Transactions and Code Sets are aimed at health plans, billing services and providers who submit claims electronically. They are: $100 per violation Maximum of $25,000 per year Privacy affects all covered entities such as health plans, billing services, providers and business associates who receive and use protected health information. The penalties for wrongful disclosures are: Up to $250,000, AND 10 years in prison WHAT IS THE OMAP DOING? OMAP has been working actively toward HIPAA compliance. Since February 2000, OMAP staff has been participating in national Medicaid HIPAA workgroups, which meet semi-monthly by way of national teleconferences, with a focus on transaction standards and code sets. Groups have also been formed on Privacy/Security and Provider Outreach. These workgroups fall under the parent group of the National Medicaid EDI HIPAA Workgroup (NMEH) whose subgroups include: Local Codes Prior Authorization Claims Attachments Taxonomy Dental Eligibility Privacy/Security Provider Outreach EOMB TPL/COB OMAP is also currently involved in re-engineering the Medical Assistance Management Information System (MAMIS). The projected date for completion of this re-engineering project is March 2004. During the transition period between October 16, 2002, and March 2004, OMAP will be using Electronic Data Systems (EDS) as a translator/clearinghouse for HIPAA compliant data and code sets. OMAP staff is also participating in the E-Pennsylvania Alliance, a statewide group consisting of providers, payers and vendors committed to making Pennsylvania a leader in the integration and application of technology. The goal of this group is for providers, payers and vendors to work together as a team to achieve HIPAA compliance. WHAT SHOULD YOU (THE HEALTH CARE PROVIDER) BE DOING? First Educate yourself. The first thing you need to do is read the final HIPAA rules. They can be found on the Administrative Simplification website at: http://aspe.os.dhhs.gov/admnsimp/ Second Assess how the Privacy Rule is going to change your business processes. Due to the physical and process changes that the Privacy Rule is ensured to require, we recommend that you begin putting together a plan to handle these
changes by the April 2003 implementation date. The longer you have to implement the changes, the more you will be able to spread out the costs. Third Start talking to your software vendor, billing service, clearinghouse, systems team or any other applicable electronic vendor to determine their awareness and readiness. For additional information on HIPAA, visit the OMAP website: http://www.dpw.state.pa.us/omap COMMENTS AND QUESTIONS REGARDING THIS BULLETIN SHOULD BE DIRECTED TO: Bureau of Data and Claims Management ATTN: HIPAA P.O. Box 2675 Harrisburg, Pennsylvania 17105-2675 Visit the Office of Medical Assistance Programs website at www.dpw.state.pa.us/omap.