HIPAA Where We Are Now Where We Are Going The CMS Perspective

1
HIPAA Where We Are Now Where We Are
Going The CMS Perspective

• Brenda Denman
• Centers for Medicare Medicaid Services
• Dallas Regional Office
• November 16, 2004

2
Imagining the Future

• Single set of information for all payers
• Standard, easily understood coding rules
• Standard responses from payers
• Little, if any, human intervention for billing,
  remittance, posting, eligibility inquiries,
  coordination of benefits
• Well understood privacy protection
• Secure data

3
Imagining the Future

• Patient medical records easily and securely
  available when needed by health care providers
• Entities easily and clearly identified in
  transactions
• How can this happen?
• Weve taken the first steps - HIPAA

4
Brief History

• Law 1996
• Final Rules
• Transactions Code Sets 2000
• Privacy 2000
• Employer ID 2002
• Transactions Modifications 2003
• Security 2003
• Provider ID 2004

5
Some Deadlines Passed Several to Go

• 10/16/02 Transactions Code Sets
• 4/14/03 Privacy
• 7/30/03 National Employer Identifier
• 10/16/03 Medicare Electronic Claims
• 4/20/05 Security
• 5/23/07 National Provider Identifier
• (small health plans get one extra year)

6
Transactions Code Sets - Compliance Guidance

• Issued July 24, 2003
• October 16, 2003 is still the deadline for
  compliance
• CMS will not impose penalties on covered entities
  deploying contingency plans if
• Reasonable and diligent efforts to become
  compliant
• Reasonable efforts by health plans to facilitate
  trading partner compliance

7
Transactions Implementation..Where Is the
Industry Today?

• Lots of contingency plans, but
• Many moving into compliance
• Why not compliant?
• New data elements
• Reliance on vendors
• Not enough time for testing started
  implementation too late to be compliant by
  October 16, 2003

8
Where We Are With Medicare

• Medicare Contingency Plan
• Medicare will only accept claims electronically
  -- with a few exceptions
• Exceptions for paper claims
• No Method Available
• Small Providers
• Unusual Circumstances

9
Where We Are With Medicare

• Making Progress
• 98.48
• Modified Contingency Plan July 2004
• Payment of non-HIPAA compliant electronic claims
  27 days
• Contingency Plan is TEMPORARY

10
What Will and Should Be Happening?

• Contingency plans will end
• Entities must be compliant, or payments may stop
• Need to embrace other transactions
• automated eligibility
• remittance
• claims status
• Participate in standards revision process

11
TCS Enforcement

• Enforcement is complaint driven
• Covered entities submit complaints via paper or
  through the on-line Administrative Simplification
  Evaluation Tool (ASET)
• ASET allows you to register, upload files and
  track the status of your complaint
• www.cms.hhs.gov/cms/tm_001

12
Enforcement Reality

• CMPs may not be more than
• 100/violation
• 25,000/calendar year for violation of an
  identical requirement or prohibition

13
Enforcement Authority

• Two provisions of HIPAA govern enforcement
• 1176 civil monetary penalties (CMPs)
• 1177 criminal penalties
• HHS has authority to assess CMPs
• DOJ has authority for criminal penalties

14
Progressive Steps

• Compliance FIRST
• Corrective Action MIDDLE
• Tied for LAST
• CMPs
• Exclusion from Medicare

15
National Provider Identifier

• Adopts the standard for a single identifier for
  every provider
• No need for different identifiers from or for
  every health plan

16
NPI Important Dates

• Final Rule published on January 23, 2004
• Effective date is May 23, 2005
• Providers can begin applying for NPIs
• Compliance dates are
• May 23, 2007 for all covered entities except
  small health plans
• May 23, 2008 for small health plans
• By these dates, covered entities must
• use NPIs to identify providers in
• standard transactions

17
What the NPI Will Do

• Replace the use of legacy provider identifiers in
  standard transactions as of the compliance dates
• Simplify transactions and save money in the long
  term

18
What the NPI Will Not Do

• Will not guarantee reimbursement by health plans
• Enroll providers in health plans
• Make providers covered entities
• Require providers to conduct electronic
  transactions
• Serve the purposes of the DEA or taxpayer numbers

19
What the NPI Looks Like

• 10 positions (9 plus the check-digit)
• All numeric
• Does not convey information about the provider
• Is compatible with health insurance card issuer
  standard

20
The National Provider System (NPS)

• Developed under contract with HHS
• Will process NPI applications and assign NPIs
• Will store information about enumerated providers
  and apply providers updates
• Will generate reports and statistics

21
Enumerating Existing Providers

• Providers do not have to take any action at this
  time
• May 23, 2005 Providers may begin applying for
  NPIs
• Extremely heavy initial demand
• Covered providers must begin using NPIs in
  standard transactions within 2 years (by May
  23, 2007)

22
Enumerating Existing Providers

• Noncovered providers may apply for NPIs
• Being assigned NPIs does not make them covered
  entities
• There is no statutory or regulatory requirement
  for them to obtain or use NPIs
• We encourage them to obtain and use NPIs
• Health plans are not prohibited from requiring
  enrolled providers who are not covered providers
  to obtain and use NPIs if they are eligible for
  NPIs

23
What Should Covered Entities Be Doing Now?

• Become informed about the NPI and its
  implementation
• Educate staff
• Identify processes/systems that are affected by
  provider identifiers
• Develop implementation plans (internal, external
  with trading partners and others)

24
NPI Information and Guidance

• www.cms.hhs.gov/hipaa/hipaa2
• Analysis of public comments on NPRM
• Link to Final Rule
• Overview of Final Rule
• Frequently Asked Questions
• Check-digit algorithm
• Continuing CMS guidance and outreach activities

25
Security Implementation Where We Are

• Final rule published 2/20/03
• Compliance date 4/20/05
• small health plans 4/20/06
• Mini-security rule in privacy rule
• Risk analysis
• Update policies and procedures
• Educate

26
What Does the Future Hold? More Steps in
Standardization

• HIPAA
• Health Plan Identifier
• Claims Attachments
• Beyond HIPAA
• Electronic Health Records

27
Health Plan Identifier

• Standard format for all Health Plans
• Expect proposed rule later this year

28
Claims Attachments

• Will provide standards for sending claims
  attachments (medical records, lab reports, xrays)
  electronically
• All health plans will be required to support
  these
• Expect proposed rule later this year

29
Electronic Health Records

• Momentum is building
• Significant potential for
• reducing costs
• improving accuracy
• eliminating medical errors
• giving providers tools to improve the delivery of
  health care

30
Electronic Health Records

• DHHS is working with HL7 on concepts for an
  electronic health record
• This, paired with administrative transactions,
  should pave the way for real paperless offices

31
HIPAA What Should You Be Doing?

• Be compliant follow the HIPAA rules
• Keep aware of HIPAA standards on the horizon
• Participate in industry organizations make your
  voice heard
• Participate in standard setting organizations and
  public comment opportunities

32
HIPAA Success How You Can Help

• These standards and efforts will only work for
  you and the industry if you make your business
  needs known
• Be part of making the future happen
• Share your knowledge and experience

33
CMS Education

• National Roundtable Calls/Transcripts
• Regional Conferences
• Website
• Information Papers, Tools, Checklists
• Frequently Asked Questions (FAQs)
• Videos, CDs, Webcasts
• Listserv
• askHIPAA_at_cms.hhs.gov to submit Qs

34
Where to Get Help

• CMS www.cms.gov/hipaa/hipaa2
• HHS http//aspe.hhs.gov/admnsimp/
• OCR www.hhs.gov/ocr/hipaa
• Sharp WG www.SharpWorkGroup.com
• WEDI/SNIP http//snip.wedi.org/
• NIST http//csrc.nist.gov
• Medicare Contractors, State Medicaid Agencies,
  State Associations, Payers

35
CMS Hotline866-282-0659For HIPAA Privacy
QuestionsOCR Hotline 866-627-7748