June 25, 2003
Secretary Tommy G. Thompson
Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Dear Secretary Thompson:
As part of its responsibilities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the National Committee on Vital and Health Statistics (NCVHS) provides advice to you regarding the Act’s electronic transactions and code sets provisions. On May 20, 2003, the Subcommittee on Standards and Security held hearings on the subject of the healthcare industry’s readiness to comply with the
October 16, 2003 implementation deadline.
Testimony was heard from a number of industry representatives and advisory bodies, including the American Association for Health Plans, American College of Physicians, American Hospital Association, Association for Electronic Healthcare Transactions (AFEHCT), Blue Cross/Blue Shield Association of America, Gartner Group, Medical Group Management Association, and the Workgroup on Electronic Data Interchange (WEDi). From these testimonies, as well as from written statements and letters, the Committee concluded the following:
- There was overall agreement and concern that a substantial segment of the industry will be unable to comply with the October 16 implementation deadline for HIPAA’s electronic transactions and code sets provisions. For example, the most recent Gartner estimates suggest that fewer than 60 percent of providers were ready for formal testing of claims and remittance advice transactions with their trading partners as of April 16, 2003. Almost a quarter of providers with less than a billion dollars in revenue had not heard of any trading partners being ready to test. According to Gartner, low rates of external testing of providers, and the number of providers that will need to test with a clearinghouse or payer, indicate that a significant number of covered entities may not meet the October deadline.
- There was overall agreement on the causes underlying the industry’s readiness status:
- Many providers have been concentrating on implementing HIPAA’s sweeping privacy protection provisions, which went into effect on April 14, 2003. As a result, they are just beginning to focus on the October 16 deadline for electronic transactions and code sets—even though the deadline is only several months away.
- Not all payers, providers, clearinghouses and software vendors yet have made the necessary technical adjustments to successfully electronically transmit or receive HIPAA-covered transactions.
- Some providers are still in denial; others believe there will be another deadline extension (as was provided last year in the ASCA legislation); others believe their noncompliant claims will be accepted after the deadline; and still others plan to comply by reverting to submitting paper claims.
- Despite the considerable outreach conducted by the Centers for Medicare & Medicaid Services (CMS), associations, and professional groups, there is still a vast lack of knowledge about how to implement the nuts and bolts of HIPAA’s electronic transactions and code sets provisions.
- There was overall concern that plans cannot accept noncompliant claims without jeopardizing their own compliance status and risking enforcement action. There was overall agreement in the consequences of the general lack of industry readiness:
- The major lags in industry testing with trading partners could result in a testing logjam in September and October. This in turn could cause many in the industry to miss the October 16 implementation deadline because they still will be waiting in the testing queue or will not have time to successfully remediate or retest with trading partners.
- Payers are not equipped to deal with a substantial number of noncompliant electronic claims, potentially causing many to be rejected. Nor are payers equipped to deal with an increase of paper claims. Either scenario could significantly delay payments to providers and their trading partners.
- For a variety of reasons, providers could face significant cash flow problems as HIPAA implementation proceeds, which would adversely affect their financial viability.
- Most importantly, cash flow problems among providers could adversely affect the availability and quality of patient care.
- Despite the diversity of representation of the groups who provided testimony and letters, there was overall agreement that the Federal government should permit operational compliance, as opposed to strict technical compliance, for a limited period of time following the October 16 deadline. This would allow for the necessary trading partner testing to take place across the industry, as well as mitigate any potential unintended adverse consequences to provider cash flow and patient care.
Recommendations
The NCVHS recommends the following:
- Oppose delays. The Committee believes that the October 16, 2003, deadline should not be extended. It does appear that most covered entities, with the possible exception of small providers, are making the investment to comply with this deadline. Extending the implementation deadline once again is unlikely to motivate the noncompliant providers to take a new deadline seriously, while an extension will penalize those who have already come into compliance. At some point, a firm deadline must be imposed and the Committee believes that the deadline should remain October 16, 2003.
- Provide flexibility in enforcement during a transition period, not to extend beyond April 16, 2004. The Committee recognizes that HHS has not yet issued a notice of proposed rulemaking regarding the substance of enforcing HIPAA’s electronic standards and code sets provisions. However, the Committee believes HHS enforcement could provide some flexibility by promoting good faith compliance by covered entities without limiting CMS’ ability to take enforcement actions against those covered entities that are not taking steps to comply. During the transition period, a covered entity that is otherwise compliant would not be considered out of compliance if, for example:
- A payer accepts claims submitted in the HIPAA standard format, but with only the data elements that the payer requires to adjudicate the claim.
- A payer exchanges transactions with a provider in a pre-existing non-compliant electronic format.
We further advise the Department to remind covered entities of the necessity of establishing measurable milestones and developing a firm schedule for testing and deployment during this transition period.
- Provide additional clarification and guidance on:
- The details of what are considered compliant transactions as well as recommend best practices on how covered entities can minimize the impact of imperfect claims. The Committee requests that the Department work with industry representatives to resolve any ambiguities and uncertainties regarding the interpretation of the Standards as the transition continues.
- How legacy claims—or those that were in process before October 16, 2003—should be treated. These often require several rounds of handling before final adjudication can be achieved. As a result, many claims risk not being paid because they have been in the system for several months and would be rejected because they would be in a nonstandard format.
- Intensify outreach efforts. The Committee believes that the Department should further intensify its outreach activities to providers, payers and other groups. It is imperative that the wide array of providers and payers be educated about implementation requirements as well as receive technical assistance. Examples of additional outreach might include the development and dissemination of an implementation checklist and contingency planning assistance. Such educational activities also are needed to complement enforcement activities, especially if the policy goal is to first help bring covered entities into compliance and then enter into enforcement. We appreciate the opportunity to advise you on these issues.
Sincerely,
/s/
John Lumpkin, M.D., M.P.H.
Chair, National Committee on Vital and Health Statistics
Cc: HHS Data Council Co-Chairs