Although the federal government granted the healthcare industry an extra year to comply with the transactions and code set rules mandated under the Health Insurance Portability and Accountability Act (HIPAA), experts say a procedural mess is set to occur on Oct. 16.That's the date for the HIPAA deadline-which originally was set for Oct. 16, 2002-for health plans, providers and clearinghouses to cease processing proprietary transactions and use only standardized transactions that comply with the 1996 law.
The purpose of HIPAA's transaction provisions-known as "administrative simplification"-is to streamline billing, improve eligibility inquiries and referral authorizations, permit standard payment formats to post to accounts receivable systems, and automate claims status inquiries.
Some experts believe that many organizations are unprepared. "A great many payers and providers are still trying to find their way through the thicket of technical requirements, code sets and other regulatory challenges," says John Phelan, Ph.D., and healthcare technology management consultant for Milliman USA, Seattle.
Phelan predicts after Oct. 16, payers may find themselves flooded with telephone calls and paperwork, which may cause a financial breakdown in the $1.5 trillion industry.
Even health plans that are technically compliant are not immune to the problems that are likely to occur, Phelan warns. That's because the regulations are open to interpretation, and organizations have therefore implemented them differently.
Open to interpretation
"HIPAA describes the format of the transmission, but it doesn't really deal with the form of the transmission," Phelan says. "So, in theory, you can even send a diskette and still be HIPAA-compliant."
The security of the transmission is determined by each payer and provider, he adds. "And there are certain optional elements that some payers require and others don't."
For instance, "how is the patient identifier coded? Is it all digits or does it need hyphens?" Phelan says. "There are ways around these issues. It's not a long-term crisis. But all of a sudden, when these new transactions hit, claims may be rejected."
Indeed, Jim Daley, HIPAA program director at Blue Cross Blue Shield of South Carolina, Columbia, S.C., describes how three transaction certification vendors testing the same file issued different results. Some fields in the file passed one vendor's certification, while the same fields failed by another vendor's test, he says.
"We've gotten some really bad files," says Terry Christensen, manager of administrative simplification at Mutual of Omaha. The Omaha, Neb.-based insurer has conducted some transaction testing with its clearinghouse partners.
In fact, some of the worst files have been submitted by the company that accounts for 80% of Mutual of Omaha's electronic transactions, Christensen says. That submitter is encouraging Mutual of Omaha to continue accepting noncompliant transactions for a period of time after Oct. 16.
"The problem is: All of this is open to interpretation. That is true," Christensen says. "But the law does not say, if you interpret things differently, you can accept noncompliant transactions ... In fact, according to the law, after Oct. 16, 2003, it is illegal for me to accept a noncompliant transaction."
Contingency plans
The law is clear: "October 16, 2003 is the deadline for covered entities to comply with HIPAA's electronic and code sets provisions." This is stated in guidance published on July 24 by the Centers for Medicare and Medicaid Services (CMS), the Baltimore, Md.-based governmental body charged with enforcing the law.
But the guidance document goes on to say, "CMS recognizes that transactions often require the participation of two covered entities and that noncompliance by one . . . may put the second (one) in a difficult position. Therefore, during the period following the compliance date, CMS intends to look at both covered entities' good faith efforts to come into compliance.
"CMS will not impose penalties on covered entities that deploy contingencies, in order to ensure the smooth flow of payments, if they have made reasonable and diligent efforts to become compliant-and in the case of health plans, to facilitate compliance of their trading partners."
It's not surprising that CMS is allowing a little wiggle room, sources say. That's because CMS itself is facing the same predicament as health plans with Medicare submitters-many of which are not ready to send HIPAA-compliant transactions by Oct. 16.
With CMS' recent guidance, it's not likely that health plans will be inundated with paper, Blue Cross Blue Shield of South Carolina's Daley says. Still, he adds, "we anticipate there may be some increase in paper, and we are making plans to handle that increased volume."
The insurer also is considering the possibility of accepting noncompliant transactions for a period of time-as is Mutual of Omaha.
"We work with six clearinghouses," Mutual of Omaha's Christensen says. "We don't have a million providers. So we're trying to work with those clearinghouses to say, `If (your transaction) is compliant, send us an 837. If it's noncompliant, send us an NSF or UB-92.' We're trying to pay claims. We want to make it all work." (See "List of Transactions," page 6)
