MGMA asks CMS to enforce HIPAA rules on health insurers
Many health insurers are not complying with the HIPAA transaction rules, and the Centers for Medicare and Medicaid Services needs to become more aggressive in its enforcement, according to the Medical Group Management Association, which represents more than 40,000 medical group practice leaders.
These plans, which include national and regional carriers as well as some government health plans, are telling providers that want to conduct electronic HIPAA transactions that they don’t support the transactions, which is a violation of the HIPAA Act, says Robert Tennant, director of health information technology policy at MGMA.
HIPAA transactions being ignored include electronic claims, claims status, electronic funds transfer, remittance advice and referral authorization, among others. The practice is widespread and a common experience for many group practices, he contends.
“A practice contacts a health plan and gets the runaround or is told the plan currently doesn’t support the transaction,” Tennant says. “Or the plan will steer providers to a web portal rather than using free online transactions and will charge the practice a fee, which is against the law,” Tennant explains.
Absent more aggressive action from CMS, providers don’t have much leverage, Tennant notes. “It’s like filing a complaint about your boss,” he adds. “You can do that, but you’ll always be concerned about retaliation. So you’re hesitant to file a complaint against an insurer or the government.”
Further, government and commercial insurance payers could deny they are the problem and contend the problem lies with the provider’s claims clearinghouse or practice management vendor, which usually is not the case, Tennant says.
And there’s another hurdle for providers who want to conduct electronic transactions. They can fill out an electronic complaint about an insurer to CMS via the HIPAA Administrative Simplification Complaint Form, but that information later could be displayed in a Freedom of Information Act request, which the health plan could access to identify the provider—it could retaliate by then auditing that provider, Tennant contends.
MGMA contends that CMS holds the power to level the playing field regarding HIPAA transaction usage for payers. For example, CMS could audit payers on their adherence to the standards and more aggressively seek to fine them for rules violations.
MGMA’s comments were recently filed in response to a CMS request for information on HIPAA issues.
A CMS spokesperson says the agency it will examine MGMA’s and other comments it received on HIPAA issues in the near future, adding, “We look forward to reading all comments and carefully considering the information we obtain through this public request.”
The HIPAA Administrative Simplification Complaint Form is available here.