Home > Medical
Billing Resource Center > Leveraging HIPAA
Leveraging HIPAA
Is it a Curse or a Blessing?
by
Dr. Jacob Kuriyan
President & CEO
Physmark Inc.
Presented at the
Third Annual Symposium of the Healthcare Sector of Puerto Rico
San Juan, Puerto Rico
February 18, 2004
We have heard all the usual complaints about HIPAA:
there are too many rules and regulations; it is an “unfunded mandate,” it
interferes with the delivery of care; and violators face serious punishment.
HIPAA privacy rules are being respected. But the adoption of HIPAA’s
uniform standards for electronic communications has taken a different
turn.
Many healthcare organizations grit their teeth and at considerable
expense, complied with the uniform EDI standards only to hear the
confusing announcement that Medicare is delaying enforcement of the
law. It was confusing because CMS’s pronouncement did not include
any reference to the rest of the healthcare industry and all of them
- Medicaid, commercial HMOs and insurers, hospitals and physicians – have
assumed that they are also exempt from HIPAA rules. Because of this
inaction, we have an extraordinary situation: healthcare organizations
are cursed with supporting both old and new formats, doubling their
overhead.
Little Known facts about HIPAA legislation on Electronic Communication
Why did CMS-Medicare come to play such an important role in HIPAA? Why was the decision to “delay” made at such a late date? How can a statutory law not be enforced without legislative modification? To get a better understanding we need to look at HIPAA’s history.
The U.S. Senate was concerned about the lack of “portability” of health insurance when workers changed their jobs and identified the need for privacy as a central issue, to protect sensitive health information from being used to deny insurance coverage. Meanwhile, the House was trying to deal with “accountability”, a bureaucratic term to describe increasing efficiency in commerce and eliminating fraud and abuse. These two different pieces of legislation became unified as PL – 104-191, what is known as HIPAA regulation.
In the debates leading to the passage of PL- 104-191 members of Congress stated clearly that HIPAA did not require everyone to use electronic communications. Only those who chose to communicate electronically were required to follow the uniform format. In other words, HIPAA did not preclude providers from submitting paper-based claims. Here is an excerpt from the Congressional Record:
CLARIFICATION OF THE HEALTH INFORMATION PORTABILITY AND ACCOUNTABILITY
ACT -- HON. DAVID L. HOBSON (Excerpt from the Extension of Remarks
- October 23, 1997)
Providers are given the option of whether to conduct the transactions
electronically or `on paper' but if they elect to conduct them electronically,
they must use the standards agreed upon through the law. Payers are
required to accept these transmissions in the standard format in which
they are sent and must not delay a transaction or adversely affect
a provider who wants to conduct the transactions electronically.
As the October 2002 deadline approached, it was clear that most
organizations would not be ready to meet HIPAA’s uniform standards of electronic
communications, and an appeal was made to HHS to extend the date of
compliance. Secretary Thompson, in a statement made during legislative
hearings, stated that because this was a statute, the only way to exempt
enforcement was to pass another law to supercede the prior one.
Facing industry wide objections, Congress obliged and passed the Administrative Simplification Compliance Act (PL 107-105), which essentially allowed healthcare entities to file for a one-year “extension” to comply with HIPAA, in much the same way as we obtain a tax filing extension from the IRS.
For reasons that are not clear, Congress also added something new: a requirement forcing all providers to submit their claims electronically to Medicare, and imposing a penalty on those who submitted paper claims after the compliance date. Even though this was a surprise, and violated the original intent of legislators like Rep. Dobson who promoted HIPAA, providers did not object to the new condition imposed by Medicare and it became part of HIPAA compliance.
To forestall more industry tumult, the Office of Inspector General surveyed healthplans, Medicaid organizations and providers in early 2003 to understand their preparedness and to issue warnings to those who are unlikely to meet the new compliance date of October 2003. While a few states were warned about their inadequate preparations to get their Medicaid systems ready, the survey published in April 2003 concluded that over 90% of healthplans and providers felt that they would easily meet HIPAA’s new deadline.
When the deadline approached scarcely six months later, it became evident that less than 30% of providers and healthplans were ready. How could the OIG survey be that far off the mark? How could healthplans and providers so badly misjudge their target dates for making their systems compliant? Perhaps many of them assumed that their business associates, software vendors or their clearinghouses, would address their compliance issues and the OIG survey may not have included such business associates. Many organizations decided to follow the advice of consultants and develop expensive remediations to their legacy systems and it is likely that their developments did not meet their planned schedules. Whatever the case, the fact that healthcare organizations will not be ready was a surprise to the Government. Absent an investigation by the OIG, we will never know why this happened.
With the imminent deadline, CMS-Medicare found itself in a tough situation. If it enforced HIPAA, then it would have to fine all providers who submitted paper claims or HIPAA non-compliant transactions to Medicare. And if providers are fined, a physician revolt was likely to follow. In hindsight with the new Medicare bill under consideration in the Congress, this would have been an unacceptable development. It is not surprising that Medicare decided not to enforce that section of the law.
But can a statute be invalidated by executive order? Not according to Secretary Thompson’s testimony. Yet it is. Lawyers who have been scaring us for the last many years will now have an opportunity to put their skills to test and force the government to enforce the law. But it doesn’t look like there are many people eager to do this.
At the recent HIAA-AAHP conference one of the speakers wondered why the Blues are not challenging this delay in enforcement. The answer may be in the fact that not all the Blues may be fully compliant – yet.
Unintended Consequences
HIPAA’s privacy rules have severely affected provider operations. Doctors cannot easily discuss their patient problems except in specially designated areas where their conversations cannot be overheard. According to HIPAA, requests on the status of a patient can only be made by those authorized by the patient. Based on what is reported, this has inconvenienced relatives, pastors, rabbis and friends.
Portability is also becoming an empty promise. Chronically ill patients face unaffordable increases in their premiums, effectively denying them coverage. Brokers and agents seem to discover when an enrollee has a severe illness like an organ failure and employers are threatened with huge increases in premium – even when those expenses may occur only in the future. Small employers are tempted to withdraw coverage, defeating the central goal of HIPAA.
When HIPAA regulations asserted that millions of dollars
would be saved, a qualifying statement was missing: the savings is
for the “entire
healthcare system” and every healthcare entity will not see a
saving when complying with HIPAA. In complying with HIPAA’s uniform
standards in electronic communications, providers bear the brunt of
the cost. There is no visible savings for providers. Payers, on the
other hand, stand to benefit most because there is less paper handling
and more automation.
HIPAA Disappointments
Probably the single greatest disappointment is the wide disparity in the CBO-OMB estimate for HIPAA compliance as published in the regulations and the actual costs incurred by CMS for Medicaid compliance in the 50 states. Revisiting these estimates it is clear that CBO-OMB expected a competitive bidding process to lower the cost for compliance. They also assumed that the lessons learned when a “system” was fixed would be applied to the next situation, reducing the time and effort needed for subsequent corrections.
In obtaining federal funds, federal financial participation laws state that all bids in excess of $1 million must be open to competitive bidding. That is probably why CBO-OMB expected competitive bidding. Unfortunately, CMS decided to award these on a sole source basis to the state’s Medicaid fiscal intermediary agents by classifying it as a “change to an existing work order” which does not trigger a “request for proposal.” Fiscal agent intermediaries seized on this opportunity and created “one of a kind” solutions, billing CMS about $20 million for each. This is how absurd it was: one company that serviced eight states using a single time-shared solution charged $25 million to each state to provide a “HIPAA fix” for them. Over $1 billion was expended when the CBO-OMB estimate was $50 million.
There was no separate appropriation for these HIPAA IT expenses. So this excess spending resulted in proportionately less funds available for delivering of healthcare. Why is there an unseemly hurry to reduce payments to oncologists for dispensing complex chemotherapy drugs? The savings could be $700 million and could offset excessive IT expenditures. My state of New Mexico spent over $20 million extravagantly and with federal matching funds that amounts to a loss of almost $50 million in money available for healthcare delivery. Guess what? New Mexico is now trying to tax healthplans, providers and nursing homes to raise about $50 million.
In hindsight, CBO-OMB should have insisted that state Medicaid agencies offer an explanation to CMS if the costs exceeded $1 million and CMS offer an explanation when their awards were in excess of that amount. Laws are in place to prevent such unlawful enrichment by vendors but CMS seems loath to enforce them. Sadly, it is the poor and the needy who will be most affected.
The uncertainty in the enforcement of HIPAA is making it appear that the rule breakers can escape punishment while those who obeyed the law must incur more costs to accommodate both old and new rules. Organizations that are still in denial have no reason to change their course and ultimately, enforcing HIPAA will become infinitely more difficult.
How Can HIPAA Be a blessing?
HIPAA Advantages
Some of HIPAA’s advantages are obvious. Privacy helps patients. Even though there are still cases of discrimination based on health factors, with time these will lessen, especially if HIPAA privacy violations are punished. Assigning a single ID for providers will certainly minimize fraud and abuse. It will be easier to track and follow the “bad” providers, even across state lines. Providers can no longer hide behind multiple IDs. Their profile will be available in one place and hopefully this will eliminate the egregious violations of over-prescribing narcotics and pain-killers.
Uniform format for transactions will eliminate the need for custom interfaces in electronic communications and reduce overall costs in claims processing, especially for payers. Providers will actually find their costs increasing and HIPAA becomes a “non profit” activity.
But if HIPAA is viewed as an agent of change, as an opportunity to take advantage of modern software technologies and to change the way business is conducted, then the resulting transformation can yield lowered operating costs and increased efficiency, yielding a fair return on HIPAA investments.
HIPAA’s Driving Factors
HIPAA imposes uniform standards for claims (837 D/P/I), payments (835) and enrollment (834) transactions. Every payer system must be ready to receive and transmit these standard transactions. Most provider systems will be ready to transmit claims while some may even accept enrollment and payment transactions.
No longer is there a need to build expensive interfaces to transfer claims or enrollment data. A HIPAA compliant system will be able to export and import these transactions in a standard format. Ease of data transfer and consolidation of data from diverse sources are the central features derived from HIPAA’s standards.
In the following we can examine how HIPAA can benefit providers, payers, self-insured companies, TPAs, drug distributors and vendors providing hosted services.
HIPAA Helps Providers
One of the biggest challenges that providers face is
in reconciling payments against bills submitted to payers. This area
of business is
called “revenue cycle management” and includes the following
tasks:
· Billing correctly, to reflect the range of services delivered;
· Because contracts with payers vary, discounts are never the same and
making the correct contractual adjustment is critically important.
· Reconciling payments against the discounted invoices to catch any shortages
· Rebilling when appropriate
Because of HIPAA, off-loading of such responsibilities is possible and many new companies are offering revenue cycle management services to providers. To take advantage of these services, no changes are required to the provider system.
Hospitals are the ones that can benefit most from this service. Our audit of one hospital discovered almost $2 million in charges that were eligible for rebilling in a six-month period.
HIPAA Helps Payers
Many payer systems rely on an external clearinghouse to accept and transmit HIPAA compliant data. Their legacy systems almost always use a proprietary data format that is difficult to interface with external systems.
If a payer builds HIPAA compliance into their system (by using a front-end
system to handle HIPAA transactions) then besides saving on the cost
of using a clearinghouse, they could derive some additional benefits,
such as:
· Internet enabled inquiries that can reduce help-desk staffing
· Web enrollment that can reduce errors and eliminate paper usage.
· Data mining to analyze medical costs and help find solutions to reduce
them
HIPAA Helps Self-Insured Groups
Self-insured companies use TPAs to administer the delivery of care. TPA systems are generally poor and prone to mistakes. When eligibility changes it takes a while before the change is recorded in the system and so ineligible people receive care. Duplicate and over-payments are also very common in TPA systems because their systems are unable to identify them. Because their administration is rarely monitored, these mistakes are never caught or corrected.
Even without eliminating TPA services self-insured
groups can take advantage of HIPAA’s uniform transactions and
lower costs by off-loading data to a smaller system that can:
· Make sure that eligibility is current and correct by using web enrollment
and web access to benefits
· Ensure that payments are correct and according to the contract with
providers
· Help in analyzing claims data and comparing with benchmark data.
HIPAA Helps TPAs
TPAs are known to have very poor systems. Many of them require a great deal of manual input during processing. Most TPAs pay on demand because arguing only increases their cost of doing business! Buying a new replacement system is not a financially viable option.
A front-end HIPAA compliant solution can address many of these problems
without the TPA making changes to their current system. A TPA can:
· Make sure payments are accurate
· Report on trends and cost increases
· Catch out-of-network services and enlarge network to reduce future
costs
· Provide custom reports for each employer
HIPAA Helps Drug Distribution
The example here is of a drug distributor who sells directly to patients in an assisted living or nursing home facility. The sales are in very large volumes and there are many discount arrangements. The industry consensus is that about 3% of shortages go undetected.
Off loading claims and payment data with the contract information will help catch these shortages. Again, this can be a front-end system that accepts the various HIPAA transactions (in this case NCPDP) and reconciles payments against invoices. This is an example of revenue cycle management for drug delivery companies.
HIPAA Encourages ASP Services
Vendors benefit enormously because HIPAA standards allow new companies to compete in the healthcare market. Offshore companies have now become a staple for very large organizations like Humana, Aetna and United Healthcare. Companies like Perot Systems and IBM are using offshore workers to carry out tasks at much lower cost. Health systems are finding out that by off-loading these responsibilities they can focus on what they do best – providing care for patients. The savings in IT can now be used to hire more nurses or buy better diagnostic systems.
Case Study: Hospital As A Self-Insured Company
A hospital with about 7,000 employees and dependents was spending almost $70,000 a month in TPA services. Its healthcare costs were rising and the TPA was unable to identify reasons.
In bringing the system in-house, the cost of the system was paid off in 4 months. To administer the care, the hospital invited its attending physicians to form an authorization and peer review committee. The hospital also assigned the 7000 enrollees to the primary care doctors in their attending physician group and agreed to pay them on a fee for service group.
The doctors loved it. They suddenly found an extra 7,000 patients paying reasonable amounts for their care. Also, since their peers managed the delivery of care, they did not have to deal with the usual financial managers and accountants, as they are expected to do when they are in managed care. This was medicine as it used to be practiced, except with some friendly “management.” Physician loyalty to the hospital increased dramatically. That also meant physician referrals to the hospital increased proportionately.
The Result: The hospital’s outlay for the cost of healthcare was reduced. Doctors were ecstatic and increased their referrals to the hospital. Hospital revenues increased because of these extra referrals, a tangible sign of physician loyalty. Patients received much better care.
Case Study: State Employees As Self-Insured
A state with 170,000 enrollees (total of employees, retirees and their dependents) installed a front-end system to supplement their TPA service. Their intention was to remedy TPA problems first and then focus on their prime interest -- how best to reduce medical costs.
With 17 systems feeding eligibility data, they knew that their enrollment information was never current or correct. That usually means ineligible persons can get care and increase the state’s healthcare delivery costs. Web enrollment was the solution that addressed this problem directly. With a single consolidated database, eligibility was correct and current.
The next challenge was to make sure that the TPA is not over-paying providers. This was easily addressed because the in-house system can reconcile payments against charges and spot mistakes immediately.
The last part of their project is a work in progress. Their idea is to mine their claims data to understand where the money is going and by using comparative benchmarks, spot anomalous patterns of expenditure. Once these are identified, the state plans to use clinicians, financial administrators and actuaries to sort out possible solutions. In most cases there will be small segment of the population consuming most of the resources. Disease management and other preventive protocols will be used to reduce risk and utilization.
Because the TPA continues to administer the delivery of care, there is no disruption in the business operations. By introducing corrections in phases, changes are minimal, again avoiding business disruptions. Because they are not taking on time critical tasks, time pressure is minimal and they can focus on topics of interest to them: analysis of data, capturing trends and fashioning appropriate solutions.
Conclusion
Healthcare is an industry that defies uniformity and worships diversity. But as healthcare becomes less affordable, the industry is attracting scrutiny. “That’s the way it is,” is no longer a justification for arcane business practices. As consumers start feeling the pinch, the old, “Don’t worry. Insurance will pay,” is not an adequate explanation for a large billed amount. People who consume much of these resources will also be scrutinized carefully and their lack of cooperation in adhering to treatment protocols may even result in penalties.
HIPAA is the first shot across the bow to try and tame the buccaneering spirit of healthcare organizations, to bring standards into play and make a healthcare transaction transparent to everyone.
This article
is property of Physmark, Inc.
http://www.Physmark.com -
Contact: Don Pierson 972-231-8000
