June 25, 2003
Secretary Tommy G. Thompson
Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Dear Secretary Thompson:
As part of its responsibilities under the Health Insurance Portability and
Accountability Act of 1996 (HIPAA), the National Committee on Vital and Health
Statistics (NCVHS) provides advice to you regarding the Act’s electronic
transactions and code sets provisions. On May 20, 2003, the Subcommittee on
Standards and Security held hearings on the subject of the healthcare
industry’s readiness to comply with the
October 16, 2003 implementation deadline.
Testimony was heard from a number of industry representatives and advisory
bodies, including the American Association for Health Plans, American College
of Physicians, American Hospital Association, Association for Electronic
Healthcare Transactions (AFEHCT), Blue Cross/Blue Shield Association of
America, Gartner Group, Medical Group Management Association, and the Workgroup
on Electronic Data Interchange (WEDi). From these testimonies, as well as from
written statements and letters, the Committee concluded the following:
- There was overall agreement and concern that a substantial segment of the
industry will be unable to comply with the October 16 implementation deadline
for HIPAA’s electronic transactions and code sets provisions. For example,
the most recent Gartner estimates suggest that fewer than 60 percent of
providers were ready for formal testing of claims and remittance advice
transactions with their trading partners as of April 16, 2003. Almost a quarter
of providers with less than a billion dollars in revenue had not heard of any
trading partners being ready to test. According to Gartner, low rates of
external testing of providers, and the number of providers that will need to
test with a clearinghouse or payer, indicate that a significant number of
covered entities may not meet the October deadline.
- There was overall agreement on the causes underlying the industry’s
readiness status:
- Many providers have been concentrating on implementing HIPAA’s
sweeping privacy protection provisions, which went into effect on April 14,
2003. As a result, they are just beginning to focus on the October 16 deadline
for electronic transactions and code sets—even though the deadline is only
several months away.
- Not all payers, providers, clearinghouses and software vendors yet have
made the necessary technical adjustments to successfully electronically
transmit or receive HIPAA-covered transactions.
- Some providers are still in denial; others believe there will be another
deadline extension (as was provided last year in the ASCA legislation); others
believe their noncompliant claims will be accepted after the deadline; and
still others plan to comply by reverting to submitting paper claims.
- Despite the considerable outreach conducted by the Centers for Medicare
& Medicaid Services (CMS), associations, and professional groups, there is
still a vast lack of knowledge about how to implement the nuts and bolts of
HIPAA’s electronic transactions and code sets provisions.
- There was overall concern that plans cannot accept noncompliant claims
without jeopardizing their own compliance status and risking enforcement
action. There was overall agreement in the consequences of the general lack of
industry readiness:
- The major lags in industry testing with trading partners could result in a
testing logjam in September and October. This in turn could cause many in the
industry to miss the October 16 implementation deadline because they still will
be waiting in the testing queue or will not have time to successfully remediate
or retest with trading partners.
- Payers are not equipped to deal with a substantial number of noncompliant
electronic claims, potentially causing many to be rejected. Nor are payers
equipped to deal with an increase of paper claims. Either scenario could
significantly delay payments to providers and their trading partners.
- For a variety of reasons, providers could face significant cash flow
problems as HIPAA implementation proceeds, which would adversely affect their
financial viability.
- Most importantly, cash flow problems among providers could adversely
affect the availability and quality of patient care.
- Despite the diversity of representation of the groups who provided
testimony and letters, there was overall agreement that the Federal government
should permit operational compliance, as opposed to strict technical
compliance, for a limited period of time following the October 16 deadline.
This would allow for the necessary trading partner testing to take place across
the industry, as well as mitigate any potential unintended adverse consequences
to provider cash flow and patient care.
Recommendations
The NCVHS recommends the following:
- Oppose delays. The Committee believes that the October 16, 2003, deadline
should not be extended. It does appear that most covered entities, with the
possible exception of small providers, are making the investment to comply with
this deadline. Extending the implementation deadline once again is unlikely to
motivate the noncompliant providers to take a new deadline seriously, while an
extension will penalize those who have already come into compliance. At some
point, a firm deadline must be imposed and the Committee believes that the
deadline should remain October 16, 2003.
- Provide flexibility in enforcement during a transition period, not to
extend beyond April 16, 2004. The Committee recognizes that HHS has not yet
issued a notice of proposed rulemaking regarding the substance of enforcing
HIPAA’s electronic standards and code sets provisions. However, the
Committee believes HHS enforcement could provide some flexibility by promoting
good faith compliance by covered entities without limiting CMS’ ability to
take enforcement actions against those covered entities that are not taking
steps to comply. During the transition period, a covered entity that is
otherwise compliant would not be considered out of compliance if, for example:
- A payer accepts claims submitted in the HIPAA standard format, but with
only the data elements that the payer requires to adjudicate the claim.
- A payer exchanges transactions with a provider in a pre-existing
non-compliant electronic format.
We further advise the Department to remind covered entities of the necessity
of establishing measurable milestones and developing a firm schedule for
testing and deployment during this transition period.
- Provide additional clarification and guidance on:
- The details of what are considered compliant transactions as well as
recommend best practices on how covered entities can minimize the impact of
imperfect claims. The Committee requests that the Department work with industry
representatives to resolve any ambiguities and uncertainties regarding the
interpretation of the Standards as the transition continues.
- How legacy claims—or those that were in process before October 16,
2003—should be treated. These often require several rounds of handling
before final adjudication can be achieved. As a result, many claims risk not
being paid because they have been in the system for several months and would be
rejected because they would be in a nonstandard format.
- Intensify outreach efforts. The Committee believes that the Department
should further intensify its outreach activities to providers, payers and other
groups. It is imperative that the wide array of providers and payers be
educated about implementation requirements as well as receive technical
assistance. Examples of additional outreach might include the development and
dissemination of an implementation checklist and contingency planning
assistance. Such educational activities also are needed to complement
enforcement activities, especially if the policy goal is to first help bring
covered entities into compliance and then enter into enforcement. We appreciate
the opportunity to advise you on these issues.
Sincerely,
/s/
John Lumpkin, M.D., M.P.H.
Chair, National Committee on Vital and Health Statistics
Cc: HHS Data Council Co-Chairs