The U.S. Health Care Financing Administration (HCFA) made public last week the final standards for electronic health care transactions, and for code sets to be used in standard transactions. Health plans, health care clearinghouses and health care providers who make electronic transactions will be required to
use these standards beginning October 2002. The final rules are available at
index.htm and in this Vidyya. They should appear in the Federal Register next week.
The final rules are at the heart of the administrative simplification
provisions of the Health Insurance Portability and Accountability Act of
1996, or HIPAA. These provisions are intended to create a standard format
for electronic data interchange among providers and payers and their
intermediaries. HCFA estimates that there are about 400 proprietary formats
in use for electronic health care data exchanges in the US. The goal of
national standards is to save costs by simplifying the administration of
electronic health care transactions.
The transaction standards have been among the least controversial of
HIPAA’s proposed regulations, and they are the first to be finalized. They
start the clock running on HIPAA compliance—by October 2002 health plans,
providers and health care clearinghouses will have to use prescribed
standards and code sets in electronic transactions, including purely internal
transactions. However, covered entities will be permitted to use health care
clearinghouses or other intermediaries to conduct transactions, and
clearinghouses will be permitted to receive and transmit nonstandard
transactions when acting on behalf of other covered entities. Private
arrangements among covered entities that would have the effect of changing or
supplementing the standards will be prohibited.
Health plans are subject to additional standards. They will be required to
conduct electronic claims transactions in standard format with any person
wishing to do so. This entails an obligation both to accept standard
transactions, and to process them promptly. Health plans may not offer
providers incentives to use direct data entry. Small health plans—those with
less than $5 million in annual receipts—will have an additional year to come
Other standards have been proposed to protect the privacy and security of
electronic data, and to establish national identifiers, but they are still
under review. The proposed privacy regulations, in particular, have prompted
a record number of public comments.
(Standards for Privacy of Individually Identifiable Health Information; Proposed Rule, 64 Fed. Reg. 59918 (Nov. 3, 1999); corrections to the Proposed Rule were published in 65 Fed. Reg. 427 (Jan. 5, 2000).
Standard Transactions. The regulations establish standards for the following
Health claims or equivalent encounter information
Eligibility for a health plan
Referral certification and authorization
Health care claim status
Enrollment and disenrollment in a health plan
Health care payment and remittance advice
Health plan premium payments
Coordination of benefits.
Health plans and clearinghouses will have to comply with all of these
standards; health care providers are affected by the first four only. HCFA
plans to publish a separate rule setting standards for first report of injury.
The transaction standards for pharmacy are the National Council for
Prescription Drug Programs’ Telecommunications Standard and Batch Transaction
Standard. For other transactions, the standards are the ASC X12N standards
published by the Washington Publishing Company. Implementation guidelines
for the pharmacy standards are available at http://www.ncpdp.org/hipaa.htm and
for the dental, professional and institutional standards at http://www.wpc-edi.com/hipaa
Code sets. The final rules require health plans, health care clearinghouses
and providers to use prescribed diagnostic and procedure codes on electronic
transactions. The principal code sets are—
- ICD-9-CM: International Classification of Diseases, Ninth Revision,
Clinical Modification, which classifies both diagnoses (Volumes 1 & 2) and
procedures (Volume 3). It is used by hospitals and ambulatory care providers.
- CPT-4: Physician Current Procedural Terminology, which is used by
- HCPCS: The Health Care Financing Administration’s Procedure Coding System,
which contains codes for medical supplies and equipment, injectable drugs,
transportation services, and other services not found in CPT-4.
- The Code on Dental Procedures and Nomenclature, maintained by the American
Dental Association, which is used for reporting dental services.
- NDC: National Drug Codes, which are used for reporting prescription drugs
in pharmacy transactions and some claims by health claim professionals.
Organizations that are covered by HIPAA would be
wise not to wait until the eleventh hour to begin addressing the regulations.
There is much to do in relatively little time. DHHS intends to finalize the
privacy and security regulations this year—a schedule that would require
full-scale HIPAA compliance around the end of 2002. The direction of the
regulations is clear enough to permit covered entities to begin now assessing
their health data technology, and identifying potential compliance gaps.
Many are already doing this.
A common first step is to form a multi-disciplinary HIPAA team to plan the
assessment and compliance project. The proposed mandate to protect health
data in every aspect of operations, as well as in dealings with business
partners, suggests that the HIPAA team should be broadly based, and sponsored
at the highest levels of the organization. Outside assistance should be
brought in as appropriate, and technology and other vendors should be