• Site Map
• Contact
• Help

• Login
• Residents
• About Us
• Career Center
• Patient Info
• Media Room
• My Profile
• Jobs at ACR

Useful Links

HIPAA Transactions and Code Sets: The Next Challenge

No health care law in recent times has generated more controversy—or more regulations—than the Health Insurance Portability and Accountability Act of 1996. The HIPAA statute has reshaped virtually the entire health care landscape since 1996, changing how citizens carry insurance between jobs and federalizing citizens'' privacy and confidentiality rights to their health information. HIPAA''s privacy and security rules have affected radiology because the fast-paced advances in imaging technology must adjust to new limits on communicating and safeguarding patient information.

A lesser known HIPAA rule, under the Administrative Simplification umbrella, mandates developing standards and requirements to facilitate the electronic exchange of certain health information. On Oct. 16, 2003, the Centers for Medicare and Medicaid Services will begin enforcing regulations that require physicians as covered entities to incorporate into their electronic billing and coding systems specific data transactions standards and code sets. Although these regulations lack the notoriety of the privacy rules, they likely will play as critical a role for ACR members and their business staffs when it comes to handling the vital information flow among patients, clinicians and payers.

Physicians, vendors and payers in the United States are struggling to implement and test the new data elements. A government-appointed workgroup told the Department of Health and Human Services that the consequences of noncompliance by the Oct. 16 deadline could be severe, ranging from payer rejection of nonstandard electronic transactions to disruption of payments to physicians. Some practices may even have to do business temporarily by paper, although CMS admits that would be a last resort. Last spring, the Oklahoma Medicaid program caused confusion and payment delays when it announced it wanted physicians and payers to test their systems with the new data standards. Many observers have compared these challenges and the imminent deadline to a train wreck. This article will outline a strategy for staying clear of the tracks.

What You Need to Know

The government believes the transactions and code sets rules will reduce the multiple, nonstandard data formats that have prevented the health care industry from operating more cost-efficiently. CMS devised standards for eight electronic transactions and six code sets. The key transactions for radiology include:

• Health care claims or equivalent encounter information
• Health care payment and remittance advice
• Health care claim status

The significant code sets are:

• Diagnostic codes (ICD-9-CM, Volumes 1 and 2)
• Procedural codes for services (CPT-4, HCPCS)

ACR members and their staffs already use ICD-9 and CPT-4/HCPCS codes, so they should be compliant with the mandatory code sets.

Why should ACR members and their staffs care about yet another set of HIPAA rules? There are three primary reasons. First, implementing the transactions and code sets rules should keep funds moving through your practice. Practices that fail to submit standardized claims will not receive reimbursement from Medicare or private third-party payers; the rules do not exempt non-Medicare payers. Second, the transactions rules could achieve operational efficiencies. A practice can do business more smoothly if it, a payer and a billing/coding software vendor all speak the same language. Last but not least, following the rules will enable you to avoid the civil penalties that CMS plans to impose on noncompliant offenders. Fines will start at $100 per violation and can escalate up to $25,000 per year. Although compliance will not guarantee remaining audit-free, a practice that invests time and resources in meeting its HIPAA obligations will be well prepared to respond to any future CMS inquiry.

Where to Begin

How should you prepare for Oct. 16 and beyond? The CMS Web site provides more information on what the rules require and what you must do; go to www.cms.hhs.gov, click on HIPAA and then HIPPA Administrative Simplification. For a useful outline of basic action items, go one step further and click on Steps Toward HIPAA Compliance.

Any winning strategy for dealing with a government regulation, especially a HIPAA rule, should start with a gap assessment. Your practice should review its business operations and assess which electronic transactions apply to you and the risk areas you must manage.

Next you must contact your software vendors, billing services and other HIPAA partners who receive patient health information electronically and ask them about their compliance efforts. Inquire about their timetable for meeting the Oct. 16 deadline. Will they be changing their products or services and at what cost? When will you be able to test any software revisions? Testing the compliance of others is the most important step. CMS urges physicians to check their partners'' transactions and use of code sets. For example, has your group established error messages if the data elements sent by others are noncompliant? Have you developed procedures to handle noncompliant transactions? CMS will treat more favorably those practices that demonstrate that they consistently test systems with their partners.

Another key step in dealing with a HIPAA rule involves arranging contingency plans. You should expect the unexpected in a new environment where the language is changing. The government has announced it will not impose penalties on physicians and others who activate contingencies to ensure payments occur smoothly. For example, assume you are compliant with the HIPAA transaction on claims-related information but one of your primary payers, a commercial health plan, is not. One contingency would be to have the health plan use a clearinghouse to convert standard, HIPAA-compliant transactions received from your group to its nonstandard format. Conversely, the health plan would use the clearinghouse to switch its outgoing nonstandard format transactions into a standard format and content. This may not be the ideal solution for your practice, but it is preferable to gambling on the bet that all your business partners will be 100 percent ready on Oct. 16. A viable contingency plan can keep your practice compliant and running as smoothly as possible.

Questions and Answers

The following questions about the HIPAA transactions and code sets rules have surfaced in recent government-industry teleconferences. The answers reveal that while HHS will work with industry in achieving voluntary compliance, it also will exercise its sanctions authority to correct violators.

Q: What are the major goals of the HIPAA transactions and code sets standards?

• A: CMS wants payers to keep paying claims after Oct. 16.
• CMS wants covered entities to become and remain compliant.
• Covered entities should test, test, test.

Q: What if my group has problems with Medicare or Medicaid claims processing?
A: Notify the appropriate CMS regional office. The CMS Web site lists regional offices.

Q: How can my group qualify for the small provider exemption?
A: Last year, Congress enacted a law that prohibits Medicare from paying claims submitted on paper after Oct. 16, 2003, with limited exceptions. One key exception involves a small provider, which is a physician, practitioner, facility or supplier with fewer than 10 full-time equivalent employees. If you fit into this category, you may continue to submit claims by paper.

Q: Will CMS accept so-called "legacy" claims with noncompliant data elements?
A: Perhaps. CMS will decide by Sept. 25 whether Medicare will accept and send transactions in the existing legacy formats and those that comply with the transactions standards. If it opts to allow such flexibility, Medicare would encourage physicians and their health plan partners to become totally compliant. Since many physician groups and their partners probably will not be totally compliant by the deadline, they may have to send legacy claims to Medicare.

Q: Will CMS immediately target my group even if it makes a good faith effort to comply?
A: No. CMS understands physicians and others need time to comply. The agency welcomes good faith efforts before Oct. 16. For ACR members and staffs, that means interacting with vendors, payers and any applicable clearinghouse. After the deadline passes, CMS expects practices to follow the rules but will encourage voluntary compliance. Staff constraints will force the government to use a complaint-driven approach to enforce the standards. The law does not allow CMS to fine physicians if failure to comply is based on reasonable cause and not willful neglect. Practices will have 30 days, and possibly longer, to comply depending on the extent of their problems; however, practices must demonstrate ongoing attempts to meet the standards. CMS has said it will fine those that only try once and then revert to noncompliant standards.

The government will not extend the Oct. 16 deadline despite overwhelming requests. Therefore, your practice must follow the above steps to become as compliant as possible. Talk with your in-house or external billing service and your payers'' provider representatives. Conduct frequent and thorough systems testing. Develop alternative options to ensure continued cash flow and operations in case one or more of your partners cannot accept or send compliant data.

Use the CMS and private sector resources to follow a sensible game plan for implementing the relevant transactions and codes. Finally, be patient with your own practice and your partners; communicate openly and set realistic expectations. This latest chapter of HIPAA is yet another regulatory work in progress. The ACR will provide updates and guidance as the implementation phase unfolds.