Broadly, HIPAA originally set out to simplify administrative procedures in the healthcare industry, and mandated the adoption of regulations for privacy, security, unique health identifiers, and electronic transaction and code sets. Yet the very nature of the process for reporting violations of HIPAA Transaction and Code Sets serves only to deter their adoption, therefore making complaints meaningless.
The problem lies in the fact that the complaint-based process for reporting violations does not reflect actual compliance with the standards, and has resulted in misperceptions about standardization implementation. Many within the healthcare industry believe that complaints to CMS are, effectively, meaningless, since an investigation will establish that the insurer is permitted to publish and require compliance with their unique Companion Guide(s). Experience shows that many providers recognize the futility of that effort and simply do not submit complaints.
A further point is that cash flow must be maintained if providers are to remain in business and be available to care for Medicare beneficiaries. Holding claims until a complaint is filed and hypothetically, resolved, would take months without cash flow that the provider cannot afford. Submitting claims on paper pending a complaint and resolution is impractical on its face and prohibited in many cases. Also, accommodating the Companion Guide completely obviates the need and value of the complaint process. This ultimately leads to few complaints, if any.
Lastly, the current complaint process has no “teeth.” If a valid complaint is filed and verified by CMS, the insurer is expected to submit a plan of correction. Whether or not they do, and whether or not they actually complete and implement their plan carries no penalty. Maintaining the pretense of correction seems to be all that is required. In most instances, the provider has long since given up and found a successful “work-around” in order to preserve their cash flow, or has dropped the affected patients and no longer cares about the problem.
The solutions to these issues are straightforward and eminently actionable. The CMS needs to structure an updated system of dealing with complaints, which:
- is more accurately reflective of actual compliance with standards
- ensures that complaints to the CMS have tangible and meaningful results
- allows claims to be processed while a complaint is under investigation
- requires insurers to pay penalties as a result of violations
In the most recent update to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Department of Health and Human Services (HHS) advised that a new version of the HIPAA standards will be set in place beginning on January 1, 2012. This updated version of the standards is referred to as 5010. According to the Centers for Medicare and Medicaid Services (CMS), Version 5010 accommodates the ICD-10 code sets, and has an earlier compliance date than ICD-10, so as to ensure adequate testing time within the industry.
Even as the industry readies for adoption of Version 5010 standards, there is urgent need to revamp the system of HIPAA Transaction and Code Sets, particularly the manner in which complaints are processed. By so doing, the healthcare industry will be equipped to better ensure that the system is more competently reducing waste and fraud, is optimizing efficiency and effectiveness, and is fully protecting the privacy of personal health records.
Randy Roat is the past-president of Healthcare Billing & Management Association. He can be reached at firstname.lastname@example.org.