HIPAA Simplification Compliance Review Now Underway

Sei Unno

Associate Editor

Loyola University Chicago School of Law, JD 2019

The Health Insurance Portability and Accountability Act (HIPAA) and the Patient Protection and Affordable Care Act (ACA) jointly create national standards for electronic transactions, code sets, and unique identifiers. The ACA introduced Administrative Simplification provisions in 2010 and now the Centers for Medicaid and Medicare Services (CMS) has launched a Compliance Review Program to ensure that HIPAA covered entities are abiding by the Administrative Simplification rules.

Selection Process

Starting in April 2019, the Department of Health and Human Services (HHS) will randomly select nine HIPAA-covered entities for Compliance Reviews.The nine HIPAA-covered entities can be chosen from any health plan or clearinghouse, not only those who bill CMS. HHS will be evaluating the chosen HIPAA-covered entities’ compliance with standards for electronic transactions, code sets, and unique identifiers.

Compliance Standards

A transaction is definedas an “electronic exchange of information between two parties to carry out administrative activities related to health care.” HIPAA-covered entities who conduct transactions such as, but not limited to, claims and encounter information, claims status, coordination of benefits, and referrals and authorizations must use an adopted standard from ASC X12N or NCPDP. ASC X12N is charted by the American Standards Institute and establishes electronic data interchange standards. NCPDP creates standards for prescription drug transactions.

Code sets classifymedical diagnoses, procedures, diagnostic tests, treatments, and equipment and supplies. Code sets included in HIPAA regulations include the International Classification of Diseases, 10th edition (ICD-10), Health Care Common Procedure Coding System (HCPCS), Current Procedure Terminology (CPT), Code on Dental Procedures and Nomenclature (CDT), and National Drug Codes (NDC).

HIPAA requires unique identifiers including Health Plan Identifiers (HPIDs), Employer Identification Numbers (EINs) that are issued by the Internal Revenue Service (IRS), and National Provider Identifier (NPI).

CMS’ position is that enforcing the Administrative Simplification requirements is “essential to ensuring the health care community reaps the benefits of standardized transactions and reduced administrative costs.” CMS argues that electronic communications can help ease administrative burdens on health care providers and result in a faster revenue cycle.

Analysis of Compliance

The HIPAA-covered entities will be evaluated by whether they comply with operating rules. The operating rules are required by the ACA and are defined as “the necessary business rules and guidelines for the electronic exchange of  information that are not defined by a standard or its implementation specifications.”

Entities that are found to be noncompliant will be given a chance to correct their issues. However, if the covered entities remain non compliant, they will be subject to enforcement actions.

Assessing Electronic Health Records

Although touted to be a way to reduce administrative burden, transitioning from paper to electronic health records may not reduce this burden as much as promised. Additionally, five studies have found that electronic health record adoption does not translate to a reduction in hospital billing costs. At the same time, however, electronic health records may improve the diagnostic process. As technology continues to become more integral to healthcare delivery, the findings of this CMS review program will provide further data to evaluate whether electronic health records can be improved to reduce administrative burdens and to promote greater quality care.