October 2001
Volume 65 |
Number 10
|
| |
PRACTICE MANAGEMENT
|
| HIPAA
Fundamentals for Anesthesiologists |
Karin Bierstein, J.D.
Assistant Director of Governmental Affairs (Regulatory)
The most important fact that anesthesiologists
should know right now about the Health Insurance Portability and
Accountability Act (HIPAA) of 1996 is that full implementation
of the regulations affecting us will occur no sooner than October
2002 and April 2003. A number of medical organizations are seeking
delays in implementation through Congressional action (American
Medical Association-led coalition) and litigation (e.g., South
Carolina Medical Society).
Anesthesiologists and their administrators
have been told by third-party payers that HIPAA requires immediate
changes in the way claims are filed. First of all, no payer may
reject a claim on HIPAA grounds before October 2002. Nevertheless,
some payers contend that they must use the same medical direction
modifiers as does Medicare and pay 50 percent for the physician’s
service and a separate 50 percent for the nurse anesthetist component.
This is without basis in the law.
HIPAA contains a number of distinct sets
of provisions. Of interest to us is the section on “administrative
simplification,” which requires the Secretary of Health and
Human Services (HHS) to issue: 1) electronic data interchange
standards for health care transactions and 2) standards to protect
patient privacy and confidentiality.
Standardized Transactions and Code Sets
The purpose of the Administrative Simplification section of HIPAA
is to encourage the efficient use of electronic data interchange.
Although the transition to a single set of standards will be costly,
the savings, once all the parties to health care electronic transactions
are using the same information, the same forms, and the same formats,
will be considerable (HHS estimated savings of nearly $30 billion
over 10 years).
The final regulation implementing the administrative
simplification rules adopts specific standards for eight transactions,
including health claims and health care payment and remittance
advice. The standards were developed by the American National
Standards Institute’s (ANSI) X12N subcommittee. The X12 standard
defines subsets of parameters for health claims (837 format) and
health payment remittances (835), among others. Practice Tip:
Many players such as billing companies will claim that they are
already HIPAA compliant. Test their basic knowledge by asking,
“Can you spell ‘X12?’ and ‘837?’”
HIPAA also requires HHS to use code sets
in connection with the transaction standards. The American Medical
Association’s Current Procedural Terminology‘ (CPT-4)
and the International Classification of Diseases (ICD-9) are two
of the recognized code sets. Upon implementation of the HIPAA
rules for electronic health data interchange (October 2002), private
and local codes required by individual carriers will become history.
It is important to remember that the HIPAA standards define maximum
code sets. Carriers may not make up their own codes but nor are
they required to use all of the available code sets, including
the Medicare set containing the medical direction modifiers.
All “Covered Entities,” including
health plans, health clearinghouses (and billing companies) and
health care providers will ultimately have to comply with the
relevant standards and code sets when processing electronic claims
or remittances. Physicians may continue to file paper claims in
any format they wish and transmit the information to clearinghouses
that will translate the information into the approved format.
HIPAA establishes penalties for noncompliance: as much as $100
per claim, which can rapidly add up to tens of thousands of dollars.
Privacy Rules
The HIPAA confidentiality and security or “privacy”
rules require Covered Entities that engage in HIPAA transactions
to protect Individually Identifiable Health Information against
disclosure to unauthorized parties. HIPAA also gives patients
access to their health records. Covered Entities include physicians,
health clearinghouses and health plans; Individually Identifiable
Health Information includes medical records, most significantly.
Anesthesia practices will need to ensure
that health information is not disclosed for nonhealth purposes
(e.g., to employers making personnel decisions or to financial
institutions) without explicit authorization from the patient.
All disclosures must be limited to the minimum necessary. The
“minimum necessary” standards will not apply to disclosure
of medical records for treatment information. They also will be
required to give patients clear written information on how the
practice may use and disclose health information.
Although the HIPAA privacy and security
standards are meant to be flexible and “scalable” to
the size of the practice or other Covered Entity, anesthesiologists
will need to develop written policies and procedures on the following
issues: who has access to protected information, how it will be
used within the practice and when it may be disclosed. They will
be expected to appoint a “privacy officer” who will
ensure that procedures are followed; this individual could be
a practice manager or administrator. They will also need to determine
who their “business associates” under the regulations
might be and take steps to ensure that their business associates
(billing companies, consultants, lawyers, etc.) protect the privacy
of the health information disclosed.
Hospitals will need to adopt rules, and
physicians may have to adapt their behavior to avoid having conversations
or leaving records in places where others may casually overhear
or see protected patient information.
Practices will have until at least April
2003 to ensure their compliance with the privacy and confidentiality
rules. In some states, privacy statutes already protect health
care information much more stringently than will HIPAA, and these
stricter state statutes will preempt HIPAA. Of course, physicians
are accustomed to protecting their patients’ privacy, and
HIPAA may not change their behavior at all. It is, however, worth
beginning to understand the HIPAA rules, if for no other reason
than familiarity with HIPAA may limit anesthesiologists’
vulnerability to incorrect third-party information.
How should anesthesiologists be preparing
for implementation? Download the compliance checklists and
a more extensive discussion of the HIPAA regulations from Volume
1, Number 3 of the e-PM Letter available in November <http://www.asahq.org/washington/newsletters/e-pmletterv1n3.pdf>.
To subscribe to the e-PM Letter distribution list, send
a message with no subject and only the word SUBSCRIBE in the body
to <e-pm-l-request@listserv.asahq.org>.
Make sure that your billing systems will be ready to use the approved
standards, and check that your business staff or vendors are already
testing their system’s HIPAA readiness. You may also want
to find out about your hospital’s progress, particularly
with respect to the privacy rules.
Interventional Pain Study Researchers
Meet With ASA Representatives
Douglas G. Merrill, M.D., Chair of the
Committee on Pain Medicine, and Washington office staff recently
met with researchers from the Medicare Payment Advisory Commission
(MedPAC) and Project HOPE (a health policy think tank) to discuss
interventional pain medicine. Language in the conference report
accompanying last year’s federal budget legislation directed
MedPAC to conduct a study on patient access to interventional
pain therapies, focusing on economic barriers.
ASA shared our data on discrepancies in
overhead payments between physicians with private offices, hospital
outpatient departments and ambulatory surgical centers. We provided
suggestions on ways to improve the development and the quality
of the Local Medical Review Policies (LMRPs) that individual Medicare
carriers use to determine whether given procedures are “medically
necessary” and hence payable. We also urged that MedPAC consider
mechanisms to fund emerging technologies in the context of community-based
Institutional Review Board studies.
The results of the MedPAC study are due
at the end of this year.
If Medicare Has Rejected Your Claims
for Sacroiliac Joint Injection + Fluoroscopy, Resubmit
Medicare began denying claims for fluoroscopic
guidance (CPT code 76005) billed together with a sacroiliac joint
injection (27096) on July 1. This was in error. The July 1 release
of the Correct Coding Initiative (CCI) software inappropriately
“bundled” fluoro with the injection. As we urged in
a recent letter to the CCI contractor, the “edit” that
rejects the fluoro claim has been deleted. The next release, version
7.3 of the CCI tapes, will be loaded on the Medicare carriers’
computers on October 1, minus the erroneous “edit.”
If your claims for these services have been denied, you should
resubmit them to your carrier after October 1.
|
Conference on Practice Management Scheduled
February 1-3, 2002, Phoenix, Arizona
Mark your calendars for the seventh annual ASA Conference
on Practice Management (or at least make a note to watch
your mail and pick up a copy of the conference brochure
at the ASA Resource Center at the Annual Meeting).
New topics will include the HIPAA rules, employing and
managing nurse anesthetists and lessons learned from the
on-site ASA Anesthesia Consultation Program. A panel on
compliance will feature an Assistant U.S. Attorney who has
conducted three successful fraud prosecutions of anesthesiologists.
Attendance will be limited, so please plan to register early.
|
|
Source Material
• HHS Web sites with information on Administrative
Simplification: <http://aspe.hhs.gov/admnsimp/>;
<http://www.hhs.gov/ocr/hipaa>
• Sausser G. Standards for Electronic Transactions
and Code Sets. Washington: American Health Lawyers Association,
2001.
• Christiansen J. Electronic Health Information: Privacy
and Security Compliance Under HIPAA. Washington: American
Health Lawyers Association, 2001.
|
return to top
|