Michael Levin-Epstein
Washington Watch

HMOs may delay compliance with HIPAA electronic transactions and code reporting requirements for one year under legislation passed by Congress late last year. However, the new law doesn't affect information privacy requirements slated to take effect in 2003. If health plans want to forge ahead with compliance, federal regulators aren't going to object one single bit.

President Bush signed the Administrative Simplification Compliance Act (ASCA) into law Dec. 27.

The act requires that, by Oct. 16, 2002, health plans and hospitals must either be in compliance with the electronic transactions and code set standards under the Health Insurance Portability and Accountability Act, or submit a summary plan to the secretary of health and human services describing how they'll come into full compliance with the standards by Oct. 16, 2003.

However, HHS does not have to approve the summary plan. Under the law, the secretary has discretion to impose a new penalty — exclusion from the Medicare program — on any entity that isn't fully compliant or that doesn't submit a compliance plan by this October's deadline.

In the original legislation, the Medicare program exclusion was a mandatory penalty; hospitals and health plans argued that it should be left to the discretion of the secretary.

Bottom line on compliance

The law doesn't affect what hospitals and health plans are being required to do — only the schedule for compliance. "The new law keeps us on track to realize the cost savings of the original administrative simplifications provisions enacted into law in 1996," says Republican David Hobson of Ohio, sponsor of the legislation.

Hobson says the landmark HIPAA legislation includes a series of administrative simplification provisions to streamline the processing of medical information and financial transactions. By standardizing information for electronic transmission, "the law is expected to reduce paperwork, fraud and abuse, and help contain health care costs."

Hobson explains the reason for the delay: "Some sectors of the health industry and state governments said they needed extra time to make the changes necessary to be compliant.

"Smaller health care providers and state governments now will have the additional time needed to upgrade their information technology for the new processing system, while those entities ready to realize the savings now can move forward."

Bush's action is "a good example of the federal government being able to help bring about real improvements in our health care system," Hobson contends. "The government has put together a workable solution to bring savings, simplification, and uniformity to a fragmented marketplace."

The bill also authorizes $44.2 million for HHS to adopt additional HIPAA standards and to provide technical assistance, education, and outreach to the health care industry.

A spokesman for the Centers for Medicare and Medicaid Services (CMS, formerly HCFA) says no decisions have been made yet as to how those assistance and education programs will operate.

Congress encourages covered entities that "reasonably can become compliant with the transactions standards" by the 2002 deadline to "continue their compliance efforts already underway."

In addition, Congress encourages HHS to "not penalize a compliant entity that must send noncompliant transactions because their trading partners have filed for the extension" — explicitly identifying that as "good cause" for noncompliance with the transactions and code sets requirement under Section 1176(3) of HIPAA.

Technology gap

The new law doesn't affect the April 14, 2003, deadline for complying with the medical privacy requirements. Instead, providers (including hospitals and health care clearinghouses) that transmit electronically any protected health information in connection with a transaction between April 14, 2003, and Oct. 16, 2003 must comply with the privacy standards — even if their electronic transactions are not conducted in HIPAA-standard formats during this period.

Margaret Trudel, director of the HIPAA project staff at CMS, says that the extension was prompted by the concerns of several provider and health plan groups that said they could do a better job of complying with the requirements if they received more time.

Congress responded to those concerns, Trudel says, adding that the change also may provide some benefits to the agency.

"We're viewing this as extra testing time that can be very useful for our provider community," she says. CMS is moving ahead with putting Medicare fee-for-service transactions into the electronic reporting system "pretty much on the same schedule," she says.

The Health Insurance Association of America favored the extension. "We think the time frames that were set were unrealistic — probably impossible to meet for some people," says Joe Luchok, a HIAA spokesman. "I think that the effect on health plans is that they have time to take a breath, and have time to implement procedures that will work — that they don't have to rush."

That doesn't mean, Luchok adds, that all the concerns by health care plans about the program — and certainly not about the privacy regulations — have been resolved.

"It doesn't mean that we will not have concerns as the process continues," he comments.

Dan Boston, vice president of legislative affairs for the Federation of American Hospitals, believes most hospitals were ready to meet the requirements, and that the delay was largely to accommodate state Medicaid programs and the Blues.

However, some Medicaid managed care plans and some small hospitals also might not have had the technological capacity to get their electronic transactions into compliance in time, Boston says. "It could be that the delay will help some hospitals be even more prepared. The feedback we got was this was driven largely by different Blues plans."

Overall, Boston says, "This merely gives providers the opportunity to apply for one-year extensions, should they want to apply."

However, he notes, what he regards as "the major meat" of the HIPAA privacy regulations "has yet to go into effect, and has yet to be finalized."

Like other representatives of hospitals and health plans, the federation remains concerned about the privacy provisions that take effect in 2003. "We have been pushing the administration to finalize privacy rules for the last couple of years," says Boston.

He says that administration officials had indicated that those rules would probably be coming out at the end of last year, but now they're looking at this month [January] or next. "It's really in the administration's court," he says.

Some members of Congress also have indicated they don't want the delay to be seen as a retreat from implementing the HIPAA provisions.

For example, Democratic Rep. Tom Udall of New Mexico, before the vote on HR 3323, voiced his concerns "over the fact that some plans, providers, and other types of companies affected by the HIPAA rules" have gone to great lengths to be compliant with the original deadline, and "now stand to face financial losses as a result of the delay."

Michael Levin-Epstein

Managed Care’s Top Ten Articles of 2016

There’s a lot more going on in health care than mergers (Aetna-Humana, Anthem-Cigna) creating huge players. Hundreds of insurers operate in 50 different states. Self-insured employers, ACA public exchanges, Medicare Advantage, and Medicaid managed care plans crowd an increasingly complex market.

Major health care players are determined to make health information exchanges (HIEs) work. The push toward value-based payment alone almost guarantees that HIEs will be tweaked, poked, prodded, and overhauled until they deliver on their promise. The goal: straight talk from and among tech systems.

They bring a different mindset. They’re willing to work in teams and focus on the sort of evidence-based medicine that can guide health care’s transformation into a system based on value. One question: How well will this new generation of data-driven MDs deal with patients?

The surge of new MS treatments have been for the relapsing-remitting form of the disease. There’s hope for sufferers of a different form of MS. By homing in on CD20-positive B cells, ocrelizumab is able to knock them out and other aberrant B cells circulating in the bloodstream.

A flood of tests have insurers ramping up prior authorization and utilization review. Information overload is a problem. As doctors struggle to keep up, health plans need to get ahead of the development of the technology in order to successfully manage genetic testing appropriately.

Having the data is one thing. Knowing how to use it is another. Applying its computational power to the data, a company called RowdMap puts providers into high-, medium-, and low-value buckets compared with peers in their markets, using specific benchmarks to show why outliers differ from the norm.
Competition among manufacturers, industry consolidation, and capitalization on me-too drugs are cranking up generic and branded drug prices. This increase has compelled PBMs, health plan sponsors, and retail pharmacies to find novel ways to turn a profit, often at the expense of the consumer.
The development of recombinant DNA and other technologies has added a new dimension to care. These medications have revolutionized the treatment of rheumatoid arthritis and many of the other 80 or so autoimmune diseases. But they can be budget busters and have a tricky side effect profile.

Shelley Slade
Vogel, Slade & Goldstein

Hub programs have emerged as a profitable new line of business in the sales and distribution side of the pharmaceutical industry that has got more than its fair share of wheeling and dealing. But they spell trouble if they spark collusion, threaten patients, or waste federal dollars.

More companies are self-insuring—and it’s not just large employers that are striking out on their own. The percentage of employers who fully self-insure increased by 44% in 1999 to 63% in 2015. Self-insurance may give employers more control over benefit packages, and stop-loss protects them against uncapped liability.