HHS wants to ensure that health plan IT systems meet interoperability standards to exchange information with providers. A proposed rule is now open for public comment.
Hey, health insurers: Washington feels your pain!
Many of you have complained that a lack of consistent testing processes hindered your efforts to comply with HIPAA standards and operating rules for certain types of electronic healthcare transactions, including electronic funds transfers or EFTs.
Well, the Department of Health and Human Services has taken your complaints to heart. Earlier this month it released a proposed rule [PDF] designed to serve as "an initial step" toward the development of "consistent testing processes" that will (hopefully) enable health plans to "better achieve and demonstrate" compliance with HIPAA standards.
In other words, HHS wants to make sure that health plan IT systems meet interoperability standards to exchange information with providers.
Basically, the rule defines the information and documentation (more on this later) that must be submitted to prove that a health plan has tested its IT system and meets HIPAA standards for these specific electronic transactions: insurance eligibility, healthcare claim status, and healthcare EFTs and electronic remittance advice (ERA).
Health plans would have until Dec. 31, 2015 to submit their documents of attestation. After that date procrastinators could face a penalty fee of $1 per day per covered life (not to exceed $20 per covered life) until certification is achieved. The maximum penalty doubles to $40 per covered life if a health plan knowingly provides inaccurate or incomplete information in the certification process.
The proposed rule runs about 100 pages. Here are salient points:
1. Why is this rule necessary?
This dates back to the Health Insurance Portability and Accountability Act, which became law in 1996. With an eye to reducing administrative costs, the law encourages the use of electronic transactions and entrusts HHS with setting the standards and operating rules to reduce the healthcare industry's reliance on paper and manual processes.
Compliance dates were set, but health plans had a difficult time meeting the deadlines. Typically, HHS responded by delaying implementation or relaxing enforcement, but the industry has been unhappy with that approach because, as stated in the proposed rule, "such practices can be expensive to the industry."
2. Who must comply?
A health plan, any health plan subsidiary, and any business that conducts those applicable electronic transactions on behalf of a health plan must comply with the proposed rule.
3. What documentation must be submitted?
There are two types of evidence of compliance, both issued by the Council for Affordable Quality Healthcare (CAQH) Committee on Operating Rules for Information Exchange (CORE):
- CAQH CORE certification (also known as the Phase III CORE Seal).
This requires testing by a CORE-authorized vendor and compliance with CORE standards, as well as a gap analysis to determine what system and business process changes may be necessary for a health plan to make. - HIPAA Credential from CORE documenting compliance with HIPAA standards.
CAQH CORE is still developing this credential, but when finalized it is expected to require attestation to compliance with HIPAA standards and operating rules for eligibility. The health plan will attest that it successfully tested at least 30% of its total transactions with at least three providers for three electronic transactions. Contact information for the providers must also be submitted.
According to the proposed rule, the submission requirements "are a snap shot" of a health plan's compliance with the standards and operating rules. "Such information and documentation does not reflect continuing compliance, nor do we do intend the information or documentation to be updated or resubmitted on a regular basis."
4. How must the documentation be submitted?
This is tricky. The proposed rule doesn't identify a specific submission format. The number of health plan covered lives (important only if a penalty is imposed) will probably be submitted via an online form. An electronic version or copy of the Phase III CORE Seal or the HIPAA Credential may be required to be submitted online, or HHS may ask for a tracking number that links to CAQH CORE records.
Remember, all of this is only a proposal for now. HHS really does want to know what you think, so submit your comments by March 4.
Margaret Dick Tocknell is a reporter/editor with HealthLeaders Media.
