Administrative Simplification Enforcement
Health plans and other industry participants must adhere to HIPAA standards, and those who fail must face reprimand.
Contributed by the American Medical Association (AMA)
In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA) legislation that mandated standard electronic transactions for use in the exchange of information between providers and health plans. Designed to streamline healthcare revenue cycle processes, HIPAA established a common method for providers to communicate across all health plans, with the goal of eliminating plan-specific methods that led to inefficiencies for providers. Since their inception, the HIPAA transactions have significantly increased efficiency and produced considerable financial savings throughout the healthcare industry. However, as the saying goes, a law is only as good as its enforcement. In order for providers to realize the maximum potential of the HIPAA standards, health plans and other industry participants must adhere to the standards, and those who fail must face reprimand.
Health Plan Certification?
In 2010, the Affordable Care Act included a provision designed to ensure that health plans and their vendors were conducting business in accordance with the HIPAA standards. The corresponding regulatory proposal, released in 2014, called for the creation of a system that would require plans to formally attest to The Centers for Medicare and Medicaid Services (CMS) that they had tested their systems and were in compliance with the HIPAA transactions. The proposal outlined punishments for health plans that failed to meet the attestation deadline, and it could have ensured greater transactional adoption and compliance, as well as provided a valuable database for physicians to reference when interacting with plans.
The health plan compliance regulation never made it beyond the preliminary stage of a Notice for Proposed Rulemaking. Following considerable industry pushback and some questions about the appropriate way to track health plans, the Department of Health and Human Services (HHS) published a withdrawal notice in the Federal Register for the proposed rule in October 2017. The withdrawal means that health plans will not have to certify their compliance as outlined in the proposed rule.
HHS Optimization Project Pilot
In an effort to push for health plan and clearinghouse compliance with transactions, CMS announced the HHS Optimization Project in 2017. The Administrative Simplification Optimization Program pilot offers health plan and/or clearinghouse volunteers the chance to submit electronic transaction files for review and testing by HHS, while also attesting to compliance with standards and operating rules.
The project is designed to enable volunteers to test their systems and receive a report that flags any issues that need to be addressed for full compliance. Plan volunteers that achieve successful reviews receive a dated certificate of participation to be used as a promotional resource.
HHS announced that the pilot was a preliminary stage of the Administrative Simplification Optimization Program, under which HHS will begin conducting compliance reviews of randomly selected health plans and clearinghouses. HHS has yet to release additional details about these plans, but these proactive, random compliance reviews could provide much-needed regulatory enforcement for the industry.
Physician Complaint Process
Currently, provider complaints serve as the only way to enforce the administrative simplification regulations. The HIPAA regulation establishes a complaint process for the resolution of HIPAA standard transactions compliance issues. CMS has developed the Administrative Simplification Enforcement and Testing Tool (ASETT), which enables physicians to both a) test HIPAA electronic transactions and validate compliance, and b) file complaints regarding noncompliance with transactions, code sets, identifiers, and operating rules with CMS. Providers looking to enforce their rights pursuant to the standards and operating rules can file a complaint against a health plan, which would initiate a formal review by the CMS National Standards Group. ASETT may be accessed via the CMS website at https://asett.cms.gov.
In order to truly realize the intended efficiencies and savings of the HIPAA standard transactions, health plans must become and remain compliant with the regulations. Due to the complaint-focused enforcement process, physician groups need an adequate understanding of the health plan responsibilities and adherence enforcement avenues created by the regulation. The AMA offers multiple resources detailing physician rights and tips on using the ASETT resource. For additional information and to access the AMA resources, please visit www.ama-assn.org and search for “Toolkits for Administrative Simplification.”