• Messages and related elements for scheduling of appointments for services
• Messages and related elements for invoicing, adjudication and payment of healthcare services
• The Reference Information Model (RIM) for the entire set of standards
• Shared Messages such as acknowledgements shared across multiple domains.
• XML and UML Data Types

Read more.

Read HPP's April 1, 2004, op-ed on iHealthBeat, "Presidential Health: Do We Have a Right to Know?"

Read more.

• Read key parts of Frist's speech.
  Read more from iHealthBeat.

Under a modification to its HIPAA contingency plan announced in February, non-compliant electronic claims will still be accepted by Medicare, but their payment will take 13 additional days. HIPAA requires that health care claims submitted electronically be in a format that complies with the applicable electronic transaction standard adopted for national use. While the HIPAA electronic transaction standards that were adopted apply to all covered transactions by covered entities, this modification to the CMS compliance plan will only affect covered entities submitting Medicare claims to a Medicare contractor.

Read more (PDF).

The HIPAA Security Rule specifically focuses on the safeguarding of electronic protected health information (EPHI).  Make no mistake; there are some technical requirements for your electronic systems.  There are also requirements for internal operations, both physical and administrative.  All covered entities under HIPAA must comply with the HIPAA Security Rule by April 21, 2005.

It's clear from the number of complaints filed -- and the two million times people have accessed the HIPAA questions and answers section on OCR's Web site -- that HIPAA awareness is high, said Campanelli, whose office enforces the privacy rule.

OCR has received the most complaints against physician offices, general hospitals, pharmacies, outpatient facilities and group health plans - in that order. The top five types of complaints are:

Impermissible use or disclosure of protected health information (PHI).
Lack of adequate safeguards to protect PHI.
Refusal or failure to provide access to or a copy of medical records.
Disclosure of more information than is minimally necessary to satisfy a particular request for information (e.g., disclosing the entire medical record instead of the required piece).
Failure to provide individuals with the notice of privacy practices.
Many complaints are still resolved voluntarily. Of the roughly 6,000 complaints filed, about half were resolved "either by determining the thing complained about wasn't really a violation, or we got the cooperation of the entity and resolved [the problem]," Campanelli says. "For the other 50%, the cases are going forward." That means a fine could ultimately be imposed, but there's still the potential for a voluntary resolution, depending on "the facts of the case, the cooperation of the covered entity, the nature of the violation and how serious it is."

He says sometimes the covered entity didn't fully grasp what the rule required, or the covered entity understood "but was inconsistent about following the rule." For example, when a patient complains to OCR that a covered entity won't hand over the patient's medical records, "we get in touch with" the covered entity "and let them know the allegation. If it's true, quickly the covered entity comes into compliance with the rule and it is an opportunity for us to educate."

He notes that 60 cases have been referred to the Department of Justice for criminal investigation. HIPAA allows for both civil fines and criminal penalties. "Our approach has always been and continues to be that the most effective means of obtaining compliance is through voluntary compliance," Campanelli says.

Reprinted from the June 21, 2004 issue of REPORT ON MEDICARE COMPLIANCE, the nation's leading source of news and strategic information on false claims, overpayments, compliance programs, billing errors and other Medicare compliance issues.

Visit http://www.aishealth.com/GNOW/062104.html#gnowfourteen for more
information.

MEDICARE TAKES FURTHER STEPS TO PROMOTE THE USE OF HIPAA STANDARDS FOR ELECTRONIC CLAIMS

Electronic Medicare claims that do not meet Health Insurance Portability and Accountability Act (HIPAA) standards will be treated as paper claims and paid more slowly than HIPAA-compliant electronic claims beginning July 1next week, Mark B. McClellan, M.D., Ph.D., administrator of the Centers for Medicare & Medicaid Services (CMS) reminded today.

"The great majority of electronic claims we are receiving meet the required HIPAA standards," McClellan said, "but for the those still not in compliance there is going to be a delay in getting their money. We are hoping this will motivate more filers to get into compliance soon."

Under a modification to its HIPAA contingency plan announced in February, non-compliant electronic claims will still be accepted by Medicare, but their payment will take 13 additional days. The modification has an effective date of July 1, but CMS has said it will begin delaying payments for non-compliant claims submitted on July 6 and thereafter.

"By working collaboratively with health care providers on the use of standard electronic claims, we've been able to reach 90 percent compliance,"

McClellan said. "Now, a two-week payment delay is an important further incentive to get to 100 percent."

HIPAA requires that health care claims submitted electronically be in a format that complies with the applicable electronic transaction standard adopted for national use. While the HIPAA electronic transaction standards that were adopted apply to all covered transactions by covered entities, this modification to the CMS compliance plan will only affect covered entities submitting Medicare claims to a Medicare contractor.

By law, Medicare pays compliant electronic claims no earlier than the 14th day after the date of receipt. Non-electronic claims cannot be paid earlier than the 27th day after the date of receipt. By treating non-compliant electronic claims as paper claims, Medicare will pay them 13 days later than compliant electronic claims.

The deadline for compliance with HIPAA electronic transaction standards passed on Oct. 16, 2003, but Health and Human Services Secretary Tommy G.

Thompson announced prior to that date that payers would be allowed to implement contingency plans allowing additional time for members of the health care community to come into compliance with the HIPAA electronic claims standards. CMS implemented a contingency plan for electronic Medicare claims and urged private payers to adopt similar plans. The contingency plan has assured a cash flow to Medicare providers while they worked to meet HIPAA standards. Filers needing additional help are encouraged to contact their fiscal intermediaries (FIs) or carriers, the private contractors that process and pay Medicare claims.

Additional help can be found on the CMS website.

* A listing of Medicare FIs and carriers can be found at www.cms.hhs.gov/contacts/incardir.asp.

* Information on free billing software is at www.cms.hhs.gov/providers/edi

* More information on HIPAA is available at www.cms.hhs.gov/hipaa/hipaa2/default.asp

Are You Security Rule Savvy?
 
Each month, Health Information Compliance Alert gives you crucial information and strategies to prepare you for the rapidly approaching HIPAA security rule deadline. Along with detailed articles, you also get quizzes and sample documents to help guide your compliance efforts.
 
The following true/false quiz* from the June issue will help you gauge how close you are to full HIPAA compliance. Word to the wise: Don’t let your compliance engines stall. Use this quiz to get your security rule compliance on the road and moving!
 
1.  If your vendor says its practice management software is HIPAA compliant, then your computer systems are HIPAA compliant.
 
2.  If your practice is a member of a group or association that uses a HIPAA-compliant system for handling the storage and sharing of protected health information, you are privacy and security rule compliant.
 
3.  Using all the right HIPAA-compliant forms doesn’t make your facility compliant.
 
4.  Health care facilities of every size (even those with one or two employees) must concern themselves with security compliance.
 
5.  If your office has less than 10 employees, a designated HIPAA Privacy Officer is not required.
 
6.  The HHS Office for Civil Rights enforces HIPAA compliance by responding to complaints.
 
7.  If your facility uses cash or non-electronic billing, the HIPAA security rule is not an issue.
 
8.  Because the new regulations are so comprehensive, HIPAA compliance makes compliance with other health care regulations unnecessary.
 
Want to know more about Health Information Compliance Alert? You can download a FREE sample issue at www.eliresearch.com/splash/hica/index.html.
 
QUIZ ANSWERS: 1. False; 2. False; 3. True; 4. True; 5. False; 6. True; 7. False; 8. False
 
*This quiz is reprinted from www.breakwatersecurity.com with the permission of Breakwater Security Associates.