 |
Feature:
HIPAA - Pointers to Providers From An Expert
October 2002 marks the
deadline for providers to request an extension
regarding HIPAA, lead by Deputy Director, Data
Systems& Analysis, Ben Steffen and Division
Chief, EDI and Payer Compliance, David Sharp,
PhD.
more...
|
|
Inside this special
HIPAA Issue
|
| |
 ProtoMED
News
|
|
HIPAA - Pointers to Providers
From An Expert
October 15, 2002 marks the deadline
for providers to request an extension regarding HIPAA
compliance. I've had the privilege of participating
in the Maryland Health Care Commission's EDI/HIPAA Workgroup,
lead by Deputy Director, Data Systems & Analysis,
Ben Steffen and Division Chief, EDI and Payer Compliance,
David Sharp, PhD. I asked Dr. Sharp if he would mind
being interviewed for our newsletter community regarding
HIPAA and its impact on providers.
 Ben
Steffen and David Sharp are two of the few professionals
that I've encountered who have truly studied HIPAA,
yet have no profit agenda. Their mission is to disseminate
accurate, thoughtful, and beneficial information to
the health care community through the Maryland Health
Care Commission. One of the many results of their efforts
is the HIPAA Privacy Readiness Assessment Guide, attached
as a download from this newsletter, and the Security
Readiness Assessment Guide, which is available in late
October. Dr. Sharp was kind enough to answer questions
that I thought may be of use to our clients.
Walsh: Do you think that the
legislature knew they were creating a new industry when
they enacted HIPAA?
Sharp: HIPAA has created its own economic niche. The
Washington Post recently reported that HIPAA has created
an estimated 245 billion dollar industry. There isn't
a day that passes without the Commission receiving some
new product announcement related to HIPAA. Clearly,
products will come and go - physicians aren't information
technologists by trade; physicians will never purchase
many of these products. Right now, physicians that purchase
these products tend to do so out of fear. Once physicians
and their office staff are educated on HIPAA they will
spend their dollars differently.
Walsh: What happens when HIPPA
is over with?
Sharp: The regulations are evolving - ongoing changes
can be made every year. Security and privacy will continue
to grow. The process dictates constant review. Products
are now centered on compliance, but they will evolve
with changes in the regulations.
Walsh: One of the questions
that I have not had answered is with regards to HIPAA
enforcement. There is no provision for "HIPAA Police".
Who is responsible for HIPAA enforcement?
Sharp: HHS (Department of Health and Human Services)
is responsible for privacy and security and CMS (Centers
for Medicare & Medicaid Services) is responsible
for transactions compliance. Most states are not going
to be in the position to enforce. MHCC (Maryland Health
Care Commission) has not been approached by these two
organizations for assistance with compliance monitoring.
The enforcers have said that for the time being, violations
will be viewed as educational opportunities - only in
the most egregious situations would violations be viewed
as anything other than educational opportunities.
Walsh: Is HIPAA a windfall
for the legal community?
Sharp: I'm uncertain. There's opportunity for the legal
community to help reduce risk, but nobody can predict
HIPAA's impact on the legal community.
Walsh: Since the transaction
standards and security regulations allow for self-certification,
what is the value of all these certification vendors
(ClarEDI, Foresight Corporation, etc.)?
Sharp: Healthcare vendors that undertake third party
certification will be more certain that they have complied
with all programming changes and viewed more confidently
by their customers. Third party certification vendors
(those who survive) will also offer point-in-time auditing
after the big rush to be certified is over.
Business-to-business testing is real important. Physicians
are encouraged to ask their practice management vendor
to test their software with a third party testing organization.
This will ensure that the practice management system
meets the transaction standard requirements.
Walsh: Will payers be forced
to accept transactions from vendors who support HIPAA
compliant business-to-business (level 7) transactions?
Sharp: Yes. Payers are required to accept HIPAA complaint
transactions. However, payers will have their own implementation
guidelines for the transactions.
Walsh: This sounds similar
to current NSF (National Standard Format) formats through
the payer community - ie: one standard with hundreds
of nuances.
Sharp: Yes, this is what the industry has seen with
regard to NSF and expected by system vendors.
Walsh: So what advice can we
give a provider regarding transaction validation?
Sharp: Physicians may want to use a third party validation
service to ensure their transactions are HIPAA compliant.
Transaction testing also allows vendors to market their
systems as "HIPAA compliant". Another alternative
to the software vendor undergoing certification for
their software is for physicians to work with their
claims clearinghouse. In most cases, a claims clearinghouse
will take non-compliant transactions and convert them
into the required HIPAA format.
Walsh: In your opinion, what
are the benefits that physicians and practice managers
can expect to gain from HIPAA compliance?
Sharp: Using EDI will enable the physicians' office
to create operational efficiencies. The challenge is
for physicians to use the transaction standards to reduce
some of the manual, paper-related tasks they are doing
today. The HIPAA transaction standards set up the possibility
for real-time (future) claims processing and the financial
benefit of more expedient claims adjudication - the
potential under HIPAA will continue to evolve over time.
Walsh: What are the steps that
a provider should take regarding HIPAA compliance? Could
you give us the "Readers Digest" version?
Sharp: Practices should perform a gap assessment of
their practice for privacy and security. The EDI tool
developed by our EDI/HIPAA Workgroup offers a  nice
multi-dimensional approach that a practice can take
if it chooses to self-certify. The assessment tool,
A Guide To Privacy Readiness, is easy use as it was
developed by a cross section of health care professionals
who goal was to produce an accurate, user friendly,
do it yourself guide to implementing the privacy standards.Some
key points to remember include documenting all necessary
policies andprocedures and keeping them current. The
practice should also have all applicable Business Associates
Contracts on file and a Notice of Privacy Practices
among other things.
HIPAA is SCALABLE - it requires that the practice actually
perform the necessary review effort and implement required
changes and document the process.
Walsh: What's the biggest impact
that you expect to see from HIPAA?
Sharp: HIPAA's biggest impact is in the operations
end for most practices, it's not intended to interfere
with patient care
Protologics would like to thank Dr. Sharp and the Maryland
Health Care Commission for its pro-active approach to
understanding HIPAA and its implications. -lrw
 Click
This! - Help
Desk Advice
Review of ECS Reporting
We have noticed that clients are beginning to rely
exclusively on the Claims Manager for reporting electronic
claims status. While the Claims Manager is a great tool
for working A/R, it is not the definitive source for
claims status information. The Help Center advises our
clients to continue using the various ECS REPORTS PROVIDED
BY PAYERS AND CLEARINGHOUSES AS THE DEFINITIVE SOURCE
FOR CLAIMS STATUS INFORMATION.
ECS Reports are created from electronic text that we
automatically receive from either clearinghouses or
directly from payers. We have robot programs that separate
the reports (by TAX ID number) so that the reports get
to their perspective client folders (your practice directory).
Our Robot programs cannot determine if a new report
has been added, or if an older report format has been
altered. Such nuances will be found in our internal
error processing, but the fact remains that the robot
programs can misinterpret status results. ProtoMED always
returns the original CH or Payer reports back to your
system for review, thereby eliminating any potential
for error.
Routing Reports:
You should receive a ProtoCLAIMS Internet Routing Report
(Claims Detail - created by us upon receipt of your
batch) that shows a breakdown of received claims sorted
by routing destination. This report file name is titled
"ECSxxxxxx.tcd"(where xxxxxx is a series of
numbers or letters). When the Internet Routing Report
is created, a status file is automatically generated
that will be used to update the Claims Manager's STATUS
field for the claims that you have sent (it should now
say 'WAIT CH'). If you do not receive a Internet Routing
Report when you complete your claims submission (there
could be a report waiting to be pulled from a previous
submission), we suggest that you wait 3 - 5 minutes
and click on 'RETRIEVE REPORTS' (under the ECS Menu
choice) so that the Internet Routing Report gets downloaded
and the Claims Manager status gets updated.
Some of you experience problems with your ISP where
you are disconnected during the retrieval process (you
are limited to so many minutes without a keystroke -
or a limited amount of download text), therefore, you
fail to get the most recent Internet Routing Report.
For those of you who experience these problems, we recommend
that you perform multiple 'RETRIEVE REPORTS' sessions
to verify that there are no more reports queued for
download. If the Message Area (left side of the ECS
screen) has the text "No files sent No files received",
you know that all files have been retrieved.
Clearinghouse Status Reports:
Within 24 to 48 hours of submission, you should have
a report from the clearinghouse that will convey the
results of clearinghouse edits (on the Clearing House
side NOT the PAYER'S side). Since many report formats
and titles can be generated during the CH edit process,
the end user must print all returned reports to evaluate
CH claims status. This process will also update the
Claims Manager - the robot programs are designed to
read CH reports (particularly WEBMD) and update the
Claims Manager with either 'ACCEPTED' or 'REJECTED'
(payer info message will determine whether the claim
was accepted by CH or Payer).
Payer Status Reports:
WebMD has informed us that some payers are not sending
claims status reports back to WEBMD; therefore, there
is no way (until HIPAA is fully enacted) for us to give
you status on such claims. Claims Manager status will
continue to report 'WAIT CH' for such payers, since
we have no other means to update the status. Claims
status (and the full payer report) is sent back to you
for those payers who do give us status. Much like the
CH reports, payer reports come in too many formats -
the end user must PRINT AND REVIEW ALL REPORTS to effectively
monitor claims status.
"WAIT CH" Holding
Pattern:
Our first recommendation to any client who calls questioning
claims status is always "ARE YOU PRINTING AND MONITORING
YOUR ECS STATUS REPORTS?". For those of you who
have noticed that the Claims Manager keeps some claims
in a "WAIT CH" status holding pattern, please
assume that we do not go direct to these payers and
these claims REPRESENT PAYERS WHO DO NOT REPORT STATUS
TO WEBMD.
Since CH status is consistently reported to the Claims
Manager, it is safe to assume that such claims have
passed CH review and have been forwarded to the payer.
CALL THE PAYER DIRECTLY to seek information on the claim
- if you've been monitoring your reports and using the
Claims Manager, you can safely assume that the payer
is in receipt of the claim.
W. LaMonte Odum
Operations Manager, Protologics Corporation
 Bow
Tie Muse Rambling
Thoughts From The Protoman
HIPAA - Shmippa, what a PAIN!
If the sentiment expressed in the title reflects your
secret attitude towards HIPAA, then this text is for
you!
One of the best statements that I've heard regarding
HIPAA compliance and its impact on practice mangers
came from a well known consultant in the Baltimore/Washington
corridor. During an impassioned roundtable discussion
of HIPAA earlier this year (prior to the final Privacy
Rules), everyone in the room (some forty-fifty practice
managers, hospital administrators, insurance executives,
and physicians) were complaining of the onerous Privacy
Rules when this consultant, Gail Levy, abruptly interrupted
- and with very few words, changed my own negative opinion
of HIPAA:
"Wait a minute, why are we looking at this in
such a negative light? I see this as an excellent opportunity
to improve the management of our practices and to provide
better security to patient information - what's so bad
about that? Aren't we doing most of this already? Most
of these requirements have already been in place due
to other existing regulations."
I thought to myself, she's right, why are we reacting
so negatively to something as simple as patient confidentiality
and all its implications. Regardless of our health
status, we are all patients. Why wouldn't we welcome
increased attention to our private information? Isn't
it a good thing that more care will be taken by our
physicians to inform us if they want our participation
studies or marketing efforts that they are involved
in?
I realize that most physicians are going to foist the
HIPAA compliance effort on overly taxed practice managers.
Most managers will now serve as "Privacy Officers"
and "Security Officers" - regardless of their
ability to perform either role. Most managers are already
inundated with daily paperwork and cannot begin to find
the time to review their work processes and develop
new procedures to insure compliance. Many of the new
procedures will focus on staff training and will follow
with ongoing training. Once all this is in place, the
too often status quo of exposed charts spread upon multiple
desks, lab results on window sills, confidential conversations
between staff and patients at the waiting room window,
and all other forms of sloppy patient protocol should
be things of the past. Isn't this type of better management
worth the effort?
Yes, these regulations are bound to cause more grief
to anyone in the healthcare field. I know that Protologics
has to go through tens of thousands in expense and hundreds
of hours in preparation - and we are far removed from
most protected healthcare information, but if this HIPAA
effort can provide more assurance that my private healthcare
information (and yours) is better protected, isn't it
worth it?
-lrw
 David
& Goliath -
Stories from the Sales Team
Adding The Personal
Touch - Announcing Our ProtoMED 4.3 Road Show Seminars
The first of many ProtoMED 4.3 user group seminars
is scheduled for early October 2002 to be held in the
Woodbridge area of Northern Virginia. Many thanks to
Mary Wilkinson from Dr. Cohen, Mason, and Vayer's office
for assistance in securing space for us.
While the new On-line Help Manual built into the product
provides enough detail for users to be comfortable training
themselves Protologics looks forward to adding the personal
touch. The seminars will provide an opportunity for
ProtoMED practices within the same locale to meet each
other, and our technical staff, yet will remain small
enough to still be personal.
ProtoMED 4.3 is available free of charge via download
from www.ProtoMED.com to all ProtoMED clients in good
standing.
New features in version 4.3 include a Vastly improved
Claims Manager , new Worked Status (Follow Up) screen
to document any changes to claims and to assist with
claims review, secured, Web-based Electronic Claims
with WebMD/Envoy, new file encryption process during
submissions, improved reporting, an Automated Uniform
Referral form, an On-line Help Manual and more.
Did you know that you could generate lab labels for
individual patients directly from the scheduler? Do
you know that you could have inter-office Email and
Electronic Task Assignments without purchasing expensive
Email software? Are you aware that you can review your
electronic claims from home without additional communication
software? These and other operational topics will be
reviewed in the 4.3 Road Show Seminars. The Claims Manager
enhancements alone warrant a seminar, since it truly
changes the way most practices will work their A/R.
We look forward to meeting all of you one on one.
If you are interested in either hosting, or attending
our free 4.3 Road Show seminars please contact me at
800.648.4836, or you can click on this text and Email
me: Rgreenberg@protologics.com
.
Rick Greenberg
Regional Director, Business Development, Protologics
Corporation
ProtoMED
News
Septembert 2002 - ProtoMED Virtual
Office Debut - MMGMA Annual Conference:
The debut of ProtoMED's Virtual
Office series of products caused quite a stir
during the recent Maryland MGMA Annual Conference.
Physicians and managers were able to see an interactive
demonstration of the Virtual
Superbill (VSB) component of the ProtoMED VO
series.
 While
some participants were viewing the large screendemonstration,others
were walking around with the wireless PALM i705 performing
virtual billing with no training! The VO series of
products is not ready for delivery, but we had a great
time experimenting with a very enthusiastic "hands
on" audience.
BETA testing of the current VO product (includes
review of scheduling, electronic medical records,
account status, and the Virtual SuperBill (VSB)) begins
this month. We are presently coding for more PALM
based products. The BETA testing phase will take a
few months. ProtoMED plans to offer the VO series
early 2003.
October 2002 - Protologics Publishes
HIPAA Compliance Policy:
Policy Statement - ProtoMED and
HIPAA Compliance - October, 2002
Covered Entity or Business
Associate?
Protologics Corporation has filed for an extension
regarding HIPAA compliance. The ProtoMED product appears
to fit better into the HIPAA 'BUSINESS ASSOCIATE'
model than the definition of a 'COVERED ENTITY'; therefore,
it has been argued that we are not required to be
'HIPAA compliant' as a 'COVERED ENTITY'. We have chosen
to represent ourselves as a CLEARINGHOUSE to CMS,
instead of a Practice Management Vendor, thereby placing
ourselves into the HIPAA 'COVERED ENTITY' model. We
have chosen to subject ourselves to the added scrutiny
as a matter of confidence and security to our clients.
Clearinghouse Accreditation:
Most Practice Management Vendors will rely on clearinghouses
to translate their claims into the HIPAA x12 transaction
standards. As BUSINESS ASSOCIATES they are not held
to the same level of accountability as a COVERED ENTITY.
Most Practice Management Vendors do not own their
clearinghouse operation, so they have no need for
further accreditation. Protologics Corporation is
currently in candidacy status for accreditation by
the Electronic National >>>>>. This,
we believe, should provide our clients with additional
confidence to no that their PMS vendor holds itself
to national accreditation that is usually reserved
only for national Clearinghouses.
Claim Submission Protocol:
Presently, ProtoMED exceeds HIPAA security requirements
regarding encryption for transaction processing. Claims
are passed through the Internet at a 128K encryption
level - twice that required by the HIPAA standard.
We plan to further secure the transaction channel
by including a Secure Socket Layer (already developed
- just waiting for implementation).
X12 Transaction Standards:
ProtoMED currently batches its claims into the National
Standard Format (NSF). The new HIPAA format uses various
transaction sets outlined in the x12 specification.
ProtoMED will continue to rely on the translation
of its NSF format by its BUSINESS ASSOCIATES until
later next year. ProtoMED will produce and process
all necessary transaction sets within x12 specification
by the end of 2003. Protologics will, however, continue
to submit claims to Payers in whatever format that
is dictated by the Payer. Obviously, if a Payer or
Clearinghouse cannot process an x12 transaction set
- or is asking its BUSINESS ASSOCIATES to retain the
NSF standard, Protologics will accommodate the ASSOCIATE
to insure clean claims processing and payment.
Business Associates and Chain
of Custody Agreements:
While it is up to each provider organization as a
'COVERED ENTITY' to secure both the Business
Associate and Chain of Custody Agreements with
its trading partners, Protologics is happy to provide
both agreements to our clients as a matter of convenience
and for mutual compliance. The agreements are available
via download by clicking on the appropriate hyperlink,
or from the client download section of www.ProtoMED.com.
October 2002 - ProtoViews in
new Printer-Friendly Format
ProtoVIEWS is now available in
a Printer-Friendly version. Simply select FILE and
PRINT from your browser and the full copy of the newsletter
will be printed.
 Special
HIPAA Links/FORMS
Protologics hopes to assist our clients through the
navigation of HIPAA with the following documents and
Internet links. Any forms are provided without
warranty, expressed or implied, as to legal effect
and completeness. Use of any forms provide herein
is entirely at the user's risk.
ProtoMED
HIPAA Policy Statement
- outlines the design and implementation issues
that Protologics intends to follow regarding HIPAA
compliance.
Business
Associates Agreement - this contract can be
used by any provider (COVERED ENTITY) to record HIPAA
privacy policies and procedures with any vendor with
whom the provider conducts business that involves
the exchange of PHI (Protected Health Information).
The form is pre-formatted with Protologics' information.
The practice need only fill in its information and
return to Protologics to comply with HIPAA regarding
the vendor relationship regarding your Practice Management
Vendor and Electronic Claims submission.
Chain
Of Custody Agreement - this contract can be
used by any provider (ORGANIZATION) to record chain
of custody standards with any vendor with whom the
provider conducts business that involves the exchange
of PHI (Protected Health Information) and claims transactions.
The form is pre-formatted with Protologics' information.
The practice need only fill in its information and
return to Protologics to comply with HIPAA regarding
the vendor relationship regarding your Practice Management
Vendor and Electronic Claims submission.
Maryland
Health Care Commission HIPAA Privacy Tool -
this guide is the product of over two years of development
with a fifty+ member EDI/HIPAA workgroup convened
and managed by MHCC. The tool is in a WORD format
and can be easily printed and used as a gap assessment
tool. Upon completion of this FREE tool,
the practice should have a good idea of its needs
(including the need for outside assistance).
The following HIPAA LINKS are recomended (The CMS/Medicare
link has the electronic extension form which should
be filled out before October 15th by ALL PROVIDERS).
www.cms.hhs.gov
- The Medicare site where you can electronically
file for an extension (if you haven't already done
so).
www.mhccm.org
- Medicaid - great site with many cross references
to all HIPAA information presented in graphical format.
www.wpc-edi.com
- The definitive publishing source for HIPAA
www.mhcc.state.md.us
- The Maryland Health Care Commission
|
