HIPAA Regulatory Alert: Latest HIMSS survey shows slow compliance

Only half of respondents completed TCS testing

The latest survey of 631 providers, payers, companies, and clearinghouses by the Healthcare Information and Management Systems Society (HIMSS) indicates that as of mid-January, only half had completed testing for the Transaction and Code Standards (TCS), which standardized what information must be contained in electronic claims and how it should be transmitted.

Consultants who provide services to physicians say that even though enforcement remains complaint-driven, physicians will have an increasingly compelling incentive to comply with the law as claims that do not follow the regulations are rejected.

John Thomas, CEO of Dallas-based MedSynergies Inc., has estimated that only 15%-20% of physician claims are in compliance with the standard. He says that as accounts receivable numbers show more unpaid claims, physicians will get the message.

Karen Trudel, director of the Department of Health and Human Services (HHS) Office of HIPAA Standards, says the agency has not set a time frame for ending contingency plans.

"TCS represents an activity the magnitude of which the health care industry had never attempted before," she says. "You’ve got so many different moving parts that a lot of people underestimated the complexity of the process." She estimates that two-thirds of Medicare claims being received by HHS are compliant.

More culture than technology

HIMSS officials say the stumbling block for providers is more culture than technology. Many delays, they say, simply relate to the fact that physicians have many demands on their times that they assign a higher priority than technology.

"With any systems upgrade, the technology is probably the easiest part, and culture change the most difficult part," says Joyce Sensmeier, director of professional services at HIMSS.

The HIMSS survey showed that while 45% of providers and 56% of payers were ready to accept or transmit the standardized transactions, only 40% of the companies that make software for the industry were prepared. That was down from an earlier survey in which 47% of the companies reported they were ready to handle the transactions.

The consulting firm Frost & Sullivan has estimated that providers such as hospitals, managed care organizations, and physicians have spent $1.2 billion on HIPAA.

Apparently, most of that spending was by organizations characterized as early adopters, especially large organizations with the resources available to use for experimenting with new initiatives.

But most physicians practice in small groups; approximately two-thirds of all physicians are in group practices of eight or fewer members, and they may have only recently installed a computer and assigned information technology duties to the office manager. Thus, they’re dragging their feet on coming into compliance with transaction and code standards, even as the deadline for compliance with security requirements is only 12 months away.

Security standards

The security standards require health care groups to assess their systems’ susceptibility to unauthorized access and put a policy in place to deal with that concern. Trudel says the security standards may not pose as much of a problem as TCS because of flexibility built into the requirements. "We’re saying you have to think about your risk and how you can best mitigate that risk," she said. "But a lot of people are going to be asking us to tell them exactly what they have to do."