HIPAA requirements may dwarf Y2K problems

Payers are concerned that problems meeting the requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 may overshadow any year 2000 computer compatibility problems for providers, says a supplier of electronic commerce software.

In May, the Health Care Financing Admini stration (HCFA) in Baltimore proposed standards for electronic data transmissions and requirements for the use of those standards.1 These standards would meet HIPAA's requirements for administrative simplification.

Payers are concerned that providers will not update their old standards to the new standards in time for the providers to continue to process electronically, says Edwin Jones, health care product marketing manager for S2 Systems, a Dallas-based supplier of electronic commerce software for health care, financial services, and retail.

As a result, insurance companies will at first process fewer transactions electronically. This translates into higher administrative costs and a combination of smaller margins and higher premiums, Jones says.

Providers that begin using the new standards may run into problems with payers, too, suggests Karen Milgate, senior associate director for policy development at the American Hospital Association (AHA).

"One of our concerns is that not everyone will do it at the same time. So providers that might have changed all of their systems over to be compliant with the HIPAA requirements won't be able to get payment from the payers because the payers won't be able to accept it," she says.

A primary problem with the proposed data standards is that if the final rule is published at the end of this year, the deadline for implementing the new standards will be right in the middle of the year 2000 (Y2K) changeover.

In a comment letter to HCFA Administrator Nancy-Ann DeParle, AHA officials request that providers not be asked to implement new standards while they are handling Y2K problems.

"The time frame for implementing the new standards is unrealistic and, if not altered, could have serious consequences," writes Rick Pollack, executive vice president of government and public affairs at AHA's Washington, DC, office.

AHA has urged HCFA to delay the onset of implementation of these standards until April 1, 2000, with full implementation to be complete 24 months later.

Changes relating to other pieces of legislation might already be delayed. At a recent Y2K meeting, HCFA indicated that in the interest of ensuring Y2K compliance, it will delay changes necessary to implement the provisions of the Balanced Budget Act (BBA) of 1997.

HCFA has proposed to use New York City-based American National Standards Institute's (ANSI) version 4010 of the ASC X12N as the standard for these transaction sets:

r health care claims and equivalent encounter;

r health care payment and remittance;

r coordination of benefits;

r health claims status/response;

r enrollment and disenrollment in a health plan;

r eligibility for a health plan;

r health plan premium payments;

r referral certification and authorization.

AHA officials say HCFA should further test the X12N standards and further define the data elements and their interactions before the final rule is published.

"Without more guidance from HCFA and public and private sector evaluations, the efficiencies anticipated by the legislation will not materialize; in fact, costs could greatly increase," writes Pollack in the letter.

AHA also wants the groups responsible for maintaining the various data sets to be identified and established. "We believe that responsibility for managing the data content needs to be explicit in the final rule," the letter states.

When the time for standards implementation draws near, hospitals will have to change their computer systems to comply with the new standards or use a clearinghouse to do it for them.

Hospitals should stay abreast of when the final rule is issued so administrators know when the implementation deadline is, advises Jones. He also suggests taking the following actions:

1. Set up a task force or advisory group to study the impact of HIPAA on the electronic data systems - HIPAA compliance should be given equal time with Y2K issues.

2. Evaluate new systems, not only for Y2K standards but for HIPAA compliance as well.


1. 63 Fed Reg 25,272 (May 7, 1998).