NEWS BRIEFS

MGMA gets a HIPAA update

On Jan. 28, 1999, members of the Medical Management Group Association (MGMA) in Englewood, CO, attended a meeting of the board of directors of the Workgroup for Electronic Data Interchange in Reston, VA.

At the meeting, MGMA received an update from Health Care Financing Administration (HCFA) director Stewart Streimer on the status of the administrative simplification provisions of the Health Insurance Portability and Account ability Act of 1996 (HIPAA).

Here is what the association learned:

• The draft of the payer identifier notice of proposed rulemaking (NPRM) had completed its HCFA internal review (and completed the Department of Health and Human Services review) and was scheduled to be sent to the Office of Management and Budget in Washing ton, DC, by mid-February 1999 for final review.

• HCFA, based in Baltimore, says the claims attachment standards will be released this spring. While several additional NPRMs are expected (such as standards for electronic medical records, health data confidentiality, and the national individual identifier), none are likely to be published before 2000.

• Despite the slowdown from year 2000 preparation, HCFA is expecting that the final rules for the standards for electronic transactions, the national provider identifier, the security and electronic signature standards, and the national employer identifier will be released by the end of 1999, although Y2K could impact the final rules by potentially extending the "effective" date.

Once the final rule is published, Congress will have 60 days to comment, extend the effective date, or even repeal the proposal entirely.

In other HCFA news, officials have indicated that hospitals will likely get their inpatient prospective payment system update on time, according to the American Hospital Association in Chicago. Although HCFA had feared that year 2000 fixes could delay the update until April 2000, the agency is now predicting a date closer to Oct. 1, 1999.


Malpractice reporting could put hospitals at risk

Proposed changes to Department of Health and Human Services (HHS) regulations that require hospitals to report medical malpractice claim payments to the National Practitioner Data Bank could place insurance companies and hospitals at risk for lawsuits by physicians, according to an American Hospital Association (AHA) personal membership group, the Chicago association’s news bureau reports.

The proposed changes to the Health Care Quality Improvement Act of 1996 regulations, published in the Dec. 24, 1998, Federal Register, would require payers to identify practitioners "whose professional conduct was at issue in any malpractice claim that resulted in a payment, and to report that payment to the Data Bank."1

Washington, DC-based HHS says it would use the information to identify payers that routinely avoid identifying responsible practitioners. Jeff Driver, legislative chairman of the AHA’s American Society for Healthcare Resource & Materials Management, says that when more than one health care professional is involved in a malpractice case, sometimes the responsible party can’t be identified.

The AHA also took issue again with a government advisory on the so-called "patient-dumping" law that suggests delaying all insurance questions until emergency department screening and stabilization are complete.

The advisory, published in the Dec. 7, 1998, Federal Register, addresses situations in which managed care companies’ preauthorization requirements conflict with hospital obligations.2

Stressing that most emergency department patients usually wait to be seen, AHA asked the HHS to specifically acknowledge that insurance information may be requested as long as it does not delay screening or stabilization.

AHA also asked for acknowledgement that contacts with managed care plans can help emergency department staff obtain information to assist in treatment.

References

1. 63 Fed Reg 58,341 (Oct. 30, 1998).

2. 63 Fed Reg 67,486 (Dec. 7, 1998).


Certain Internet programs may pose security threats

A company in Rochester, NY, recently warned its customers of a security threat related to Internet usage. A number of the machines of FrontierNet customers have become infected with Back Orifice and NetBus Trojan Horse programs, writes Jim Lippard, director of Internet Security at Frontier GlobalCenter. His letter was posted on a health information listserv.

These programs usually get on a computer when the user receives a file on IRC (Internet Relay Chat), through ICQ, in e-mail attachments, or by downloading information/graphics/software from the Internet. Once on a system, these programs allow anyone on the Internet to connect to the user’s computer and use it remotely.

"This means any time you connect to the Internet, others can make use of your computer to engage in potentially malicious activity," Lippard writes.

"For example, your files can be modified or deleted, or your stored passwords can be stolen giving the trespasser access to your Internet account as well as your computer. Once someone else can access your computer on-line, it can be used to engage in attacks on other computers on the Internet with the appearance that you are the culprit. Again, the best course of action is to be aware of the possibilities and then take steps to protect yourself," he states in his letter.

Back Orifice and NetBus currently only work on Windows machines. Windows PC users may find information about both Back Orifice and NetBus, including instructions for removing it by hand, at http://www.nwi.net/~pchelp/bo/bo.html.

Information about how to prevent the programs from being downloaded onto a system can be found at the FrontierNet Web site at http://www.frontiernet.net/technicalsupport/security/index.html.


AHIMA publishes dates of certification exams

The American Health Information Management Association (AHIMA) in Chicago has published the dates for its registered record administrator (RRA), accredited record technician (ART), certified coding specialist (CCS), and certified coding specialist — physician based (CCS-P) certification exams.

This year, the RRA and ART exams will be offered on Oct. 9, at more than 50 testing sites nationwide. The early application deadline for these exams is July 30, with the late application deadline of Aug. 13.

For a free RRA or ART Certification Guide, contact Applied Measurement Professionals, AHIMA’s official testing service, at (913) 541-0400.

The CCS and CCS-P exams will be held on Sept. 18 this year at more than 50 testing sites nationwide. The early application deadline for these exams is July 23, with the late application deadline of Aug. 20. Certification guides for the coding exams are also available from Applied Measurement Professionals. The guides are available after April 15, 1999.

For details such as exam application fees and testing site locations, visit the AHIMA Web site at http://www.ahima.org/certification/examinfo.html.


FDA proposes collection of Y2K information

The Food and Drug Administration (FDA) in Rockville, MD, has proposed a collection of information about year 2000 (Y2K) compliant biomedical devices. The request was submitted to the Office of Management and Budget in Wash ing ton, DC, for emergency processing under the Paperwork Reduction Act of 1995," according to the Jan. 22 Federal Register.1

The proposed collection of information concerns a survey of manufacturers of Y2K-vulnerable biomedical devices to obtain a list of their products that have been identified as being Y2K-compliant. The list of the Y2K-compliant biomedical devices will be made available to the government, health care facilities, and the public via the Federal Year 2000 Biomedical Clearinghouse on the Web.

Manufacturers of biomedical equipment that may be Y2K-vulnerable will be asked to provide a list of their products that have been evaluated and found not to be impacted by the Y2K-date issue. The information requested will include the specific manufacturer, product type, model, and specific serial or version number (when applicable) of each product evaluated by the manufacturer and determined to be compliant. The request will also ask for a single point of contact at the manufacturer to discuss product information, including information on testing protocols.

Reference

1. 64 Fed Reg 3,524 (Jan. 22, 1999).