HIPAA requirements may dwarf Y2K problems, supplier says

AHA asking for delay in electronic standards implementation

Payers are concerned that problems meeting the requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 may overshadow any year 2000 computer compatibility problems for providers, says a supplier of electronic commerce software.

In May, the Health Care Financing Administration (HCFA) in Baltimore proposed standards for electronic data transmissions and requirements for the use of those standards.1 These standards would meet HIPAA's requirements for administrative simplification. (For information about the national provider system portion of administrative simplification, see related story, p. 131.)

Payers are concerned that providers will not update their old standards to the new standards in time for the providers to continue to process electronically, says Edwin Jones, health care product marketing manager for S2 Systems. S2 Systems is a Dallas-based supplier of electronic commerce software for health care, financial services, and retail.

"[Payers] feel that a significant number of providers will have to revert to paper or contract with a clearinghouse to submit electronically," he says.

As a result, insurance companies, at first, will process fewer transactions electronically. This translates into higher administrative costs and a combination of smaller margins and higher premiums, Jones says.

Providers that begin using the new standards may run into problems with payers, too, suggests Karen Milgate, senior associate director for policy development at the American Hospital Association (AHA).

"One of our concerns is that not everyone will do it at the same time. So providers that might have changed all of their systems over to be compliant with the HIPAA requirements won't be able to get payment from the payers because the payers won't be able to accept it," she says.

Implementation overkill

A primary problem with the proposed data standards is that if the final rule is published at the end of this year, the deadline for implementing the new standards will be right in the middle of the year 2000 (Y2K) changeover.

In a comment letter to HCFA Administrator Nancy-Ann Min DeParle, dated July 6, officials are requesting that providers not be asked to implement new standards while they are trying to handle Y2K problems.

"The time frame for implementing the new standards is unrealistic and, if not altered, could have serious consequences," writes Rick Pollack, executive vice president of government and public affairs at AHA's Washington, DC, office.

AHA has urged HCFA to delay the onset of implementation of these standards until April 1, 2000, with full implementation to be complete 24 months later. "Implementing these standards along with the Y2K changes is a lot to ask providers to do all at the same time, which is why we suggested a delay in the implementation of [the standards] until after that could be done," Milgate says.

"[We believe] the final rule should be delayed until all of the other major components of the administrative simplification provisions with HIPAA are laid out," says George Arges, senior director of health and coding standards for AHA. "Let the industry focus on the year 2000 problems. Once that milestone has been reached, we would have two years with which to move toward the HIPAA standards."

Changes relating to other pieces of legislation might already be delayed. At a recent Y2K meeting, HCFA indicated that in the interest of ensuring Y2K compliance, it will delay changes necessary to implement the provisions of the Balanced Budget Act (BBA) of 1997, Arges says.

"If HCFA is looking to delay the BBA, my guess is that they are probably looking to delay the HIPAA regulations, as well," he says.

Testing the standards

HCFA has proposed to use New York City-based American National Standards Institute's (ANSI) version 4010 of the ASC X12N as the standard for these transaction sets:

r health care claims and equivalent encounter;

r health care payment and remittance;

r coordination of benefits;

r health claims status/response;

r enrollment and disenrollment in a health plan;

r eligibility for a health plan;

r health plan premium payments;

r referral certification and authorization.

AHA officials say HCFA should further test the X12N standards and further define the data elements and their interactions before the final rule is published.

"There's still a lot left unsaid that still has to be dealt with in terms of the definitions of data elements," Milgate adds.

"Without more guidance from HCFA and public and private sector evaluations, the efficiencies anticipated by the legislation will not materialize; in fact, costs could greatly increase," writes Pollack in the letter.

"We've always called for the production testing of many of the transaction sets," Arges says. "We've felt that there really hasn't been sufficient testing to make certain they do work the way they were intended to work."

AHA also wants the groups responsible for maintaining the various data sets to be identified and established. "We believe that responsibility for managing the data content needs to be explicit in the final rule," the letter states.

Even with these comments, AHA supports the use of national standards for electronic data transmission. "We do believe that logically it's the way to go," Arges says. "But we do think there needs to be some more management or oversight on how that process works."

Get ready

When the time for standards implementation draws near, hospitals will have to change their computer systems to comply with the new standards or use a clearinghouse to do it for them.

Hospitals should stay abreast of when the final rule is issued so that administrators know when the implementation deadline is, advises Jones. He also suggests taking the following actions:

1. Set up a task force or advisory group to study the impact of HIPAA on the electronic data systems - HIPAA compliance should be given equal time with Y2K issues.

2. Evaluate new systems, not only for Y2K standards but for HIPAA compliance as well.


1. 63 Fed Reg 25,272 (May 7, 1998).