The trusted source for
healthcare information and
Two or three years may seem like a long time but physician practices need to be aware and plan ahead for changes that are on way, experts say. The clock has already begun ticking toward the deadline for complying with Health Insurance Portability and Accountability Act (HIPAA) regulations.
Practices must comply with electronic data interchange requirements by Oct. 16, 2002. Privacy and security regulations expected to be released soon will also have a two-year compliance deadline. If that’s not enough to set your teeth on edge, the proposed 10th version of the International Classification of Disease (ICD-10) is moving through government channels, with some experts predicting that implementation will occur in 2003, just a little more than two years down the road.
Revisions for the ICD-10 are expected to be complete by early January and testing will begin later this year. The new classification system will replace the ICD-9, which has been in use for more than 20 years.
"In the next two years, physicians are going to have to trash the system they have been using and reload a bunch of new codes. This is going to be a process that is more difficult than the Resource-Based Relative Value Scale [RBRVS]," says William J. DeMarco, president of DeMarco & Associates, a Rockford, IL, health care consulting firm.
Don’t be deceived by the fact that HIPAA regulations give you a long compliance period. You need to start preparing now.
"HIPAA compliance is going to be expensive and time-consuming. People who wait until the last minute to comply will find themselves saddled with a significant administrative burden and significant cost of overhauling their computer system and training the staff," says John Knapp, JD, a health law attorney with Cozen and O’Connor in Philadelphia.
The "Transactions and Code Sets" rule provides standards for electronic transactions and code sets that health care providers and payers use to identify diagnoses, drugs, and procedures.
But what will probably be the most onerous for physician practices is the privacy and security rules that apply to any kind of identifiable health information and deal with everything from consent forms doctors to how doctors should limit access to personally identifiable health care.
Although the final rules are yet to be announced, physicians are advised to start now working on HIPAA compliance.
"HIPAA is going to happen and those who are waiting for the final rules are going to be way behind," comments William F. Jessee, MD, president and chief executive officer the Medical Group Management Association, (MGMA) based in Englewood, CO.
Here are some tips for getting ready for HIPAA:
• Include provisions for HIPAA compliance in your long-term budget. This should include money for computer hardware and software as well as training for your staff, DeMarco advises.
• Adopt measures to protect personally identifiable health care information in your office, Knapp suggests. These may include physical security measures, such as locks and pass cards, and training for staff who are going to have to keep logs of who has access to what information and when it is released.
• Start to look at electronic security measures, such as passwords and levels of access so that not all personnel within an office will necessarily be able to get access to the same information.
(Editor’s note: For detailed information on HIPAA requirements, see Physician’s Managed Care Report, December 1999 and October 2000. For more information on ICD-10, visit the American Health Information Management Association Web site at www.ahima.org.)