The October 16th deadline for complying with the Health Insurance Portability and Accountability Act’s (HIPAA) electronic standards has passed, and most medical providers aren’t ready.
Even though the Centers for Medicare and Medicaid Services (CMS) recently agreed to temporarily accept non-compliant Medicare claims after the deadline, and private insurers seem to be following CMS’ lead, the practice could stop without notice, leaving medical providers facing serious cash flow problems.
As of October 13, only 15% of providers nationwide had complied, or had even begun testing for compliance, with the new HIPAA rule.
“Everybody’s compliance is low,” said Linda McMullen, general counsel for Mississippi State Medical Association (MSMA). “The deadline on the 16th has basically become a non-issue because all the large payers have agreed to continue accepting non-HIPAA compliant electronic claims.”
Hospitals nationwide have asked CMS for specific guidance on key issues, such as how to handle claim transactions that contain errors, and for clarification on anticipated problems with the management of new data items, such as tax identification numbers or physician social security numbers. Inaccurately prepared claims are subject to rejection by the new system as “incomplete.”
“The Mississippi Hospital Association (MHA) is very pleased CMS is making arrangements to continue payments to providers,” said MHA president Sam Cameron. “Ongoing communication between health plans and providers is going to be needed as we work through any glitches that come with the new HIPAA requirements.”
CMS has indicated it will not impose penalties on providers who are making reasonable and diligent attempts to comply with the new standards, said Rica Lewis-Payton, executive director of the Mississippi Division of Medicaid.
“Also, under certain conditions, CMS will not impose penalties on health plans, like Medicaid, that receive non-compliant transactions,” she said. “CMS is clear that this relatively lenient approach will not last indefinitely, and providers that send electronic transactions must continue to work toward being able to conduct these transactions using HIPAA-mandated X12N formats.”
CMS plans to fully investigate providers and health plans that incur complaints for non-compliance, said Gayle Lowery, CIO for Mississippi Division of Medicaid and chairperson of the Governor’s Task Force for
“CMS didn’t give a time frame for the length of time they will be lenient, but they made it clear that, whenever we decide we no longer want to accept the old formats from providers, we can go ahead and do that without CMS approval,” she said. “Payers are allowed to accept non-compliant claims, but are not required to.”
Providers are not ready for the new HIPAA rule because of the expense involved in being compliant, and a general lack of confidence that the federal government will follow through on the deadline, said Lowery.
“It is a costly change for the providers to have their practice management systems updated,” she said. “Many providers and others in health care have felt like this was just another federal regulation and would never happen, but it has. Personally, I think this is a good piece of legislation and is needed in the industry to standardize language.”
In Mississippi, only 4% of providers began filing claims under the new format through the Mississippi Division of Medicaid, which began accepting them October 1. (Medicare has a small practice exemption for practices with 10 or fewer employees filing electronically.)
“We continue to accept both formats, but it’s very costly in terms of resources for us to run dual systems,” said Lowery.
Gerry Printz, a consultant for Amsador, Ltd., a company that monitors provider compliance, said many providers are “at the mercy of their software providers.”
“If someone is using something way out in left field, or their provider isn’t doing a good job, then they’re going to be in serious cash flow trouble,” he said.
Jackson Neurosurgery Clinic is one of a few medical practices fully compliant with all HIPAA regulations, said Zoe Gasc, practice manager for the clinic.
“MedSynergies did everything for us in terms of HIPAA compliance, handling all the hardware and software on our end,” she said. “We transmit our charges to them and tell them what to send off to the insurance carriers. All we have to do is enter information from our end and they take care of the rest. They also provide computer security and privacy tracking to help us with the other aspects of HIPAA.”
Gasc did not say how much it cost to become HIPAA compliant, but said outsourcing the project was a worthwhile decision.
“If we had decided to set up our own system, we would have had to hire staff, buy all new hardware and software updates,” she said. “The initial costs are probably about the same, but we’re no longer responsible for monitoring employees who are doing our billing, or worrying about someone taking a week off. It all becomes their responsibility to do the billing for us. The economy of scale works for us. They bill for over 200 physicians, and the cost of updates and changes for any reason do not incur a fee for us. They bill based on a percentage of their collections, which also helps us because we would be paying employees to collect, even if there was a problem and the money wasn’t coming in.”
Physicians who are not HIPAA compliant are paying a high price in dropped claims, past filing deadline claims, and an inability to follow up on accounts receivable, said John R. Thomas, CEO of Dallas-based MedSynergies.
“It’s not an incremental cost,” he said.
“A strong outreach effort is needed to encourage physicians to comply with the HIPAA rule because this is not going away,” said Lowery.
Contact MBJ contributing writer Lynne W. Jeter at firstname.lastname@example.org.