|
|
Testimony: WEDI Public Hearing on Implementation of HIPAA
Regulations
Presented by D'Arcy Guerin Gue
Phoenix Health Systems and the Healthcare Information and Management
Systems Society (HIMSS)
January 27, 2004
Introduction
On behalf of HIMSS and Phoenix Health Systems, thank you for extending
your invitation to appear at this important hearing.
I am here today to provide an overview of the most recent aggregate
healthcare industry data available on HIPAA Transactions and Code
Sets compliance progress and issues. Beginning January 6, 2004 and
ending two weeks later on January 13, HIMSS and Phoenix Health Systems
conducted the 17th consecutive US Healthcare Quarterly Industry
HIPAA Compliance Survey. The Winter 2004 Survey placed special emphasis
on readiness to conduct HIPAA transactions, prioritization of specific
electronic transactions, the impact of the Contingency Plan offered
by the Centers for Medicare and Medicaid (CMS), and the impediments
to compliance progress faced by healthcare providers, payers, clearinghouses
and vendors.
The Survey Approach and Participants
Following several website and email appeals to HIMSS 13,000+ members
and to Phoenix’ 20,000+ HIPAAlert newsletter subscribers,
a total of 631 healthcare industry representatives responded. The
online Survey was completed anonymously via Phoenix’ web site,
HIPAAdvisory.com. The breakout of participants by industry segment
follows:
- Providers – 70% (Hospitals – 51%)
- Hospitals with 400+ beds: 18%
- Hospitals with 100-400 beds: 20%
- Hospitals with less than 100 beds, or 30+ physician practice
or similar size: 13%
- Medium-sized physician practices (11 to 29 physicians)
/other like-sized providers: 8%
- Small physicians practices (10 or fewer physicians) /other
like-sized providers: 11%
- Payers – 19%
- Covering fewer than 150,000 Lives: 6%
- Covering 150,000-500,000 Lives: 4%
- Covering 501,000-1,500,000 Lives: 4%
- Covering more than 1,500,000 Lives: 5%
- Vendors – 9%
- Clearinghouses – 2%
Nearly 90% of all respondents reported that they hold an official
role in HIPAA compliance within their organizations: 20% are members
of senior management, 11% CIOs, 22% other department managers, and
28% Compliance or Security Officers. The remaining 19% hold various
positions including analyst, attorney and other roles.
Before I present the key results of the Survey, please bear in
mind a few explanatory, perhaps cautionary points:
- The Quarterly HIPAA Compliance Survey is intended to be a high
level report on HIPAA Transactions-related progress and issues;
limitations on the length of the Survey (which also addresses
Privacy and Security compliance) have been necessary to ensure
participation by the large polling samples we seek. Also, because
of the varied job roles of participants, we have striven to make
the polling questions sufficiently non-technical that all participants
are able to answer them.
- The Winter 2004 Survey generated a very small sample of Clearinghouse
representatives: 2% of total respondents. This is consistent with
Clearinghouse responses throughout the history of the Survey.
The small size of the sample should be taken into account when
interpreting our results.
- To some extent the Survey sample may reflect a self-selection-based
bias. It can be inferred from our polling process – through
HIMSS and HIPAAdvisory.com – that the majority of respondents
are either members of HIMSS, and therefore reasonably information
systems-savvy – and/or are already familiar enough with
HIPAA to be users of HIPAAdvisory.com’s resources. Therefore,
it also can be inferred that covered entities that know or care
little about HIPAA, or who are not members of HIMSS, may not be
adequately represented in the survey results. While the polling
model, admittedly, is imperfect, the results have undeniable value,
in that
- The Quarterly U.S. Healthcare Industry HIPAA Compliance
Survey represents the only large-scale HIPAA compliance survey
that has been undertaken regularly over four years. A resulting
advantage is that we have been able to compare new results
relative to past results, and, indeed, have found the relationship
between them to be reasonable and consistent.
- It is logical to assume that covered entities that know
or care little about HIPAA compliance, and that have not been
exposed to our surveys for that reason, will have achieved
less progress in HIPAA compliance than those who are represented
in our sample. Therefore, we believe that any conclusions
that can be drawn from the Survey data are likely to be from
the positive end of the industry’s TCS progress. In
other words, the picture I am about to paint likely represents
the best possible current compliance scenario, when, in fact,
the reality for the industry as a whole may be somewhat less
encouraging.
Key Findings of the Survey
- Over 80% of covered entities have completed Transactions and
Code Sets gap analyses.
| |
Gap Analysis Done |
| Provider |
82% |
| Payer |
86% |
| Clearinghouse |
100% |
- Over three quarters of covered entities have completed internal
TCS testing.
| |
Internal Testing Complete |
| Provider |
75% |
| Payer |
81% |
| Clearinghouse |
75% |
This data reflects significant progress since our Fall 2003 poll,
when only 43% of Providers and 20% of Payers indicated completion
of internal testing.
- On average, only half of covered entities have completed external
testing.
|
External Testing
Complete |
To be Completed
Within 3 Months |
| Providers |
56% |
20% |
| Payers |
50% |
18% |
| Clearinghouses |
50% |
50% |
This data indicates strong progress by Providers since the Fall
2003 Survey, when only 20% had completed external testing. However,
there is no increase in the percentage of Payers that have completed
external testing since Fall 2003.
- Vendors were asked when they expected to complete all testing,
internal and external. Forty percent reported that they are already
finished (as compared to 22% in the Fall 2003 Survey), with 16%
anticipating completion with three months, and another 24% expecting
to be complete within six months.
- Fairly consistent with the internal testing results discussed
earlier, most respondents stated that they are ready to accept/transmit
one or more, but not all, standard transactions.
| |
Ready Now |
| Providers |
80% |
| Payers |
92% |
| Vendors |
76% |
| Clearinghouses |
75% |
- All participants were asked when their organizations would be
ready to accept/transmit all standard transactions.
| |
Ready Now |
Within 3 Months |
Do Not Know |
| Providers |
45% |
18% |
21% |
| Payers |
56% |
17% |
10% |
| Vendors |
40% |
16% |
12% |
Clearinghouses
(4 responses) |
50% |
0% |
0% |
Those not responding within one of the three categories listed
above, reported expected readiness at various times between three
and 10 months from now. Again, Providers have made strong progress
from the 18% readiness level they reported in the Fall 2003 Survey.
However, the progress of Payers is insignificant (up only three
points from Fall 2003), and Vendor reports indicate a lower level
of readiness today than in Fall 2003 (when 47% reported readiness).
- Participants were asked which transactions they planned to
conduct initially.
Use Ranking |
Transaction |
1 |
837 Claims (most frequent) |
2
|
835 Payment & Remittance |
3 |
276/277 Claim Status Request & Response |
4 |
270/271 Eligibility Inquiry & Response |
- Respondents were asked to identify what major obstacles (out
of a series of 12 listed items) face their organizations in conducting
standard Transactions. The top three listed obstacles, by industry
segment, are as follows (and are generally consistent with those
reported in the Fall 2003 Survey):
Providers
- Payers are not ready to accept standard Transactions
- Payers are not ready for testing
- Cannot get needed information from Vendors, Payers,
Clearinghouses
|
Payers
- Providers are not ready for testing
- Providers have not captured the data required for standard
Transactions
- Cannot get needed information from Vendors, Providers,
Clearinghouses
|
Vendors
- Ambiguities exist in Implementation Guide specifications
- Payers are not ready to accept/transmit standard Transactions
- Providers have not captured the data required for the
standard Transactions
|
Clearinghouses
- Payers are not ready for testing
- Payers are not ready to accept/transmit standard Transactions
- Providers have not captured the data required for the
standard Transactions
|
- We asked Providers and Payers for their assessments of their
trading partners’ readiness to conduct the HIPAA standard
Transactions, as an alternate way of “testing” readiness.
Providers’ Evaluation
of Third Party Readiness |
| |
Ready to Transact |
No Readiness Date |
Do Not Know |
| Payers |
35% |
22% |
17% |
| Vendors |
57% |
10% |
13% |
| Clearinghouses |
52% |
15% |
16% |
Payers’ Evaluation
of Third Party Readiness |
| |
Ready to Transact |
No Readiness Date |
Do Not Know |
| Vendors |
51% |
10% |
18% |
| Clearinghouses |
38% |
14% |
28% |
- Historically, Survey respondents have complained of poor communications
with their trading partners, and the Winter Survey results are
no exception. Only one third of Providers and Payers reported
that their trading partners are “very forthcoming”
in communicating details of their compliance plans, progress and
timelines. About 35% of Providers have indicated that their Payers
have provided “little or no needed information” or
“only some needed information." An average of 22% of
Providers have said the same of their Vendors and Clearinghouses.
- In the wake of the CMS Contingency Plan, 85% of Payers are continuing
to accept non-compliant transactions. About 15% plan to continue
accepting non-compliant transactions for the next 30 days, with
another 19% planning to do so for up to three months from now.
Another 35% said they will continue on this course until CMS discontinues
its Contingency Plan.
- Provider and Payer respondents were asked how long they believed
the CMS Contingency Plan should remain in effect. None felt that
the Plan should end immediately.
Recommended Duration
of CMS Contingency Plan |
| |
30 More Days |
Up to 3 Months |
4 to 6 Months |
| Providers |
27% |
25% |
21% |
| Payers |
16% |
19% |
33% |
The remaining respondents either had no opinion or advocated
continuation of the Plan beyond six months.
- When asked what contingency plans participant organizations
would deploy if they are not ready to conduct compliant Transactions
when required, participants replied as follows (results for each
industry segment listed in order):
Providers
- Direct Data Entry and/or Paper
- Clearinghouse
|
Payers
- Accept paper processing
- Continue to accept non-compliant transactions
|
Vendors
- Advise Providers to use a compliant Clearinghouse
- Continue to accept non-compliant transactions
|
Clearinghouses
- Use compliant clearinghouse
|
Conclusion
Overall, we believe the results reported today speak for themselves.
However, in summary, we believe it is fair to say that while some
indicators suggest that many organizations, and Providers in particular,
have been working hard to make up for lost time, the industry as
a whole is far from prepared to begin conducting most of the standard
Transactions.
Even taking into account expected normal variations between quarterly
Survey results, Vendors and Payers appear to be little more prepared
to manage their Transactions roles than they were three months ago.
Less than 50% of our industry respondents are ready to conduct most
or all of the standard Transactions, a likely reason why significant
resistance to an imminent end of the CMS Contingency Plan remains.
On the positive side, over 75% of all industry segments have stated
that they are able to conduct at least one compliant transaction.
Momentum in the right direction is occurring – even if we
cannot report that it is conforming to hoped-for timelines.
|
 |
 |
