eServices white papers site map contact
spacer_2
about us our products technologies affiliations news hipaa
hipaa overview hipaa philosophy hipaa news
hipaa overview

HIPAA Mandates

Transactions
The Administrative Simplification Provisions under HIPAA delineate the need to adopt standards for information transactions, and data elements for those transactions, to enable healthcare information to be exchanged electronically. Further, transfer of information among health plans must incorporate standards for the transfer of data elements needed for the coordination of benefits among health plans.

Transactions include:

  • Healthcare claims or equivalent encounter information
  • Healthcare claims attachments
  • Enrollment/disenrollment in a health plan
  • Eligibility for a health plan
  • Healthcare payment and remittance advice
  • Health plan premium payments
  • First report of injury
  • Healthcare claim status
  • Referral certification and authorization

Unique Identifiers
HIPAA further requires establishment of unique health identifiers for each individual, employer, health plan, and healthcare provider. It also requires that the adopted standards specify for what purposes unique health identifiers may be used.

Code Sets
HIPAA requires establishment of standardized Code Sets for appropriate data elements within the transactions described above. Development of these Code Sets is to follow, to the highest degree possible, use of already established code sets.

A particular concern for State Medicaid Adminstrators with regard to the Code Sets is the deprecation of local codes which States and districts within States commonly use. Since many of these local codes will not become part of the standard Code Set, States are faced with the particular challenge of "crosswalking" the standard transaction sets with their specific local codes. Because of this, simply utilizing an electronic clearinghouse to process transactions will likely be insufficient for claims processing. The States will be faced with the burden of inserting these local codes appropriately as required by their particular claims processing system.

Security Standards
The security requirements imposed by HIPAA represent a significant challenge to the exchange of electronic healthcare transactions. The safeguards outlined in HIPAA must be implemented by any party transmitting healthcare information to ensure the integrity and confidentiality of the information and to protect against unauthorized uses and disclosures of the information.

Further, HIPAA specifies the needs for standards to ensure that a clearinghouse, if part of a larger organization, has policies and security procedures (for both the data and the physical site) that prevent unauthorized access to the sensitive information by the larger organization. HIPAA requires an expansive catalog of:

  • Administrative Procedures;
  • Physical Safeguards; and
  • Technical Security Services to Guard Data Integrity, Confidentiality, and Availability.*

*Source: HCFA

What does this mean for State Medicaid and other healthcare organizations?
Typically, States Medicaid Administrators and other healthcare organizations have three options as to how to deal with the restrictions imposed by the HIPAA legislation. First, they can procure or develop an entirely new system for the processing of beneficiary eligibility and encounter data. However, due to Y2K expenditures, it is unlikely that many organizations will have the resources necessary for the procurement of an entirely new healthcare management information system, nor for the research and development required to "roll their own".

A second alternative for States is to go through an electronic data clearinghouse and have all transactions converted to whatever format is appropriate for their particular MMIS. As mentioned before, this presents a challenge for States utilizing local codes in that these codes will have to be crosswalked somehow prior to MMIS processing. These codes in turn will have to be cleansed from the transaction data prior to transmittal to the consumer.

A third option in implementing HIPAA provisions is to alter current systems to comply with the HIPAA legislation. Although this task may seem daunting, it is an opportunity for States (and other healthcare organizations) to accomplish not only HIPAA-compliance, but to re-engineer their current processing architecture while continuing to capitalize on their investment in their current healthcare information management system.

eServices Group, Inc. has a proven track record in the ability to address the shortcomings of heritage Medicaid Management Information Systems, including deployment of a web-enabled Medicaid Information System for the Fiscal Agent for the State of Florida. Capitalizing on this experience, eServices Group is poised to offer States web-enabled architectures integrated with their legacy systems which not only provide compliance with HIPAA mandates, but also provide added functionality, flexibility, and extensibility.

eServices Group views HIPAA as an opportunity for States and other private sector healthcare entitities, rather than the obstacle it is currently viewed as.

Contact us at cwaltrip@esrv.com to find out how eServices Group and its XJ Series™ suite of healthcare solutions can help your organization implement a HIPAA-compliant IT strategy.

Copyright © 2000-2005, eServices Group Inc . ph 301.698.1903 . em sales@esrv.com