June 22, 2006

The Honorable Michael O. Leavitt
Secretary
U.S. Department of Health and Human Services
200 Independence Avenue SW
Washington, DC 20201

Dear Secretary Leavitt:

The National Committee on Vital and Health Statistics (NCVHS) has responsibilities for assessing the impact of the adoption and use of transactions and code sets adopted under the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  Because it has been ten years since this landmark legislation was passed, NCVHS felt it was appropriate to solicit testimony to assess the status and lessons learned from HIPAA.  Since 2002, we have held 17 hearings with more than 200 testifiers from various stakeholder groups on a wide range of HIPAA-related issues, including HIPAA compliance, claims attachments, and ICD-10 adoption.  All of this input has significantly increased our understanding of HIPAA and its effects on the delivery and payment of health care.  It has further reminded the Committee that HIPAA changes the business processes as well as the systems used by the healthcare industry.

On this important anniversary, this letter provides some preliminary observations and recommendations on the implementation and impact of HIPAA.  Additional information and recommendations on HIPAA implementation will be included in our annual HIPAA report, which will be sent to you later in the year. 

Observation 1: Implementations.   HIPAA implementation has taken longer than anticipated in the HIPAA legislation. The causes for this are numerous and include the fact that actual publication of the rules has taken much longer than expected, as well as the fact that while payers were required to implement all standards, adoption by providers was not required.[1] The original view was that because standardized electronic data interchange implementation would save providers time and money, providers would gravitate to their use to reap the benefits of administrative simplification.

There have, however, been unanticipated impediments. These include reluctance by the vendors to build the range of necessary software for the non-revenue-related HIPAA transactions (such as the eligibility transactions 270/271 and claim status notification 276/277).   Additionally, there has been reluctance by some payers to robustly implement the HIPAA non-revenue transactions.  For example, payers in many cases included only minimum information in the eligibility transactions, which resulted in providers not being able to gain full benefit.  In addition, there are still health care organizations that are not yet compliant with HIPAA standards, and many of these organizations continue to use contingency plans, which further delays the transition to HIPAA standards.  .   

Recommendation 1.1: HHS should undertake a comprehensive evaluation of HIPAA implementation in order to identify barriers to timely, efficient and effective implementation, as well as areas for future improvements. NCVHS stands ready to advise HHS in the design and conduct of such an assessment. Once these impediments and areas of improvement are identified, the NCVHS pledges to work closely with the Department and the industry to identify ways to best address them. Such findings would be useful for other HIPAA implementations and federal standards initiatives in the future.

 Observation 2: The process for changing versions or updating versions of HIPAA standards is slow and cumbersome.  The HIPAA final rule requires covered entities to use a particular version of a standard, without modification.  It does not permit voluntary adoption of new versions; in contrast, this is permitted under the electronic prescribing final rule.  In addition, the administrative requirements under the Administrative Procedures Act (APA) necessitate notice and comment rulemaking.  The HIPAA rulemaking process has taken several years from issuance of a Notice of Proposed Rulemaking (NPRM) to implementation.  This severely hampers the ability of the public and private sectors to keep pace with emerging needs, especially in the rapid acceleration toward the adoption of electronic health record (EHR) systems. In addition, the HIPAA process requires that changes to standards be vetted through various standards development organizations (SDOs).  The SDOs’ processes include an extensive comment period in which all parties can participate.  However, the fact that the standards are on different approval cycles makes it problematic to synchronize changes or updates.  These differences in schedules, plus the unpredictability of the time it takes to complete all of the steps in the federal rulemaking process, create an uncertain environment in which it is difficult for providers, payers and vendors to influence or anticipate upcoming changes and develop business products and processes to accommodate them.   Backward compatibility[2], where feasible, and voluntary adoption of backward compatible standards with the named HIPAA standard could provide flexibility in version updating.

Recommendation 2.1: The Department should immediately explore ways to facilitate quicker updates and implementations of HIPAA transaction standards in a manner that can reduce or eliminate areas of redundancy in this process, including the possibility of not requiring HHS notice and comment rulemaking for a version update of an already existing HIPAA transaction standard.  This recommendation does not apply to the HIPAA privacy and security regulations.  The exploration should include:

• An in-depth review of the applicable statutory and regulatory requirements;; a comprehensive exploration of permissible options; and a determination as to whether legislative changes to HIPAA should be initiated. 
• Consideration of regulatory changes to permit the voluntary adoption of backward compatible updates to named HIPAA standards.
• Consideration of how to include public comment on business process issues as well as functional and technical standards issues in the review process.

Recommendation 2.2: The Department should expedite issuance of the NPRM on current HIPAA modifications.   This regulation includes the many needed changes identified since the original HIPAA regulations were issued in 2000, including a timely modifications process.

Recommendation 2.3:  The Department should determine what would be necessary to facilitate synchronization of the timing of implementation of changes to HIPAA code sets (including medical and non-medical data code sets) to minimize the scope and quantity of changes experienced by the providers, payers, clearing houses and vendors.  Alignment of the timing of changes and updates to the code sets would allow the industry to coordinate, test and implement on a more orderly schedule and reduce rejected claims.

Observation 3: Return on Investment (ROI). The testifiers who were using only the HIPAA health claims transactions indicated that they were not yet able to show a positive ROI.  It is important that we improve the ROI for HIPAA transactions and code sets so that they will serve as a driver for further adoption of health information technology and standards in the healthcare field.  The following actions could significantly increase the return on investment from the use of HIPAA transactions and code sets.

Recommendation 3.1.: HHS should take additional steps to increase the adoption and use by providers and payers of all those HIPAA transaction standards beyond the health claims transactions,  such as  eligibility  (270 / 271),  claim status (276 / 277), payment and remittance (835), and referrals (278).  These transactions when incorporated into daily processes can reduce staff and increase efficiency.  While we commend the ongoing work in this area by the Centers for Medicare and Medicaid Services (CMS), we believe these activities should be accelerated.

Recommendation 3.2: HHS should actively work with payers to facilitate inclusion of enough information in their responses (eligibility standard 271 and claim status standard 277) to allow providers to use the information to actually improve their processes.  Continuing participation by CMS is needed in the work by the Council on Affordable Quality Healthcare (CAQH), a voluntary group representing payers, providers, vendors and associations, on standardization of the data in an eligibility transaction.   This is an excellent example of voluntary cooperation to improve the HIPAA process.

Recommendation 3.3:  HHS should actively work with vendors to encourage their inclusion of the aforementioned non-claim transactions in practice management software used in provider offices.  Vendors are key to the success of pilots on these topics and, more importantly, to the success of final implementation by the industry.  As a result, their inclusion from the planning to the execution of such studies will yield more informed and usable results. 

Recommendation 3.4:   HHS should continue to support ongoing work by the industry and SDOs to reduce unnecessary variability of business rules, as currently documented in companion guides. Several actions are necessary. The first is to support processes to identify common business practices that are included in the different payers’ companion guides. Second, harmonization of the business practices that are not common must be promoted, to the extent possible.  In addition, some independent initiatives are underway to further evaluate those differences in business rules.  Continued support of these efforts by HHS would advance the original intent of standardization.

Recommendation 3.5: HHS should facilitate and encourage the adoption of one of the currently non-mandated acknowledgement transactions (e.g., 997 or 999) to standardize the acknowledgement process between providers, payers, clearinghouses and vendors.    This will achieve standardized process flows among the parties involved, thus reducing the effort necessary to achieve expected results.

Recommendation 3.6: HHS should continue the use of pilot testing new HIPAA standards, such as the pilot conducted with the proposed claims attachment standard, to obtain a real look at the actual benefits, issues, business impacts and system changes surrounding the proposed standard.  Even small-scale pilots can yield valuable information that could help speed implementation.

We look forward to advising the Department on issues related to HIPAA transactions and code sets and health information technology in 2006.

Sincerely,

/s/

Simon P. Cohn, M.D., M.P.H.
Chairman, National Committee on Vital and Health Statistics

[1] Additional details are provided in NCVHS’ annual reports to Congress on HIPAA implementation progress.  These are available on the NCVHS web site (www.ncvhs.hhs.gov/)

[2] As defined in the electronic prescribing final rule, November 2005, p. 67579, backward compatible means that the newer version would retain, at a minimum, the full functionality of the version previously adopted in regulation, and would permit the successful completion of the applicable transaction with entities that continue to use the previous version.