Health Insurance Portability and Accountability Act of 1996
Implementation of Administrative Simplification Requirements by HHS
On August 21, 1996, President Clinton signed into law the Health Insurance Portability and Accountability Act of 1996, P.L. 104-191 (HIPAA). One part of this law, labeled Administrative Simplification, is intended to reduce the costs and administrative burdens of health care by making possible the standardized, electronic transmission of certain administrative and financial transactions which are currently carried out manually on paper. To accomplish this goal, the law requires the Secretary of Health and Human Services to adopt national uniform standards for these transactions. The law does not require the collection or electronic transmission of any health information. It does require that the standards be followed anytime the transactions are conducted electronically.
To implement these provisions, HHS has established a process that incorporates internal federal working groups, liaison with external groups of experts, and a federal advisory committee. The process provides ample opportunity for public and industry input and feedback to ensure acceptance by the entire health care community.
An unjustifiably high percentage of every health care dollar is spent on administrative overhead. Administrative overhead includes processes for:
- enrolling an individual in a health plan,
- paying health insurance premiums,
- checking insurance eligibility for a particular service,
- getting an authorization to refer a patient to a specialist,
- filing a claim for payment for health care that has been delivered,
- requesting or responding to additional information in support of a claim,
- coordinating the payment of a claim involving two or more insurance companies,
- notifying the provider about the payment of a claim.
Today, these processes involve numerous paper forms and telephone calls, and many delays in communicating information among different locations, creating problems and costs for health care providers, plans and insurers alike.
To address these problems, the health care industry has attempted to develop standards for accomplishing these transactions electronically. But it has been very difficult to get all the competing parties to agree voluntarily to follow a single, uniform set of standards. Consequently, at the request of the industry and with bipartisan support, Congress included the Administrative Simplification provisions in HIPAA. To address concerns about the potential for abuse of electronic access to this type of information, the law includes specific provisions to protect the security and confidentiality of health information which might be associated with an individual.
The health care industry estimates that full implementation of these provisions could save up to $9 billion per year from administrative overhead, without reducing the amount or quality of health care services. To make these administrative savings become reality, the law requires the Secretary of HHS to adopt uniform national standards for the electronic processing of insurance claims and related transactions within 18 months of the law's enactment. Health plans, providers, and insurers would then have 24 months to implement the standards
HHS has established six internal interdepartmental working groups to identify and assess potential standards for adoption in the following areas:
- Health insurance claims and encounters
- Health insurance enrollment and eligibility
- Health identifiers for providers, health plans, employers and individuals
- Code sets and classification systems
- Security standards and safeguards
- Information infrastructure and crosscutting issues.
These working groups are coordinated by the HHS Committee on Health Data Standards, under the policy direction of the HHS Data Council, the department's internal, senior advisory body on data policy. Representatives from other federal agencies involved in health care both within and outside of HHS are participating in the process at all levels. These agencies include the National Institutes of Health and the Departments of Defense and Veterans Affairs, to name a few.
The law directs the Secretary to select standards that are developed and maintained by ANSI accredited standards development organizations (SDOs), unless a different standard would result in greater administrative savings. As a helpful starting place, the ANSI Health Informatics Standards Board delivered an "Inventory of Health Care Information Standards" to the Secretary on February 10, 1997.
In adopting standards, the law requires the Secretary to rely upon the recommendations of the National Committee on Vital and Health Statistics (NCVHS), HHS's public advisory committee in health data, standards, privacy and health information policy. To provide the opportunity for systematic consultation and public input, the Committee is holding a series of public meetings and hearings. In addition, HHS staff involved in the standards adoption process are prepared to meet with, consult and establish liaison with representatives of interested and affected groups.
To ensure careful protection of privacy, the law provides for confidentiality protections for information processed in accordance with the new standards. It also requires the Secretary to make recommendations for health record privacy legislation to Congress. If Congress does not enact such legislation, health care providers, health plans, and health care clearinghouses using the new standards will be required to follow confidentiality regulations promulgated by HHS for transactions covered by the electronic transmission standards. The HHS regulations must be promulgated before those standards go into effect. The development of recommendations to the Congress on privacy protections is being carried out through a process parallel to the standards process.
Standards Adoption Process
HIPAA envisions that the standards to be adopted would come from standards already developed by the industry after extensive consultation with the industry and with State and local governments. The general approach for adoption of standards would include:
- Identify existing candidate standards used in each area and perform fact finding and consultation.
- Analyze existing standards, identify gaps and conflicts, and present findings to the NCVHS and the Department.
- Develop recommendations for standards to be adopted and present recommendations to NCVHS and the Department.
- Submit draft regulations to the Secretary of HHS and to the Office of Management and Budget for initial review.
- Publish proposed rules outlining the standards in the Federal Register for 60-day public comment period.
- Analyze comments and prepare and publish Final Rules outlining the adopted standards in the Federal Register.
- Distribute adopted standards and prepare and distribute implementation guides.
Public and Private Sector Input into the Standards Development Process
The implementation process provides a number of opportunities for interested and affected parties to participate and provide public input toward the adoption of standards:
- By participating with standards development organizations.
- By providing written input to the NCVHS.
- By providing written input to the Secretary of HHS.
- By providing testimony at NCVHS' public meetings.
- By attending and participating in public meetings held by HHS.
- By commenting on the Federal Register publications for each of the proposed standards.
- By inviting Department of Health and Human Services staff to meetings with public and private sector organizations.
- By meeting directly with senior HHS staff experts involved in the implementation process.
The Administrative Simplification law requires that, within 18 months of enactment (by February 1998), the Secretary must adopt standards for a variety of health insurance transactions. The health care industry then has 24 months to implement those standards after adoption. Small plans (as defined by the Secretary) will have 36 months to implement the same standards. Privacy protection standards will either be enacted by Congress or, if Congress does not act, issued by HHS to accompany the implementation of the new standards.
The actual implementation schedule is likely to take longer for some of the more difficult and controversial elements. Please follow the ongoing progress on the 'milestones' pages for standards and privacy.