[Please label written or e-mailed comments about this section with the subject: Background]
Electronic data interchange (EDI) is the electronic transfer of information, such as electronic media health care claims, in a standard format between trading partners. EDI allows entities within the health care system to exchange medical, billing, and other information and process transactions in a manner which is fast and cost effective. With EDI there is a substantial reduction in handling and process time, and the risk of lost paper documents is eliminated. EDI can eliminate the inefficiencies of handling paper documents, which will significantly reduce the administrative burden, lower operating costs and improve overall data quality.
The health care industry recognizes the benefits of EDI and many entities in that industry have developed proprietary EDI formats. Currently, there are about 400 formats for electronic health care claims being used in the United States. The lack of standardization makes it difficult to develop software, and the efficiencies and savings for health care providers and health plans that could be realized if formats were standardized are diminished.
Adopting national standard EDI formats for health care transactions would greatly decrease the burden on health care providers and their billing services, as would standardized data content. Standard EDI format allows data interchange using a common interchange structure, thus eliminating the need for users to reprogram their data processing systems for multiple formats. Standardization of the data content within the interchange structure involves: (1) uniform definitions of the data elements that will be exchanged in each type of electronic transaction, and (2) for some data elements, identification of the specific codes or values that are valid for each data element. The code sets needed for EDI in the health care industry include large coding and classification systems for medical diagnoses, procedures, and drugs, as well as smaller sets of codes for such items as types of facility, types of currency, types of units, and specified State within the United States. Standardized data content is essential to accurate and efficient EDI between the many producers and users of administrative health data transactions.
The Congress included provisions to address the need for electronic transactions and other administrative simplification issues in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, which was enacted on August 21, 1996. Through subtitle F of title II of that law, the Congress added to title XI of the Social Security Act a new part C, entitled “Administrative Simplification.” (Public Law 104-191 affects several titles in the United States Code. Hereafter, we refer to the Social Security Act as the Act; we refer to the other laws cited in this document by their names.) The purpose of this part is to improve the Medicare and Medicaid programs in particular and the efficiency and effectiveness of the health care system in general by encouraging the development of a health information system through the establishment of standards and requirements to facilitate the electronic transmission of certain health information.
Part C of title XI consists of sections 1171 through 1179 of the Act. These sections define various terms and impose several requirements on HHS, health plans, health care clearinghouses, and certain health care providers concerning the electronic transmission of health information.
The first section, section 1171 of the Act, establishes definitions for purposes of part C of title XI for the following terms: code set, health care clearinghouse, health care provider, health information, health plan, individually identifiable health information, standard, and standard setting organization.
Section 1172 of the Act makes any standard adopted under part C applicable to (1) all health plans, (2) all health care clearinghouses, and (3) any health care providers that transmit any health information in electronic form in connection with transactions referred to in section 1173(a)(1) of the Act.
This section also contains requirements concerning standard setting.
- The Secretary may adopt a standard developed, adopted, or modified by a standard setting organization (that is, an organization accredited by the American National Standards Institute (ANSI)) that has consulted with the National Uniform Billing Committee (NUBC), the National Uniform Claim Committee (NUCC), the Workgroup for Electronic Data Interchange (WEDI), and the American Dental Association (ADA).
- The Secretary may also adopt a standard other than one established by a standard setting organization, if the different standard will reduce costs for health care providers and health plans, the different standard is promulgated through negotiated rulemaking procedures, and the Secretary consults with each of the above-named groups.
- If no standard has been adopted by any standard setting organization, the Secretary is to rely on the recommendations of the National Committee on Vital and Health Statistics (NCVHS) and consult with the above-named groups.
In complying with the requirements of part C of title XI, the Secretary must rely on the recommendations of the NCVHS, consult with appropriate State, Federal, and private agencies or organizations, and publish the recommendations of the NCVHS in the Federal Register.
Paragraph (a) of section 1173 of the Act requires that the Secretary adopt standards for financial and administrative transactions, and data elements for those transactions, to enable health information to be exchanged electronically. Standards are required for the following transactions: health claims, health encounter information, health claims attachments, health plan enrollments and disenrollments, health plan eligibility, health care payment and remittance advice, health plan premium payments, first report of injury, health claim status, and referral certification and authorization. In addition, the Secretary is required to adopt standards for any other financial and administrative transactions that are determined to be appropriate by the Secretary.
Paragraph (b) of section 1173 of the Act requires the Secretary to adopt standards for unique health identifiers for all individuals, employers, health plans, and health care providers and requires further that the adopted standards specify for what purposes unique health identifiers may be used.
Paragraphs (c) through (f) of section 1173 of the Act require the Secretary to establish standards for code sets for each data element for each health care transaction listed above, security standards for health care information systems, standards for electronic signatures (established together with the Secretary of Commerce), and standards for the transmission of data elements needed for the coordination of benefits and sequential processing of claims. Compliance with electronic signature standards will be deemed to satisfy both State and Federal requirements for written signatures with respect to the transactions listed in paragraph (a) of section 1173 of the Act.
In section 1174 of the Act, the Secretary is required to adopt standards for all of the above transactions, except claims attachments, within 24 months after enactment. The standards for claims attachments must be adopted within 30 months after enactment. Generally, after a standard is established it cannot be changed during the first year except for changes that are necessary to permit compliance with the standard. Modifications to any of these standards may be made after the first year, but not more frequently than once every 12 months. The Secretary must also ensure that procedures exist for the routine maintenance, testing, enhancement, and expansion of code sets and that there are crosswalks from prior versions.
Section 1175 of the Act prohibits health plans from refusing to process or delaying the processing of a transaction that is presented in standard format. The Act’s requirements are not limited to health plans, however; instead, each person to whom a standard or implementation specification applies is required to comply with the standard within 24 months (or 36 months for small health plans) of its adoption. A plan or person may, of course, comply voluntarily before the effective date. A person may comply by using a health care clearinghouse to transmit or receive the standard transactions. Compliance with modifications to standards or implementation specifications must be accomplished by a date designated by the Secretary. This date may not be earlier than 180 days after the notice of change.
Section 1176 of the Act establishes a civil monetary penalty for violation of the provisions in part C of title XI of the Act, subject to several limitations. Penalties may not be more than $100 per person per violation and not more than $25,000 per person per violation of a single standard for a calendar year. The procedural provisions in section 1128A of the Act, “Civil Monetary Penalties,” are applicable.
Section 1177 of the Act establishes penalties for a knowing misuse of unique health identifiers and individually identifiable health information: (1) A fine of not more than $50,000 and/or imprisonment of not more than 1 year; (2) if misuse is “under false pretenses,” a fine of not more than $100,000 and/or imprisonment of not more than 5 years; and (3) if misuse is with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine of not more than $250,000 and/or imprisonment of not more than 10 years.
Under section 1178 of the Act, the provisions of part C of title XI of the Act, as well as any standards established under them, supersede any State law that is contrary to them. However, the Secretary may, for statutorily specified reasons, waive this provision.
Finally, section 1179 of the Act makes the above provisions inapplicable to financial institutions or anyone acting on behalf of a financial institution when “authorizing, processing, clearing, settling, billing, transferring, reconciling, or collecting payments for a financial institution”.
(Concerning this last provision, the conference report, in its discussion on section 1178, states:
“The conferees do not intend to exclude the activities of financial institutions or their contractors from compliance with the standards adopted under this part if such activities would be subject to this part. However, conferees intend that this part does not apply to use or disclosure of information when an individual utilizes a payment system to make a payment for, or related to, health plan premiums or health care. For example, the exchange of information between participants in a credit card system in connection with processing a credit card payment for health care would not be covered by this part. Similarly sending a checking account statement to an account holder who uses a credit or debit card to pay for health care services, would not be covered by this part. However, this part does apply if a company clears health care claims, the health care claims activities remain subject to the requirements of this part.”)
(H.R. Rep. No. 736, 104th Cong., 2nd Sess. 268-269 (1996))
B. Process for Developing National Standards
The Secretary has formulated a 5-part strategy for developing and implementing the standards mandated under part C of title XI of the Act:
- To ensure necessary interagency coordination and required interaction with other Federal departments and the private sector, establish interdepartmental implementation teams to identify and assess potential standards for adoption. The subject matter of the teams includes claims/encounters, identifiers, enrollment/eligibility, systems security, and medical coding/classification. Another team addresses cross-cutting issues and coordinates the subject matter teams. The teams consult with external groups such as the NCVHS’ Workgroup on Data Standards, WEDI, ANSI’s Healthcare Informatics Standards Board (HISB), the NUCC, the NUBC, and the ADA. The teams are charged with developing regulations and other necessary documents and making recommendations for the various standards to the HHS’ Data Council through its Committee on Health Data Standards. (The HHS Data Council is the focal point for consideration of data policy issues. It reports directly to the Secretary and advises the Secretary on data standards and privacy issues.)
- Develop recommendations for standards to be adopted.
- Publish proposed rules in the Federal Register describing the standards. Each proposed rule provides the public with a 60-day comment period.
- Analyze public comments and publish the final rules in the Federal Register.
- Distribute standards and coordinate preparation and distribution of implementation guides.
This strategy affords many opportunities for involvement of interested and affected parties in standards development and adoption by enabling them to:
- Participate with standards setting organizations.
- Provide written input to the NCVHS.
- Provide written input to the Secretary of the HHS.
- Provide testimony at NCVHS’ public meetings.
- Comment on the proposed rules for each of the proposed standards.
- Invite HHS staff to meetings with public and private sector organizations or meet directly with senior HHS staff involved in the implementation process.
The implementation teams charged with reviewing standards for designation as required national standards under the statute have defined, with significant input from the health care industry, a set of principles for guiding choices for the standards to be adopted by the Secretary. These principles are based on direct specifications in HIPAA and the purpose of the law, principles that support the regulatory philosophy set forth in Executive Order 12866 and the Paperwork Reduction Act of 1995. To be designated as an HIPAA standard, each standard should:
- Improve the efficiency and effectiveness of the health care system by leading to cost reductions for or improvements in benefits from electronic health care transactions.
- Meet the needs of the health data standards user community, particularly health care providers, health plans, and health care clearinghouses.
- Be consistent and uniform with the other HIPAA standards--their data element definitions and codes and their privacy and security requirements--and, secondarily, with other private and public sector health data standards.
- Have low additional development and implementation costs relative to the benefits of using the standard.
- Be supported by an ANSI-accredited standards developing organization or other private or public organization that will ensure continuity and efficient updating of the standard over time.
- Have timely development, testing, implementation, and updating procedures to achieve administrative simplification benefits faster.
- Be technologically independent of the computer platforms and transmission protocols used in electronic health transactions, except when they are explicitly part of the standard.
- Be precise and unambiguous, but as simple as possible.
- Keep data collection and paperwork burdens on users as low as is feasible.
- Incorporate flexibility to adapt more easily to changes in the health care infrastructure (such as new services, organizations, and provider types) and information technology.
A master data dictionary providing for common data definitions across the standards selected for implementation under HIPAA will be developed and maintained. We intend for the data element definitions to be precise, unambiguous, and consistently applied. The transaction-specific reports and general reports from the master data dictionary will be readily available to the public. At a minimum, the information presented will include data element names, definitions, and appropriate references to the transactions where they are used.
C. ANSI-Accredited Standards Committee Standard Setting Process
ANSI chartered the X12 Accredited Standards Committee (ASC) a number of years ago to design national electronic standards for a wide range of business applications. A separate ASC X12N Subcommittee was in turn chartered to develop electronic standards specific to the insurance industry, including health care insurance. Volunteer members of the ASC X12N Subcommittee, including health care providers, health plans, bankers, and vendors involved in software development/billing/transmission of health care data and other business aspects of health care administrative activities, worked to develop standards for electronic health care transactions. ANSI accredits standards setting organizations to ensure that the procedures used meet certain due process requirements and that the process is voluntary, open, and based on obtaining consensus. Both Accredited Standards Committee (ASC) X12 and the National Council for Prescription Drug Programs (NCPDP) are ANSI-accredited standards developers.
Each of the two standards setting organizations has written procedures for the establishment of, and revisions to, established standards. All of the X12 Subcommittee N: Insurance (to which we refer hereafter as X12N) standard implementations mentioned in this regulation are ASC X12 standards and are published under the designation “Draft Standard for Trial Use (DSTU)”. These standards are fully accepted and published national standards for use in electronic data exchanges. The DSTU designation is used to distinguish ASC X12 standards from those standards that have been forwarded to the American National Standards Institute for acceptance as American National Standards. ASC X12 creates a family of standards that are related and therefore only forwards standards to ANSI every five years. Although the official designation of X12 standards includes the word “Draft”, these standards are final, published national standards.
The ASC X12 development process involves negotiation and consensus building, resulting in approval and publication of DSTU and American National Standards. The ASC X12 committee maintains current standards, proposes new standards and embraces new ideas.
The ASC X12N Subcommittee is the decision-making body responsible for obtaining consensus, which is necessary for approval of American National Standards in the field of insurance. The ASC X12N Subcommittee has the responsibility for specific standards development and standards maintenance activities, but its work must be ratified by the membership of ASC X12 as a whole.
Members of the ASC X12 committee are eligible to vote on ASC X12N issues. ASC X12N votes technical issues by letter ballot. Administrative issues may be voted by letter ballot or at general sessions during ASC X12N meetings.
The NCPDP Telecommunication Standard 3.2 specifies the rules regarding the creation of a new version and release. The NCPDP standards development process involves additions of new data elements or additional values to existing data elements. Updated documentation of existing or new data elements and a new version is created with changes to: (1) the definition of an existing data element, (2) deletions of values of an existing data element, (3) deletions of existing data elements, (4) major structural changes to the formats, (5) changes in the size of data elements, or (6) changes in the formats of data elements.
These rules were confirmed by the Board of Trustees in June, 1995 and ensure that the health plan explicitly knows which Data Dictionary to apply to the transaction when processing the claim. Likewise, the pharmacy needs to know what are the acceptable fields in the response returned from the health plan.
In addition, the Telecommunication Standard Format Version/Release changes anytime there is an approved change to the Professional Pharmacy Services (PPS) standard, Drug Utilization Review (DUR) standard, Billing Unit standard or to the data elements for the claim itself.
All NCPDP implementation guides must be reviewed and approved by the Maintenance and Control Work Group prior to release to the membership. All proposed standards will have an implementation guide developed and approved prior to the proposed standard being balloted. Once balloted, the originating committee may work with individual disapproval votes to accommodate their concerns and convert their votes to approval. If the changes made to accommodate disapproval votes are considered substantial, then the item under consideration must be balloted again.
After the originating group has reviewed all comments received during the letter ballot period, the Co-Chairs of the originating group make a written request to the Board of Trustees for the ballot results collected from the Standardization Co- chairs and the Board of Directors. The Board of Trustees retains final authority over the certification of these ballot results.
Two types of code sets are required for data elements in ASC X12N and NCPDP health transaction standards: (1) large coding and classification systems for medical data elements (for example, diagnoses, procedures, and drugs), and (2) smaller sets of codes for data elements such as type of facility, type of units, and specified State within address fields. Federal agencies (NCHS, HCFA, FDA) and some private organizations (the AMA and the ADA) have developed and maintained standards for large medical data code sets. In the past, these code sets have been mandated for use in some Federal and State programs, such as Medicare and Medicaid, and the ASC X12N and NCPDP standards setting organizations have adopted these code sets for use in their standards. For the smaller sets of codes needed for various transaction data elements they have designated other de facto standards, such as the 2-character state abbreviations used by the U.S. Postal Service, or developed code sets specifically for their transaction standards.
This proposed rule would establish the standards for code sets to be used in seven of the transactions specified in section 1173(a)(2) of the Act, and for a transaction for coordination of benefits. We anticipate publishing several regulations documents altogether to promulgate the various standards required under the HIPAA. The other proposed regulations cover security standards, the seventh and ninth transactions specified in the Act (first report of injury and claims attachments), and the four identifiers.