| About HIPAA |
| The Health Insurance Portability and Accountability
Act of 1996 (Public Law 104-191), known as HIPAA,
created standards for the maintenance and transmission
of health information. |
| HIPAA requires three
types of standards: |
| |
Privacy: To
protect patient data from inappropriate disclosure
or use |
|
Security: To prevent unauthorized
access to patient information systems |
| |
Administrative Simplification:
To establish a single, uniform set of electronic
formats for electronic transactions |
| Who is affected by HIPAA? |
|
Every payer will be required to accept the
standard transactions. |
|
Every provider that uses electronic transactions
must use the HIPAA standards. |
|
All healthcare “clearinghouses”
must use HIPAA standards. Providers and health
plans also have the option of using a claims
clearinghouse, which can accept nonstandard
claims and other transactions. The clearinghouse
would then convert them to HIPAA standards. |
|
| What are the implications of HIPAA? |
In a healthcare environment that includes electronic
data interchange (EDI), email and the Internet
for communicating health information, security
and privacy are of great concern to patients.
HIPAA regulations on security and privacy establish
consistent guidelines for patients, providers
and payers to ensure that personal health information
is handled appropriately, regardless of location
or format.
HIPAA also enables all providers -– from
solo practitioners to hospital systems -–
to significantly reduce administrative costs and
streamline operations. All payers must accept
the same format and the same codes for claims.
In addition HIPAA enables providers to automate
tedious, costly manual tasks such as: |
| |
Eligibility determination
-– Providers check eligibility before
they deliver services. When claims go to the
right payer the first time, many denials are
eliminated. The provider saves time and money,
and patients experience less stress because
they know that services are covered. |
|
Claim status determination
-– Providers can check on the status
of a claim electronically. The result is fewer
misplaced claims and more efficient claim
resubmission. |
| |
Claim payment posting -–
Payments are posted automatically, virtually
eliminating posting errors and streamlining
the posting process. |
|
Referrals and authorizations determination
-– Physicians handle referrals automatically
to lower costs and create a more efficient
referral process. |
|
| |
| Accountability |
| A Strategic Approach to HIPAA Compliance
for hospitals and physicians |
| HIPAA compliance requires changes in behavior
and processes at all levels: organization, business
unit and individual. Organizations should take all
three levels into account in their HIPAA strategy,
planning and implementation. |
| |
Organizations must develop and
document organization-level policies, strategies
and plans. |
|
Business units must be responsible and accountable
to deploy those organizational-level plans.
|
| |
Individuals must then follow the policies
and procedures. |
|
| Organizations must drive accountability down to
the individual level through proper policies and
implementation. Organizations without accountability
could be held responsible for the mistakes of an
individual or business unit. |
| To assess accountability, organizations
are encouraged to: |
| |
Document all actions (for example,
creating or amending a health record) |
|
Determine the roles and personnel responsible
for those actions |
| |
Determine the software and/or other devices
involved in creating those actions |
|
| By creating this type of documentation, organizations
can begin to understand who and what is accountable
when applying policies, procedures and workflow's. |
| |
| Clearinghouse Approach to HIPAA
Compliance |
| For payers and providers, clearinghouses act as
both translator and facilitator to connect healthcare
providers.
A good clearinghouse will help help facilitate
efficient and seamless flow of healthcare information,
assisting providers and payers in understanding
each other.
We believe HIPAA will serve as a springboard
for many groups to begin using electronic transactions
to save time and money. For example, an average
eligibility request takes 20 minutes by phone,
yet it would normally take less than five minutes
electronically.
Implementation of additional HIPAA standards
will bring the entire healthcare industry into
a new world of efficiency and automation. The
national provider identifier (NPI) may stand as
the single most valuable code-set standardization,
while the first report of injury and attachment
transactions set the stage for the day when all
healthcare transactions are electronic and needed
data flows easily and securely to all parties
in the process.
Per-Se Technologies and our clearinghouse, The
Per-Se Exchange, helps customers implement these
standards and take advantage of the range of services
and revenue enhancement standardization efforts
make possible. |
| |
| Compliance Training |
| Per-Se’s compliance program helps ensure
the accuracy of the claims submission and reimbursement
process. It provides education and training in medical
coding, billing and regulatory guidelines. Both
manual audits and a sophisticated, technology-based
software product developed by IBM are used to monitor
and assess claims. The program exceeds the Office
of Inspector General (OIG) requirements for billing
companies and physician practices. Our Chief Compliance
Officer reports to our CEO and also makes quarterly
presentations to the audit committee of our board
of directors. This structure helps ensure that compliance
is front and center, and monitored at the highest
level. |
| |
| Emergency Medical Services |
| Per-Se is the leading national provider of outsourced
ambulance transport medical billing and management
services to municipalities across the nation. For
20 years we have been providing comprehensive management
solutions that meet the specific needs and requirements
of EMS organizations, including Fire Rescue departments.
No company has more experience in managing the complexities
of both small and large organizations, including
interfacing with data collection systems and hospitals.
Per-Se leverages extensive, multi-specialty medical
billing accounts to gain access to important patient
demographic information in a timely manner in
order to speed reimbursement and minimize the
patient's information burden in the medical billing
process. As a public company, Per-Se has the resources
and financial stability to consistently address
the complex requirements of an EMS organization.
We provide our clients with benchmark data to
compare their performance to their peers, a "gold
standard" compliance program and secure,
online access to accounts for patients.
As your trusted partner, we'll accelerate the
flow of funds to your agency and help you earn
more.
Our services include: |
| |
Medical Billing and Accounts
Receivable Management |
|
HCPCS Coding |
| |
Business Intelligence and Reporting |
|
Dedicated Account Management |
|
Gold Standard Compliance Program |
|
Per-Se Clearinghouse |
|
| |
| HIPAA Data Solutions and Guidance |
| Per-Se account managers have an educational and
supportive role with both clients and internal Per-Se
staff to be able to explain and implement HIPAA
rules and regulations. |
| |
| HIPAA HNSF Specs |
| Per-Se has published a manual describing the data
elements required by HIPAA. Please review this attachment
along with the included revisions. In order for
us to process your claims in a HIPAA-compliant manner,
you must perform a GAP analysis of your existing
claim data and incorporate any additional data elements
into your billing process.
If you plan to submit "837" ANSI claim
transactions to The Per-Se Exchange, please contact
the support desk to schedule testing and implementation
of this submission format.
If you plan to submit a print image file, please
review the HNSF specifications to make sure that
all required fields are present somewhere in your
data stream. Please contact the help desk to ensure
that we are able to map these fields. |
| |
| Security |
| HIPAA security standards guard the integrity,
confidentiality and availability of individual health
information. The standards are not restricted to
any particular technology and can be adjusted to
accommodate the size and complexity of healthcare
organizations. At a minimum, all health plans, clearinghouses
and healthcare providers that transmit or maintain
electronic health information must conduct a risk
assessment and develop a security plan to protect
individual health information. They must also document
these measures, keep them current and train their
employees on appropriate security procedures.
The security standards are divided into
four categories: |
| |
Administrative procedures are
documented, formal standards for selecting
and executing information security measures.
These procedures also address staff responsibilities
for protecting data. |
|
Physical safeguards protect physical computer
systems and related buildings and equipment
from fire and other environmental hazards,
as well as intrusion. Locks, keys and administrative
measures may be used to control access to
computer systems and facilities. |
| |
Technical data security services protect,
control and monitor information access. |
|
Technical security mechanisms prevent unauthorized
access to data transmitted over a communications
network. |
|
| |
| Strategic Integration of Compliance |
A Strategic Approach to HIPAA Compliance for hospitals
and physicians
While it is tempting to view HIPAA compliance simply
in terms of the transaction between the provider
and payer, this electronic movement of data is only
one small part of the total data stream: from the
point-of-service through internal and external processes
to the point where the transactions then pass to
the payer.
The following questions are helpful in
evaluating a HIPAA strategy: |
| |
How might you benefit if your
systems were seamlessly integrated? |
|
How many applications and processes are
involved in the daily flow of information
regarding your patients? How many hand-off
points would need to be secured? |
| |
What is the relationship of e-health strategies
to HIPAA compliance? |
|
What related processes would benefit from
concurrent automation? |
|
| While it may be overwhelming to take into consideration
anything other than the detailed regulation requirements
of HIPAA, taking a strategic approach will actually
simplify and consolidate many procedures and allow
you to take full advantage of the benefits HIPAA
will offer the healthcare industry. Healthcare organizations
can make the most efficient use of their IT budgets
by: |
| |
Merging system consolidation
and integration efforts with HIPAA compliance
efforts. Since you may already be assessing
system consolidation and replacement of outdated
systems and disparate applications, you should
also consider the implications of HIPAA compliance
when developing future IT strategy to ensure
the security of data. |
|
Merging e-health strategies with HIPAA compliance.
Healthcare organizations should consider HIPAA
requirements in developing Internet strategies
and partnerships. |
| |
Rethinking and reengineering administrative
processes for the current and future healthcare
environment. HIPAA will help healthcare organizations
automate administrative tasks. |
|
