HHS to audit plans for compliance with HIPAA transactions
The federal agency responsible for regulations governing standardization of electronic transactions and data accessibility for consumers is ramping up adherence efforts.
The Department of Health and Human Services is launched a pilot auditing program, starting with health plans and claims clearinghouses, to ensure industry stakeholders are complying with HIPAA-related rules governing electronic healthcare transactions.
In April, the HHS selected nine covered entities for the pilot initiative for a compliance review. Transactions that will be assessed include electronic funds transfer, remittance advice, responses to eligibility for benefits requests and claim status requests.
Results of the audit were not immediately available. However, HHS expects to get a better understanding of the types of which HIPAA transactions are being violated and ways to make improvements.
Over time, the program is expected to be expanded, and providers will be included.
The Workgroup for Electronic Data Interchange, a stakeholder initiative to improve health data exchange, supports the audit program.
“In general, the industry as a whole, including providers, health plans and clearinghouses, have encouraged HHS to take steps to ensure compliance with HIPAA standards and operating rules,” says Charles Stellar, President and CEO at WEDI. “The compliance reviews are a good step toward greater adoption of standard administrative electronic transaction, which means greater cost and time savings for all parties involved with healthcare billing and payments. Ultimately, greater use of electronic transactions will mean lower healthcare costs for consumers.”
Stellar says WEDI will host a webinar for members in the next few weeks to explain the program.
HIPAA standard transactions have historically been difficult to implement throughout the industry because of variations in the way they are used, often specific to individual insurers or providers. These minor variations have hampered widespread use of the standards in enabling the seamless flow of electronic transactions in the industry.
Related challenges also hamper patient access to their own data, WEDI notes.
Stellar says that HHS is concerned that, more than a decade after HIPAA standards were finalized, patients still have trouble getting their own health information and sometimes being charged for it, or frontline staff members in provider organizations may require a patient to submit and email or fax request for their information, or simply are told that the information cannot be given because that would be a HIPAA violation, which is incorrect.
In some cases, according to Stellar, patients are not getting their information because the office simply doesn’t have a system set up to manage the process of giving patients their information.
Consequently, WEDI intends to provide more education to the industry to improve compliance with HIPAA and may work with the Office for Civil Rights to increase provider awareness. Stellar would like to see that some of the education focuses on provider information systems being sound and able to protect the integrity of the data.
Providers should take the possibility of being selected for a HIPAA audit seriously, Stellar cautions. “HHS is saying, ‘We do have a tested system that will be selecting entities for compliance review and hope others do their own testing, as you may be one of those chosen for a compliance review.’ ”
The Centers for Medicare and Medicaid Services has issued guidance, available here, on steps that health plans and clearinghouses can take to prepare for the audit program.
In 2019, providers can voluntarily participate in a pilot program.