“Underlying principles of quality for an ever-changing
tomorrow…”
HIPAA Readiness Statement
March 2003
Quantum Health Automation, Inc. Public
HIPAA Readiness Statement April 2003
HIPAA Readiness Statement
Table of Contents
Overview.......................................................................................................3
Correspondence............................................................................................3
HIPAA Administration Simplification………….…...........................................................................4
Compliance
Dates…….................................................................................4
Compliance
Breakdown...............................................................................4
Transactions and Code
Sets.........................................................................4
Privacy &
Security………….…...................................................................5
HIPAA Strategy.................................................................................…...…5
HIPAA EDI Testing &
Certification….…..........................…..........5
What is Claredi
Certification?…….........................................…......5
Why
Certify?...............................................................................…....6
Non-standard
Formats..……..................……………............................…..6
Chain of Trust & Business Associate Agreements………………..……...6
No
Warranties………………...................................................................…7
HIPAA
Resources………………………………………………………….7
Summary………..………………………………………………………….7
Quantum Health Automation, Inc. Public
HIPAA Readiness Statement April 2003
Overview
Change, change, and more
change! The word seems quite synonymous
in the ever-changing field of healthcare and technology. It is vitally important in order to remain
competitive, efficient and accountable with products and services offered in
the healthcare industry today and in the future.
Over the past decade, Quantum
Health Automation (QHA) has grown to serve well over 2000 healthcare providers
(billing centers, chiropractors, physical therapists, MRI facilities,
etc). We have consistently strived to
offer the best possible services and products at the most affordable prices.
We pride ourselves on being a
national based clearinghouse with connections in over 40 states and provide one
of the largest all payer networks for
our customers far and wide. We are a
systems integrator for many technologies – which includes electronic data
interchange (EDI) solutions - and offer turn-key solutions to keep our
providers abreast of the information age.
We have prepared the enclosed
information in hope that the package will give you more insight on
The Health
Insurance Portability and Accountability Act of 1996 (HIPAA). Our strategy and transition is thought out with you in
mind accompanied by a team of technical professionals in place to answer
questions and address support issues specifically targeted for HIPAA. Although QHA’s products and services cannot
make your facility compliant in itself (i.e. providers’ in-house procedures),
we are committed in helping our customers to be as compliant as possible with
the electronic security, privacy and standardized code sets objectives of
HIPAA.
Our commitment is to you and
your organization in protecting your investment in us both now and in the
future. We welcome the opportunity and
challenge to work with you in the surmountable endeavor of HIPAA.
We appreciate your time and
value your business!
Quantum Health Automation,
Inc. (QHA)
Correspondence
QHA HIPAA Support
hipaa@qhaclaims.com
www.qhaclaims.com
800-500-8747 Toll Free
812-468-8477 Local
812-468-8478 Fax
The contents of this HIPAA Readiness
Statement are intended for general informational and educational purposes only
and should not be construed as legal advice. The information is not intended to
create, nor does its receipt constitute, an attorney-client relationship.
Readers are urged not to act upon the information contained in this HIPAA
Readiness Statement without first consulting an attorney licensed in the
appropriate jurisdiction. This HIPAA Readiness
Statement is prepared as a service to our customers and is believed by Quantum
Health Automation (QHA) to be reliable.
QHA cannot control or provide any warranty about the content,
availability, or accuracy of the information contained on any referenced
internal or external source.
Quantum Health Automation, Inc. Public
HIPAA Readiness Statement April 2003
HIPAA
Administrative Simplification
The
Administrative Simplification provisions of the Health Insurance Portability
and Accountability Act of 1996 (HIPAA, Title II) require the Department of
Health and Human Services to establish national standards for electronic health
care transactions and national identifiers for providers, health plans, and
employers. It also addresses the security and privacy of health data. Adopting
these standards will improve the efficiency and effectiveness of the nation's
health care system by encouraging the widespread use of electronic data
interchange in health care.
Compliance Dates
- Transaction and Code Sets—Final
Rule published
- Data Privacy—Final Rule
published
- Data Security—Proposed
Rule published
- National Provider Identifier – Effective: Pending
Legislation
- National Employer Identifier – Effective: Pending
Legislation
- National Individual Identifier – Effective: Pending
Legislation
- National Health Plan Identifier – Effective: Pending
Legislation
- Claim Attachments – Effective: Pending Legislation
- Enforcement – Effective: Pending Legislation
Compliance
Breakdown
The
Administrative Simplification Requirements of HIPAA consist of seven parts but
focus is placed primarily on the following four parts:
(1)
Transactions and Code Sets
(2) Privacy
(3) Security
(4) Standard
Identifiers – PENDING LEGISLATION – will not be discussed until ruling
effective.
Transactions and
Code Sets
The following list is
comprised of transaction standards and related code sets adopted to date. We have only highlighted the listed code sets
as they pertain to you and QHA as your clearinghouse. The highlighted code sets are what QHA will
seek for certification through the third party company, Claredi, Inc. (See
section on HIPAA Strategy and Claredi, Inc.)
The most important of these transaction sets being ASC X12N 837 for
health care professional claims, in which, QHA has been certified in respect to
HIPAA Compliancy.
Transactions - ASC X12N
(i) The ASC
X12N 837-Health Care Claim: Dental
(ii) The ASC X12N 837-Health Care Claim:
Professional
(iii) The ASC X12N 837-Health Care Claim: Institutional (Hospital – UB92 Code
Set)
(iv) The ASC X12N 270/271-Health Care Eligibility
Benefit Inquiry and Response
(v) The ASC X12N 278-Health Care Services Review/Request for Review and
Response
(vi) The ASC X12N 276/277 Health Care
Claim Status Request and Response
(vii) The ASC X12N 834-Benefit Enrollment and Maintenance
(viii) The ASC X12N 835-Health Care
Claim Payment/Advice
(ix) The ASC X12N 820-Payroll Deducted and Other Group Premium Payment for
Insurance Products
NOTE: HIPAA does not require a health care provider
to conduct all electronic transactions stated in the ‘Transactions and Code
Sets’ standards. Rather, conducting any
one of these business transactions electronically must be done in a
standardized format outlined in the ruling.
Whether or not a provider contracts with a third party billing agent or
clearinghouse to conduct these transactions, it is the responsibility of the
health care provider to be conducting business in compliance with HIPAA.
Privacy &
Security
QHA has created
in-house data policies and protocols to effectively maintain the privacy,
confidentiality and security of ‘data at rest’ (i.e. data stored at QHA) and
‘data in transit’ (i.e. data transmitted to QHA via a communication device such
as a: modem, DSL, Cable Modem) as the HIPAA Privacy & Security Guidelines
have established under which protected health information (PHI) may be used by
entities (providers, clearinghouses and payers). QHA is continuing to implement authentication
and encryption measures for data activities within the entire provider-to-clearinghouse-to-payer
framework crucial to ensuring data privacy, confidentiality and security. QHA is committed to ensuring its customers
that its data will be secure, protected, and maintained above and beyond
provisions set forth by HIPAA.
HIPAA Strategy
In an ongoing effort to ensure HIPAA compliancy, QHA and many of its
trading partners have opted for third party certification. QHA’s goal and foresight is to offer our
customers the ability to transmit all transaction code sets (Claredi
certification obtained for all ASC X12N transactions highlighted above) by
testing with the nationally accredited company Claredi. QHA has already obtained certification in
key areas of these transactions code sets such as: the (ii) ASC X12N
837-Health Care Claim: Professional & (vi) ASC X12N 276/277 Health Care
Claim Status Request and Response.
Certain transactions will continue to be
batched while other transactions will be offered in real-time via the Internet.
Rest assured, QHA can presently process and
generate our customers’ claims as a HIPAA-compliant transaction.
The information below is help our customers better understand the HIPAA
EDI Testing & Certification process.
HIPAA EDI Testing & Certification
[1]Claredi is nationally
known comprehensive testing and certification service helping health care
entities meet HIPAA EDI transaction requirements. Claredi has become the
industry's leading service for testing, certifying and expediting trading
partner interoperability.
What is
Claredi certification?
Claredi certification is an independent verification by Claredi which
healthcare providers, payers, or clearinghouses are capable of sending or
receiving specific transactions in compliance with the HIPAA Implementation
Guides. The Claredi analysis also indicates the details of the EDI capabilities
in the files submitted for certification.
Quantum
Health Automation, Inc. Public
HIPAA Readiness Statement April 2003
The value of becoming certified allows clearinghouses and
trading partners to know what specific capabilities are relative to sending or
receiving HIPAA EDI-compliant transactions. Once a clearinghouse receives
certification, the need to test against trading partners is dramatically
reduced because both parties have demonstrated HIPAA compliance capabilities.
This serves to help trading partners to be comfortable with the reduction in
testing.
[2]Why
Certify?
While there is clear regulatory requirement for compliance with
specific EDI standards, there is no such stipulation about certification.
However, the HIPAA rules recommend that you do a minimum level of
certification.
But the fact is that
objective, third-party certification of an organization's capability for
pertinent standard transactions can help bring order out of chaos and speed the
realization of economic benefits from HIPAA implementation. In addition, being
certified as HIPAA compliant, even if it is for only some of the transactions,
demonstrates your "good faith" effort in complying with the law. This
could become important in preventing fines later.
Third-party certification
can greatly facilitate that re-formation of trading partner relationships. By
identifying all the types and variations of transactions that they may need to
send and receive, then testing and obtaining certification in all of those,
each provider or payer can be labeled as HIPAA compliant. This will preempt the
need to test and certify with each individual real or potential trading
partner.
Non-standard Formats
Presently, all QHA customers send
claims in the following non-standard formats:
(i)
Proprietary
(ii)
National
Standard Format (NSF)
(iii)
Print
Image/HCFA Image
QHA will continue to support
non-standard/non-compliant formats, which will be converted to standard
transactions and forwarded when possible.
We will continue to provide analysis on our customers claim data to
determine if any data gaps between the various types of non-standardized files
and the new HIPAA compliant ANSI 837 format exist. An array of programming tools called the
HIPAA Suite Shop will be used to bridge the data together to create an “as
compliant as possible” ANSI837 file. As
more information becomes available on some of the pending legislation we will
continue to address this issue. The best
alternative is to have software capable of doing ANSI 837 transactions by
October 2003.
Chain of Trust and Business Associate
Agreements
QHA understands
the confidential nature of protected healthcare information (PHI) and thus
shall enter into legal Chain of Trust and Business Associate
Agreements with its customers, vendors, subcontractors, and any other
applicable parties who would receive, handle or view such data including, but
not limited to, QHA’s employees.
Confidentiality provisions for purposes of on-site installation,
implementation, and maintenance support services shall thus be implemented to
ensure legal safeguards specific to the handling of PHI and guaranteed patients
new rights and protections against the potential misuse or disclosure of health
records as stated by the Department of Health and Human HIPAA Regulations.
Quantum Health Automation, Inc. Public
HIPAA Readiness Statement April 2003
No Warranties
The contents of this HIPAA
Readiness Statement are intended for general informational and educational
purposes only and should not be construed as legal advice. The information is
not intended to create, nor does its receipt constitute, an attorney-client
relationship. Readers are urged not to act upon the information contained in
this HIPAA Readiness Statement without first consulting an attorney licensed in
the appropriate jurisdiction. This HIPAA
Readiness Statement is prepared as a service to our customers and is believed
by Quantum Health Automation (QHA) to be reliable, Although, QHA cannot control
or provide any warranty about the content, availability, or accuracy of the
information contained on any referenced internal or external source.
HIPAA Resources
Please take advantage of the
many educational opportunities of professional health care and related
associations and organizations to assist in meeting the extensive compliance
requirements and deadlines imposed by HIPAA.
Choosing the right partner in
the indoctrination of HIPAA awareness, compliance preparedness and
implementation is critically important in meeting the challenge.
It is with this objective in
mind that we offer the following HIPAA Resources:
Websites:
http://cms.hhs.gov/hipaa/hipaa2/readinesschklst.pdf
www.healthcaretrainingstrategies.com
Summary
The purpose of our HIPAA
Readiness Statement is to encourage a well-developed plan of action, promote
information protection and good business practices, point out responsibilities
and provide standards plus safe harbors for proper HIPAA administered
management of PHI.
It is also our goal to
uncover any misunderstandings of the relationship between our clearinghouse
(QHA) and you as a provider of healthcare - and to layout a blueprint of QHA’s
compliancy plan for HIPAA which, in the end, we intend to be a Quantum Leap
ahead of the rest.
We hope we have helped!
Quantum Health Automation, Inc. Public
HIPAA Readiness Statement April 2003