HIPAA 2014 Mantra

THE HIPAA MANDATE REQUIRING PAPER-FREE RECORD KEEPING IS QUICKLY APPROACHING. HOW CAN YOU PREPARE FOR THE INEVITABLE?

The year 2014 is the president’s wishful target for transforming paper client records into a relic from the past, banished forever from the offices of occupational therapists, physical therapists, speech-language pathologists, case managers, and others in private practice. Gazing into the crystal ball suggests the real changeover may take longer. Replacing the familiar format would be electronic health records (EHR), an improvement spurred by the movement to boost health care quality and efficiency and curb the rising costs of delivering patient care.

Providing a foundation for the movement toward health information technology (HIT), the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has fostered wide-ranging federal standards for administrative transactions, national health care identification numbers, and privacy and security protections for patients’ medical records. The privacy provision that took effect in 2003 required health care providers and others to create comprehensive patient-confidentiality policies and procedures ensuring protected health information (PHI) is shielded—in paper and electronic form. Soon after, security regulations were later issued, outlining a range of technical and administrative actions to protect electronic records in storage and in transit.

THE LOWDOWN

Health care costs are skyrocketing and cost-cutting measures are at the forefront for employers and government agencies. HIT has been cast as a slimming solution. Several initiatives involving standardized medical record formats could impact providers in the next 2 to 3 years.

Electronic prescribing: Viewed by many as the low-hanging fruit of the HIT realm, it delivers clinical and administrative advantages minus high costs associated with full EHR systems. The Medicare Improvements for Patients and Providers Act of 2008 (MIPPA) addressed the Medicare payment cut and detailed an incentive program for e-prescribing. In 2009, providers will be eligible for a 2% bonus atop their regular Medicare payment. The bonus then decreases for a number of years, and a 1% decrease in payment is slated for 2012. Starting in 2014, those who shun e-prescribing would face a 2% cut in the payment. Hope abounds that the program, in tandem with the 2006 relaxation of the Stark and anti-kickback provisions against hospital donation of HIT, can spark the industry and foster broad adoption of the technology.

Standardized claim format: Today’s 4010 version of the HIPAA electronic transactions standards is being replaced with an 5010 version. The transition may start in 2009, and would entail new formats for many daily business transactions, such as electronic claims, insurance eligibility, remittance, and monitoring status of claims with health plans. Billing software contracts may cover the changes, but providers should discuss the process with vendors and budget for potential cost hikes. Regarding the International Classification of Diseases, 10th edition (ICD-10), many view the switch as possibly the most significant change in the last quarter century. ICD-10 would comprise some 120,000 codes versus the 12,000 codes found in ICD-9-CM. Providers should embark on planning when the rule is issued. All practice management software would need to be upgraded to comply, and staff members would need training—paid from the providers’ till. Clinics are urged to begin budgeting to ensure funds are earmarked for the conversion. ICD-10 will also affect how providers interact with health plans. Contracts would need modifications, and providers may need to find the level of coding specificity for each plan. The prolonged fulfillment of the HIPAA mandate has demonstrated that simultaneous compliance for all is not likely, and billing systems would likely run ICD-9 and ICD-10 simultaneously for a time to ensure payable claims are generated for all clearinghouses and plans—including those that have been slow to comply. It is not yet known how health plans—including Medicare and Medicaid—would handle the codes. Some suggest national pilots could help smooth out potential wrinkles prior to the full rollout, but providers may want to begin the educational task pronto when the new codes are issued.

Personal health records (PHR): Patients may refer providers to a Web site stocked with health records or hand over a flash drive to download—and later upload—the information. Google Health and Microsoft HealthVault are big players, serving as repositories for patients to collect and store personal and family health information. Unknowns abound, such as: how PHRs would be incorporated in a practice’s workflow, whether health plans will pay for the added time needed to process the material, how broad use of PHRs would affect the standard of care and malpractice, and whether they would have uniform configurations. The Certification Commission for Healthcare Information Technology (CCHIT) plans to begin certifying PHRs in 2009.

I FOUGHT THE LAW AND THE LAW WON

Many in the industry invite congressional action to speed up the formation of a nationwide EHR framework, but HIT legislation has been dodgy. Despite partisan bickering in Washington, one of the few topics of agreement is HIT. Several bills introduced in the Senate and House have attracted widespread bipartisan support, promoting standardization and interoperability, and in some cases they identify a moderate sum to help providers adopt the technology. Some expect HIT will be addressed in 2009 by the new administration and Congress, and both candidates have pledged to continue promoting and expanding the use of HIT.

Some 25,000-plus complaints have been lodged with the Office for Civil Rights, the enforcement agency for HIPAA privacy, but no fines have yet been levied for infractions.

BEHIND CLOSED PORTALS

CCHIT certification of ambulatory EHRs encompasses a range of criteria in the areas of functionality, interoperability, and security. Even those who do not have a CCHIT-certified system should consider the business perks of complying with HIPAA security requirements. As practices shift to an electronic environment, they should review and compare HIPAA security requirements with their practices. The value of HIPAA security measures extends well beyond enforcement—they become a titanium lock on the office door. If computers are stolen and all data is housed in one computer, a provider could rapidly be out of business. Providers need to perform their own risk analysis beginning with a two-word mantra: what if? What if a computer is stolen, or a hurricane floods the office, or power cuts out, or the server crashes and a technician’s visit is delayed for days, or a hacker gains entry? Providers need to be proactive and should create backup systems for contingencies.

EAR TO THE PAVEMENT

Professional industry association experts see lots of moving parts in the push for a universally accessible and secure EHR, but while the 2014 deadline is not etched in stone, some urge affected providers to proactively heed the call. That may not always be as easy as it sounds—administrative costs and undetermined technological standards would need to be worked out first. When the privacy rule was being drafted and put in place, many practitioners voiced great concerns about how to implement it and how they would notify patients, about the administrative burden. Many of those concerns were addressed when the rules were finalized, and the ones that were not addressed, in terms of changes, were adapted to over time. It is no longer a big deal to see a privacy notice posted in practitioners’ offices, but when it was first suggested, many envisioned it as a horrible administrative burden. As rules went in place and practitioners adapted their business practices to comply, over time the system has worked fairly well. Some wonder how existing systems will ultimately adapt, what kind of e-bridges and crosswalks will be built to make the new system workable, whether the government will provide funding, and if providers’ fees will be raised to pay the tab.

In the Medicare system and with other payors, a move is afoot toward pay-for-performance, or payment for meeting quality standards. As those efforts move forward in public and private insurance plans, electronic recordkeeping may be the linchpin for securing additional payments and meeting quality requirements. Insiders buzz about needing to record different kinds of information about therapy patients that link into quality monitoring or payment limitations. In-home health therapy providers often tote portable laptops for records. In hospitals that embrace EHR, practitioners are joining in with the other staff members. Therapists will likely change the kind of data they capture, and will need to be flexible to exercise clinical judgment in appropriate ways. For example, the EHR may ask therapists for information in only certain categories, and therapists may need to ask additional questions to assess a client’s condition and create a treatment plan. The therapists will need to go beyond the EHR to capture additional data, which could be problematic for some who have mastered the tasks but not the technology. Practitioners may need to be more consistent in the terminology they use, and express their clinical findings in different ways. Lots of research is being done on self-reported data from patients, and that will become part of the mix. Patients will be self-reporting on computers, and therapists may need to use different skills to analyze the data. Instead of observing patients and determining if they can perform functions, patients’ self-reported information will be introduced as part of the evaluation process. Patients will complete a survey of sorts that analyzes concerns and conditions from their point of view. EHRs make these kinds of data-gathering methods easier to implement, and as more providers get wired with electronic systems, new sources of information, such as patient self-reports, will be tapped.

HANDS-ON

Some are massing on the front lines today. A large hospital in Southern California went live with an electronic medical record (EMR) system in the summer of 2008, after more than 3 years of testing, play training and trials for workgroups, build groups, and validation groups comprised of physicians, nurses, clinicians, and programmers. Occupational therapists, physical therapists, and speech treatment specialists joined forces to build notes. A couple of superusers—highly trained staff members who may be specific to an area, and support other staff members as they embark on using the system—were relieved they no longer have to decipher handwritten notes and orders. They applauded the improvement over bygone days of redundancy and fragmented charting. The facility joined some 10% of hospitals nationwide that have embraced a fully integrated EMR system where physicians directly enter patient orders in a computer.

A superuser rehab nurse extolled the ease of allowing occupational therapists, physical therapists, and others to zap into the same chart at the same time on a computer, even a roaming computer, versus the tug of war for paper documents. Extra security precautions can be embedded for VIPs, so users on a need-to-know basis can “break the glass”—jargon for bypassing security protections—to view patient information.

Viva the e-revolution!

---

Judy O’Rourke is the associate editor of  Rehab Management. For more information, please contact .