Resources

Client Alerts, News Articles, Blog Posts, & Multimedia

Everything you need to know about BMD and the industry.

The Latest CMS Guidance: HIPAA Edition

Client Alert
June 23, 2022

The Latest CMS Guidance: HIPAA Edition

Healthcare worker holding an iPad with HIPAA Compliance

What are the HIPAA Administrative Simplification Regulations?

The HIPAA Administrative Simplification Regulations—encompassing 45 CFR Part 160, Part 162, and Part 164—require HIPAA covered entities to adopt standards for transactions involving the electronic exchange of health care data. The HIPAA Administrative Simplification Regulations include four standards covering transactions, identifiers, code sets, and operating rules. In addition to complying with the HIPAA Administrative Simplification Regulations, HIPAA covered entities must also comply with the HIPAA Privacy and Security Rules.

The purpose of these regulations is to save time and money by moving away from the burdensome paperwork system used for billing, storing patient information, and organizing claims data. By switching to electronic transactions, healthcare organizations can reduce the paperwork burden, receive payments faster, easily obtain patient information, and quickly, check the status of claims.

CMS has recently put out updated guidance for healthcare providers and plans clarifying these HIPAA regulations.

Covered Entities, Listen Up!

HHS defines a transaction as an electronic exchange of information between two parties to carry out financial or administrative activities related to healthcare. HIPAA requires covered entities to conduct standard transactions with one another. Conducting a transaction as a “standard transaction” includes compliance with the set data standard and affiliated operating rules, code sets, and unique identifiers for the particular transaction. HHS has adopted standards for Health Care Claims or Equivalent Encounter Information (45 CFR § 162.1101-1102), Eligibility for a Health Plan (45 CFR § 162.1201-1203), Referral Certification and Authorization (45 CFR § 162.1301-1302), Health Care Claim Status (45 CFR §162.1401-1403), Enrollment or Disenrollment in a Health Plan (45 CFR § 162.1501-1502), Health Care Electronic Funds Transfer and Remittance Advice (45 CFR § 162.1601-1603), Health Plan Premium Payments, Coordination of Benefits (45 CFR § 162.1701-1702), and Medicaid Pharmacy Subrogation Transactions (45 CFR § 162.1901-1902). 

Specific parameters for covered entities also exist. For example, if a covered entity uses a business associate to conduct any portion of a transaction for which a standard has been adopted, the covered entity must require their business associate to comply with that standard. Simply put, the inclusion of a business associate in a transaction does not relieve a covered entity of its responsibility to comply with HIPAA because a business associate is acting on behalf of a covered entity.

Additionally, there are specific parameters for covered entities entering into trading partner agreements. Trading partner agreements are agreements related to the exchange of information in electronic transactions between each party to the agreement. For example, it is standard for a trading partner agreement to set out the duties and responsibilities of each party to the agreement in conducting a standard transaction. Importantly, a covered entity cannot enter into a trading partner agreement that would: (a) change the definition, data condition, or use of a data element or segment in an adopted standard or operating rule; (b) add any data elements or segments to the maximum defined data set; (c) use any code or data elements marked “not used” or that are not in a standard; or (d) change the meaning or intent of a standard.

General Provisions for Health Care Providers and Health Plans, Explained

If a health care provider chooses to use a DDE platform—a direct data entry platform like a provider portal—offered by a health plan to conduct a transaction for which a standard has been adopted, the provider must use the applicable data content and condition requirements of the standard. However, there is an exception for providers that negates their requirement to follow standard formatting protocols when using a DDE platform.

However, a health plan must always conduct a transaction using an adopted standard if requested. They may use a paper-based or manual method, a DDE portal, or an electronic funds transfer. Of note, there are no exceptions to this requirement. This means that a health plan must comply with a provider’s request to conduct a transaction as a standard transaction regardless of the provider’s affiliation, or lack of, with the plan. There are also key prohibitions for health plans. Mainly, a health plan cannot:

Delay or reject a transaction because the transaction is a standard transaction. For example, the plan cannot provide incentives that discourage the use of standard transactions;

Reject a standard transaction just because the health plan does not use some or all of the data elements, such as coordination of benefits data elements; or

Offer an incentive for a health care provider to conduct a transaction using a DDE exception.

Relatedly, the coordination of benefits and code sets are also regulated. If a health plan receives a standard transaction and coordinates benefits with another health plan or payer, then the health plan must store the coordination of benefits data it needs to forward the standard transaction to the other health plan or payer. Simply put, even if the initial receiving health plan does not need the coordination of benefits information, that information is required to process the transaction and the information must still be stored for transmission to the subsequent health plan or payer. Additionally, a health plan must accept and process any standard transaction that contains valid codes, and it must keep code sets for the current billing and appeals periods open to processing.

Sidebar: What are Standard Unique Health Identifiers for Health Care Providers?

A covered health care provider is a health care provider that transmits any health information in electronic form in connection with a transaction for which a standard has been adopted. A covered health care provider must obtain a National Provider Identifier (NPI) from the National Provider System (NPS) and use an NPI on all standard transactions that require its health care provider identifier. Likewise, a covered health care provider must give its NPI to any requesting entity so that they can identify the health care provider in a standard transaction. Of note, a covered health care provider must also require its business associates to use the provider’s NPI. Further, when a covered health care provider is an organization—for example, a corporation or partnership—it must require all individual prescribers it works with to both obtain an NPI and share the NPI upon request with any entity for use in a standard transaction.

If you have any questions about any of the new CMS Guidance and how it may impact your practice, please reach out to your local BMD Healthcare Attorney, Daphne L. Kackloudis at dlkackloudis@bmdllc.com or Ashley Watson at abwatson@bmdllc.com.

 

HIPAAHIPAA ComplianceHealthcareCMS
Client Alert

2022 Healthcare Recap and 2023 Healthcare Check-Up

December 20, 2022As the country begins to return to a new “normal” following the COVID-19 pandemic, there are many healthcare rules changing on both the federal and state levels as a result. Thus, it is important for healthcare providers and their employers to be aware of these changing rules, and any implications they may have on their practice. Look back on healthcare in 2022 and find a checklist for 2023.Client Alert

Direct Support Professional Retention Payments

December 19, 2022On December 15, the Ohio Senate and House passed House Bill 45, which authorizes the Department of Developmental Disabilities (DODD), in conjunction with the county boards of developmental disabilities, to launch their initiative to issue retention payments to Direct Support Professionals (DSPs). These retention payments will be distributed quarterly to participating home and community-based waiver providers to address the workforce crisis in the direct provider sector. Governor DeWine needs to sign the Bill to begin the payments, but he is expected to do so by the end of 2022.Client Alert

Real Estate Investors Position for 2023 Opportunities

December 19, 2022Real estate investors weathered another year in a post-pandemic world, with the year closing with yet another interest rate increase coupled with both uncertainty and heightened interest carrying into 2023. Just last Wednesday, the Federal Reserve raised its benchmark interest rate 0.50 percentage points, shifting the target range to 4.25% to 4.50%. The new level is the highest the fed funds rate has been since December 2007 and marks the seventh rate hike this year. So what does this mean to investors, brokers, lenders, and others in the real estate world? Read a few perspectives below from stakeholders familiar with our BMD clients and the markets in which they do business.Client Alert

Five Major Trends for Employers to Watch Out For in 2023

December 19, 2022Five Major Trends for Employers to Watch Out For in 2023: Major changes may be on the horizon for noncompete clauses. The EEOC is gearing up to file more discrimination lawsuits against employers. The Department of Labor is poised to raise the salary threshold for exempt employees under the FLSA. Unionization momentum may slow in 2023. ESG is the new norm to attract and retain talent.Client Alert

Patient Abandonment and Termination

November 17, 2022Healthcare professionals have a responsibility to patients with whom they have established a treatment relationship. However, there may be some instances when they will need to terminate their relationship with a patient. FAQs for patient abandonment and termination are provided to help guide physicians.
Older posts
Newer posts