Final Rule for Healthcare Electronic Transactions and Code Sets

The long-anticipated final rule for healthcare electronic transactions and code sets was released on Thursday, August 17, 2000. This final rule (Rule) is the first of several anticipated for release by the Secretary of the Department of Health and Human Services (DHHS) over the next four months and covering the administrative simplification aspects of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)-Public Law 104-191.

This analysis will cover the rule itself, any expected impacts on HIM, and resources for further information, training, and implementation. HIM professionals should note that fundamentally the Rule adopts the electronic transaction standards and codes published in the proposed rule published in May1998. How the rule affects on HIM functions, and how it responds to AHIMA's previous comments, is covered below. There are several changes and clarifications from the 1998 publication, and while this analysis highlights many of the pertinent changes, reading this summary is not a replacement for a close review of the entire rule.

The analysis includes:

• Information Regarding the Rule Publication
  
  
• Effective Dates
  
  
• What the Rule Covers
• Application to Specific Entities
• Definitions
• Functional Transactions
• Medical Data Codes
• Other Code Sets
• Business Relationships
• Simplicity and Uniformity
  
  
• Reaction to AHIMA's Previous Comments
  
  
• Background and History
  
  
• Designated Web Site Resources
  
  
• Other Helpful Web Sites
  
  
• Link to AHIMA Resources

Information Regarding the Rule Publication

Entitled Health Insurance Reform: Standards for Electronic Transactions, the Rule can be found in the Federal Register, Vol. 65, No. 160, Pages 50312-50372. A second accompanying rule related to designated standards maintenance organizations can be found on page 50373.

Copies of the Federal Register can be purchased individually from the Superintendent of Documents; however, it takes several weeks to receive such a copy¹. A much easier way to obtain a copy is to go to the Federal Register and Government Printing Office Web Site at www.access.gpo.gov/su_docs/fedreg/a000817c.html. Downloading the Rule requires the use of Acrobat Software, which is available for free at the GPO Web site and is safe to use.

The Rule also contains a number of other Web sites that must be accessed to implement these regulations. These Web sites, and other resources to help understand the Rule and its standards, are included below.

Effective Dates

While this final rule was printed on August 17, it does not become effective until October 16, 2000. Given the dollar impact of the regulation on the entire healthcare community, Congress technically can rescind its approval. This is not expected. The Rule calls for two separate dates of compliance, the earliest being October 16, 2002. As noted, there are be other proposed and final rules associated with HIPAA. According to DHHS staff, these rules should be released before the end of the year with a few exceptions, noted in the Rule and below.

One caveat appeared in the preamble of the Rule. The DHHS Secretary (secretary) indicates (65FR50365)² that: "If the privacy standards are substantially delayed, or if Congress fails to adopt comprehensive and effective privacy standards that supersede the standards we (DHHS) are developing, we would seriously consider suspending the application of the transaction standards or taking action to withdraw this rule." DHHS staff members have told AHIMA and others that they do not believe the secretary would take such a suspension action. AHIMA will address its concerns on this issue with the secretary.

What the Rule Covers

Application to Specific Entities
Essentially, the rule applies to:

• All health plans (with a few exceptions, including workers compensation)
  
  
• Clearinghouses (with a new set of definitions)
  
  
• Providers who "choose" to send an electronic transaction covered in the rules
  
  
• Business associates, trading partners, and other subcontractors of affected health plans, clearinghouses, or providers.

Each of the entities above is defined in the Rule and being defined (identified or not identified), then determines when and how the transactions are to be used or accepted. Entities not covered in the Rule are still free, and are encouraged several times in the Rule's preamble, to use the standard electronic transactions.

• Health plans, which cover just about every government, private, and public health plan or payer, are divided into two groups: large and small. Small health plans are defined by size-less than $5 million in annual receipts-and given an extra year to implement the transactions and codes (October 16, 2003). Given this exception, other health plans, clearinghouses, and providers will, unfortunately, have to maintain current, nonuniform standards for an additional year when dealing with these plans.

The Rule adds a number of new and changed definitions (65FR50365) to clarify terms and situations not covered in the proposed rule. Of particular interest to HIM professionals, the Rule defines:

• Healthcare-"means care, services, or supplies furnished to an individual and related to the health of the individual. Healthcare includes the following:"

1. Preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care; counseling; service; or procedure with respect to the physical or mental condition, or functional status, of an individual or affecting the structure or function of the body.
   
   
2. Sale or dispensing of a drug, device, equipment, or other item in accordance with a prescription.
   
   
3. Procurement or banking of blood, sperm, organs, or any other tissue for administration to individuals."

• The term Health information-"means any information, whether oral or recorded in any form or medium, that:

1. Is created or received by a healthcare provider, health plan, public health authority, employer, life insurer, school or university, or healthcare clearinghouse; and
   
   
2. Relates to the past, present, or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual."

Functional Transactions

The functional transactions covered in the Rule include (65FR50370):

• Health Care Claims or Equivalent Encounter (managed care) Information
  
  
• Eligibility for a Health Plan
  
  
• Referral Certification and Authorization
  
  
• Health Care Claim Status
  
  
• Enrollment and Disenrollment in a Health Plan
  
  
• Health Care Payment and Remittance Advice
  
  
• Health Plan Premium Payments
  
  
• Coordination of Benefits

Each of these functional transactions is defined in the Rule (§§162.1101-162.1802). These definitions are extremely important, because they delineate who is and when participation becomes covered under the Rule.

The Rule also defines the specific standards that can be used for each transaction (§§162.1101-162.1802), the standards-setting organization whose standard must be use, and (65FR50368 § 162.920) where implementation specifications can be obtained.

HIPAA provides for two additional transactions, First Report of Injury and Attachments. The secretary is also authorized to establish additional standards, and the National Committee for Vital and Health Statistics (NCVHS), the secretary's advisor for HIPAA administrative simplification, has recently released a report recommending transactions covering clinical activities. The First Report of Injury was not finalized because the X12 did not have an implementation guide available in time for the final notice. HIPAA provides for the secretary to have an extra year to proclaim rules for Attachments.

The secretary has "adopted" electronic transaction standards that have been developed by Standard Setting Organizations. In effect, the secretary's rules provide for a standard use or way of using these electronic transaction standards developed by nongovernmental groups. DHHS is quick to point out that this is the first legislation that requires the government to "adopt" such standards. Organizations named in these initial rules include the Accredited Standards Committee X12N, known often as the X12 or the ASC X12 ("N" denotes the insurance committee), and the National Council for Prescription Drug Programs (NCPDP). Implementation guides to facilitate these electronic transaction standards are enumerated by the secretary and include the Washington Publishing Company for ASC X12N and the NCPDP.

Medical Data Codes

The secretary's transactions, and the transaction standards of the X12N and NCPDP, also use code sets including medical data code sets (65FR50370);

• Medical data code sets are required (§162.1000) and are the medical data code set "valid at the time the healthcare is furnished" (§162.1011), and "is valid within the dates specified by the organization responsible for maintaining that code set."

• Medical data code sets named (adopted) by the secretary, at this time, include (§162.1002):
• International Classification of Diseases, Ninth Edition, Clinical Modification, (ICD-9-CM), Volumes 1 and 2 (including The Official ICD-9-CM Guidelines for Coding and Reporting), as Maintained and distributed by DHHS for the following conditions:
• Diseases
• Injuries
• Impairments
• Other health problems and their manifestations
• Causes of injury, disease, impairment, or other health problems
  
  
• International Classification of Diseases, Ninth Edition, Clinical Modification, Volume 3 Procedures (Including the Official ICD-9-CM guidelines for Coding and Reporting), as maintained and distributed by DHHS for the following procedures or other actions taken for diseases, injuries, and impairments on hospital inpatients reported by hospitals:
• Prevention
• Diagnosis
• Treatment
• Management
  
  
• National Drug Codes (NDC), as maintained and distributed by HHS, in collaboration with drug manufacturers, for the following :
• Prevention
• Biologics
  
  
• Code on Dental Procedures and Nomenclature, as maintained and distributed by the American Dental Association, for dental services
• The combination of Health Care Financing Administration Common Procedure Coding Systems (HCPCS), as maintained and distributed by DHHS, and Current Procedural Terminology, Fourth Edition (CPT-4), as maintained and distributed by the American Medical Association, for physician services and other healthcare services. These services include, but are not limited to, the following:
• Physician services
• Physical and occupational therapy services
• Radiologic procedures
• Clinical laboratory tests
• Other medical diagnostic procedures
• Hearing and vision services
• Transportation services including ambulance
  
  
• The Health Care Financing Administration Common Procedure Coding System (HCPCS), as maintained and distributed by DHHS, for all other substances, equipment, supplies, or other items used in healthcare services. These items include, but are not limited to the following:
• Medical supplies
• Orthotic and prosthetic devices
• Durable medical equipment

The Official ICD-9-CM Guidelines for Coding and Reporting are named as a required component of the ICD-9-CM code set, and, therefore, adherence to those guidelines is required in order to be in compliance with this rule. DHHS acknowledges that standardization of code set guidelines is highly desirable and beneficial, but recognizes that the operational guidelines for some code sets are more complete than others, objective and operational definitions for most codes are not available, and the level of details varies widely from code to code. Thus, the rule does not specify adherence to guideline for code sets other than ICD-9-CM in this rule (65FR50323).

The Rule makes it clear that the use of ICD-9-CM procedure codes is restricted to the reporting of inpatient procedures by hospitals and that the combination of CPT and HCPCS level 2 codes will be used for physician and other healthcare services (also see 65FR50325). There is no clear commitment to resolve duplication and overlap between CPT and HCPCS level 2 codes (for example, HCFA's G codes that duplicate services described by CPT codes).

Local HCPCS codes (level 3) will be eliminated. In instances where no national CPT or HCPCS level 2 code exists to replace the use of a local code, payers may request the establishment of a national code. However, for those local codes designed to describe health-plan-specific information rather than identify an item or service, a national code will not be established. Such information can not be embedded in the national codes, and must be obtained through another mechanism (65FR50330).

A common schedule for implementing new versions of code sets is not established by this rule. Some of the adopted standard code sets are updated annually, such as ICD-9-CM and CPT, and others. DHHS notes that different federal laws mandate the implementation of annual updates to ICD-9-CM on October 1, and annual updates to CPT on January 1, and that changing either of these dates would require congressional action.

"Maintenance" is clearly differentiated from "modification" of a code set. "Maintenance" encompasses the activities necessary to support the use of a standard, including enhancements, additions, or deletions to a code set. Public comment and notification are required, as part of the maintenance process, but regulatory action would not be required. Changes that are substantial enough to justify publication of a new version of an implementation specification are considered to be "modifications," and would require regulatory action. Therefore, adoption of ICD-10-CM would require regulatory action, but the annual ICD-9-CM and CPT revisions would not (65FR50322).

In the Rules preamble, DHHS notes its concern and trepidation raised by others in the healthcare industry, regarding the processes and openness of the groups who oversee the decisions to add, delete, or modify code sets. DHHS indicates it has addressed these concerns to these groups and expects changes by the time the Rule is implemented.

Other Code Sets

Other code sets currently used in claims transactions, such as the UB-92 and the HCFA 1500, are indirectly acknowledged in the Rule. At this time, the Designated Standards Maintenance Organizations (DSMO) named in a separate rule (65FR50373), will be the maintainers of these code sets, subject to the maintenance and modification requirements previously noted. Similar to the concerns addressed about the processes and openness of the medical coding groups, the Rule's preamble also address these same concerns to these DSMOs.

Business Relationships

The Rule makes it quite clear that business relationships are affected by these rules and that covered entities cannot avoid the requirements of the Rule by subcontracting any of the covered electronic transactions. On the other hand, covered entities can use subcontracting-generally through clearinghouses-to meet the Rule's requirements. Institutions, such as providers that outsource their claims processing, are required to ensure the subcontractor meets these requirements or be subject to HIPAA penalties. It is fully expected that the Security and Privacy HIPAA rules will further define the responsibilities associated with subcontracting.

The Rule also refuses to classify a corporate entity for purposes of defining whether or not an electronic transaction must meet the standard. Essentially, HCFA states that with the complexity of the healthcare industry and the constant shifting of entities, it would be impossible to define a corporate entity and determine when the standards must apply. Therefore, for the most part, the requirement rests on the actual electronic transaction being performed, and not necessarily who is performing it.

Simplicity and Uniformity

HIPAA was intended to bring simplification and uniformity to the healthcare "claims" process. The Rule now begins to define how this will work.

The Rule essentially states that covered health plans must accept standard electronic transactions. The Rule further protects providers such that (65FR50369):

• "If an entity requests" (presents a covered electronic transaction) "a health plan to conduct a transaction as a standard transaction, the health plan must do so." (§162.923 and §162.925)
  
  
• "A health plan may not delay or reject a transaction, or attempt to adversely affect the other entity or the transaction, because the transaction is a standard transaction." (§162.925) However, the preamble to the rule notes that this does not force the plan to pay the claim under any circumstances different from those it covers at present.
  
  
• "A health plan may not reject a standard transaction on the basis that it contains data elements not needed or used by the health plan (for example, coordination of benefits information)." (§162.925) This means that a provider can send (itself or via a clearinghouse) one standard claim with all the data the Rule requires and it must be accepted by all plans/payers. Unfortunately, this does not avoid the continued requests for "additional data." Presumably, this requirement will be covered in the Attachment Transaction.

• "A health plan may not offer an incentive for a health provider to conduct a transaction covered by" the "direct data entry transaction" exception. This exception states: "A healthcare provider electing to use direct data entry offered by a health plan to conduct a transaction for which a standard has been adopted under this part, must use the applicable data content and data condition requirements."
  
  
• "A health plan that operates as a healthcare clearinghouse, or requires an entity to use a healthcare clearinghouse to receive, process, or transmit a standard transaction, may not charge fees or costs in excess of the fees or costs for normal telecommunications that the entity incurs when it directly transmits or receives a standard transaction to or from a health plan."
  
  
• (§162.925)

Reaction to AHIMA's Previous Comments

AHIMA responded to the original May 1998 proposed rule on transactions and code sets with a number of comments. DHHS responded to these comments directly and indirectly in this Rule:

• AHIMA indicated that the definition of "code" set should include factors such as functional status, in order to clarify that a code set is not limited to "medical" terms. The Rule recognizes that a "code set" is not limited to medical terms and defined "code set" very broadly. Both nonmedical and medical code sets are designated within the transaction standards. A statement was also added, recognizing that "a code set includes the codes and the descriptors of the codes" (§162.103, 65FR50367).

• AHIMA suggested that property and casualty insurance plans and workers' compensation plans should be included in the definition of "health plan," and therefore subject to the electronic transmission rules. The Rule did not accept these recommendations. The Rule stipulates that all of these entities are free to use and accept the standard electronic transactions, but not required to under HIPAA, per DHHS's interpretation. States could require such acceptance under their jurisdiction. Many expect major property and casualty companies to voluntarily accept the transactions since much of the property and casualty companies already use electronic data interchange or EDI transactions.

• AHIMA also asked if prisons would be included under the definition of a plan. The Rule indicates that they are not. (§ 160.103, 65FR50366).

• AHIMA asked that "Official Coding Guidelines" be defined. While the Rule does not specifically define "Official Coding Guidelines," it addressed this request affirmatively by requiring the use of the Official ICD-9-CM Guidelines for Coding and Reporting as part of the standard medical data code set. See above and §162.1002, 65FR50370.

• AHIMA requested that the official sources regarding the correct usage of the coding systems reflected in the proposed standards should be clearly spelled out. AHIMA noted that if HCFA policy conflicts with the AMA CPT policy, which entity is the ultimate authority? Where do HCFA's National Correct Coding Initiative edits fit in? AHIMA suggested that the authority for establishing official coding system rules should rest with the organization charged with responsibility of maintenance of the coding system. The Rule addresses this issue affirmatively. However, DHHS does not address the questions concerning conflicting policies and the National Correct Coding Initiative edits, and this issue will be followed up by AHIMA in future months. See §162.1002 on Medical Data Code Sets, and 65FR50370 and 65FR50343-44 for more specific information.

• AHIMA addressed the need to ensure that long-term care be included in the directives associated with the electronic transaction standards. The Rule covers only those providers who transmit any health information in electronic form in connections with the transactions covered by this rule, which therefore could include long-term care (§ 160.102, 65FR 50365). All healthcare plans-with a few exceptions noted above-must accept the standard electronic transaction. In regard to long-term care, there is an additional exception for "nursing home fixed-indemnity" policies (§ 160.103, 65FR50366).

• AHIMA noted that the explanation of the uses of ICD-9-CM and CPT was not complete. In addition to their use in inpatient procedural coding, ICD-9-CM procedure codes are required by many payers for the reporting of facility-based outpatient procedures. CPT, in addition its use by physicians and other healthcare professionals, is required for reporting of all ancillary services (radiology, laboratory, and the like) and by some payers for reporting of facility-based procedures. In addition to state use, Medicare currently requires HCPCS level 2 codes for reporting services in skilled nursing facilities.

• AHIMA pointed out the duplicity of local codes (level 3 of HCPCS). AHIMA asked what 'duplicate' meant, and raised the concern that the term may be subject to variable interpretation. The Rule addresses these issues. Besides establishing the required and designated medical data code sets, the preamble clarifies that HIPAA covered entities may not use or require the use of local codes in standard transactions after compliance is required. The preamble also explains instances where modification requests to standardize local codes into national codes can be made. However, "duplicate" and "duplicative" are not defined (§12.1002, 65FR50370 and 65FR 50329-30).

• AHIMA raised the concern that the HCPCS panel might not be able to assume responsibility for approval of new temporary codes to replace local codes, given the presumed increase in volume. AHIMA also expressed apprehension with the closed nature of the HCPCS panel. The Rule recognized these drawbacks and pointed to the ICD-9-CM process as a useful model for not only the HCPCS process, but also that used by the AMA and ADA for updating their code sets. (65FR 50343-44). Web sites were also noted and are included in the list below.

Background and History

Administrative simplification and uniformity have been a goal of the healthcare industry for several decades. In the early 90s, industry leaders decided that this goal could only be achieved in if the various sectors of the industry were mandated to use uniform transactions, data definitions and data sets, and so forth. Efforts begun in 1993 finally paid off with the inclusion of administrative simplification language being in legislation covering health insurance portability and fraud and abuse; the Health Insurance Portability and Accountability Act of 1996, or HIPAA. While HIPAA included many of the technical aspects requested by the healthcare industry, it also incorporated the desires of members of Congress that altered the industry's earlier concepts.

The original HIPAA legislative requirements included not only the transactions and codes-included in the August 17 rule-but also identifiers, coordination of benefits rules, security standards, privacy standards, and penalties for not using the standards. HIPAA required that the rules be issued 18 months after the law was signed (August 21, 1996), with implementation to occur two to three years after that. For a variety of reasons, including high industry and public interest, passage of the Balanced Budget Act of 1997, and the Y2K occurrence, the secretary did not release the first proposed rule until May 1998. It is this first proposed rule that is essentially finalized with the release of the August 17 Final Rules.

Designated Web Site Resources

The rule notes a number of Web sites for providers and plans to utilize in implementing and using the standards and code sets. These include:

ICD-9-CM (Volumes 1 and 2)
http://www.cdc.gov/nchs/about/otheract/icd9/maint/maint.htm

ICD-9-CM (Volume 3)
http://www.hcfa.gov/medicare/icd9cm.htm

CPT-4
http://www.ama-assn.org

HCPCS
http://www.hcfa.gov/medicare/hcpcs.htm

Code on Dental Procedures and Nomenclature
http://www.ada.org/p&s/benefits/cdtguide.html#guidelines

NDC
http://www.fda.gov/cder

NCPDP
http://www.ncpdp.org

Washington Publishing Company (implementation guides for X12N standards)
http://wpc-edi.com

Other Helpful Web Sites

DHHS Administrative Simplification Web site
http://aspe.os.dhhs.gov/admnsimp/

Data Interchange Standards Association (Secretariat of the X12N)
http://www.disa.org

Workgroup on EDI (group working on HIPAA transaction implementation)
http://www.wedi.org

National Uniform Billing Committee (UB-92)
http://www.nubc.org

National Uniform Claims Committee (HCFA 1500)
http://www.nucc.org

Medicare EDI Information
http://www.hcfa.gov/Medicare/edi/edi.htm

ASTM HIPAA Information
ASTM Committee E31 on Healthcare Informatics

AHIMA Resources

Click here for link to AHIMA resources.

Notes

1. FR copies can take to 12 weeks for delivery. Those who wish to obtain a copy can send their request to: New Orders, Superintendent of Documents, PO Box 371954, Pittsburgh, PA 15250-7954. You must specify the date, August 17, 2000, and enclose a check or money order made payable to the Superintendent of Documents. Credit cards are also accepted, and if you choose to use a credit card, consider phoning in your order to (202) 512-1800. (Fax is also available at (202) 512-2250.) The cost for each copy is $8.
   
   
2. All references to parts of the rule in this analysis will use the typical reference 65FR, meaning volume 65 of the Federal Register, and then the page. Specific reference to a CFR section will include the section number and the page in the FR.