The Top 10 Most Common Billing Errors account for more than 2,000,000 errors annually. The most common errors are:

1. Duplicate Claims -- Resubmission of bills or claims (as originals) that are already pending or in process with the carrier.
2. Non-Covered Services -- Submission of claims for services/items that are not billable or covered.
3. Medical Necessity -- Where the service codes or diagnostic codes do not support what was billed.
4. Bundled Services -- Where multiple service codes could be billed under a single code, as opposed to separately.
5. Beneficiary Eligibility -- Where the front office failed to verify that the person being treated is actually covered on the policy.
6. Incorrect Carrier -- Submitting claims to the wrong carrier (or to the wrong processing center location) or in the wrong order (e.g. to the secondary before the primary, etc.)
7. Medicare Secondary Payer -- Failing to properly bill the secondary payer, or billed the wrong secondary payer, or failed to bill the proper amount in accordance with the Medicare EOB.
8. Provider Eligibility -- Submitting claims (usually to an HMO or PPO) for a provider that is not contracted with the carrier or who has not been screened/approved/certified by the carrier in advance.
9. CLIA -- Failure to follow (code/document) new "equivalent quality control procedures".
10. Place of Service -- Failing to properly code (identify) the facility type where the services were rendered -- missing or incorrect place of service code.

• Explanation and detail why compliance cannot be met-analysis reflecting the extent to which, and the reasons why person is not in compliance
• Full and detailed work plan demonstrating how compliance would be met by October 2003
• Budget-includes schedule and implementation strategy
• Testing plan that begins April 2003

Those who were not compliant in 2002 and have not filed a plan with HHS may be excluded from Medicare. After October 2003, Medicare claims are to be done electronically (some waivers may be applied in certain circumstances). Medicare was previously specified Part A or B, but now covers A, B, or C. The bill also authorized appropriation of funds to be used for education, outreach, technical assistance and enforcement. Special provisions and waivers are applied in certain circumstances. In summary, it is advantageous to become compliant earlier rather than later. Please also note that the Privacy rules are not impacted by H.R. 3323 and the compliance date remains as April 2003.

Transaction Standards:

• Health claims and/or equivalent encounter information
• Professional Claims – ASC X12N 837 Health Care Claim: Professional
• Institutional Claims – ASC X12N 837 Health Care Claim: Institutional
• Dental Claims – ASC X12N 837 Health Care Claim: Dental
• Pharmacy Retail Drugs – NCPDP Telecommunication Claim Version 5.1
• Benefit Enrollment and Maintenance
• ASC X12N 834 – Benefit Enrollment and Maintenance
• Eligibility for a health plan
• ASC X12N 270/271 – Health Care Eligibility Benefit Inquiry and Response
• Health care payment and remittance advice
• ASC X12N 835 – Health Care Payment/Advice
• Health plan premium payments
• ASC X12N 820 – Payroll Deducted and Other Group Premium Payment for Insurance Products
• Health claim status
• ASC X12N 276/277 Health Care Claim Status Request and Response
• Referral certification and authorization
• ASC X12N 278 – Health Care Services Review – Request for Review and Response
• Coordination of Benefits
• Professional Claims - ASC X12N 837
• Institutional Claims - ASC X12N 837
• Dental Claims - ASC X12N 837
• Pharmacy Retail Drugs – NCPDP Telecommunications Claims 5.1

If a provider sends a non-standard transaction to a health plan after the transaction regulation compliance date, the provider and the plan may both be out of compliance. A provider may contract with a clearinghouse to submit non-standard transactions that are to be reformatted in the standard.

The data content of the HCFA-1500 and the UB-92 are managed by the National Uniform Claim Committee (NUCC) and the National Uniform Billing Committee (NUBC) respectively. Both groups were named in HIPAA and recommendations concerning paper claims will be done with concurrence with both of these committees. There are no plans to revise these forms prior to the implementation of the standards for electronic transactions, but there are concerns about the ability to convert print images of the forms to electronic records that will be consistent with the Implementation Guides. The Association for Electronic Health Care Transactions (AFEHCT) is addressing the data gaps in the HCFA-1500 print image first and will then address the UB-92. A Task Force, ASPIRE (Administrative Simplification Print Image Research Effort) has analyzed the HCFA-1500 data content gaps and has a demonstration project to document how the gaps are filled. Best practices are to be published.

Standard Code Sets:

Code sets are those codes used to code data elements such as tables of terms, medical concepts, medical diagnoses or medical procedures. This includes coding systems for diseases, impairments, other health-related problems and manifestations, their causes, actions taken to prevent, diagnose, treat, or manage diseases, injuries and impairments, any substances, equipment, supplies, or other items used to perform actions. Codes specified by HIPAA are:

• Diagnoses and inpatient hospital services: ICD-9-CM – International Classification of Diseases, Clinical Modification (9 indicates 9th revision) will probably migrate to the ICD-10-CM.
• Institutional services: ICD-9-CM Volume 3 and HCFA Common Procedural Coding System (HCPCS)
• CPT-4 – Current Procedural Terminology, Version 4
• CDT-2 – Dental – Code on Dental Procedures and Nomenclature
• NDC – National Drug Codes
• CDT-2 and NDC codes are to replace the D and J codes in HCPCS Level 3

EDI Advantages...

HIPAA standardization reduces direct and overhead costs by...

1. reducing the accounts receivable cycle;
2. improving accuracy;
3. reducing data entry time;
4. reducing and eliminating rework;
5. avoiding and reducing manual data entry; and,
6. reducing operational costs. Initially the implementation costs of EDI can be high, but the long-term benefits outweigh the costs overall.

Unique Identifiers...

To do business today, providers must use multiple identifiers for programs and organizations. There is no one system that is accepted universally and there are many disparate systems. This causes many issues in coordination of benefits and in detecting fraud and abuse. With the proposed National Provider ID, an identifier is assigned to each individual, organization and group provider. Identifiers are as follows:

• NPI –The proposed rule for the unique identifier for providers is the National Provider Identifier, originally intended for use in the Medicare system. Will probably have 10 numeric positions with a check digit as the tenth digit. Implementation will require DHHS to establish a system to assign and deploy.
• EIN – Employer Identifier is based on the Employer Identification Number assigned by the Internal Revenue Service, 9 numeric positions (This regulation was published in July 2002 and the compliance date is 2004.)
• Patient Identifier – patient identifier is on hold but speculate that the identifier will be 10 numeric digits with a check digit.
• Health Plans – unique identifier for health plans like the Medicare Payer Id for all health plans nationwide. Probably will have 10 numeric positions with a check digit in the tenth position.

Privacy Standards - Compliance Date of April 2003:

The privacy rules provide federal protection for the privacy of health information. The privacy rule creates national standards to protect medical records and other personal health information. The rule:

• gives patients more control over their health information;
• sets boundaries on use and release of health records;
• establishes appropriate safeguards for that health information;
• holds violators accountable, with civil and criminal penalties that can be imposed if they violate patients’ privacy rights; and,
• strikes a balance when public responsibility requires disclosure of some forms of data to protect public health.

Patients can now make better, informed choices about their care and how their information is used.

The rule:

• generally limits release of information to the minimum reasonably needed for the purpose of the disclosure; and
• gives patients the right to examine and obtain a copy of their own health records and request correction.

Providers need to provide information about their patients’ privacy rights and how information may be used. Providers will need to adopt privacy policies and procedures and provide employee training on those privacy practices. An individual is to be designated to provide oversight and management of privacy processes and procedures.

Covered entities are to take reasonable steps to limit the use or disclosure of, and requests for protected health information (PHI) to the minimum necessary to meet the intended purpose. The minimum necessary requirements do not apply to the following:

1. Disclosures to or requests by a health care provider for treatment purposes
2. Disclosures to the individual who is the subject of the information
3. Uses or disclosures required for compliance with the standard transactions
4. Disclosures to the Department of Health and Human Services (HHS) when disclosure of information is required under the rule for enforcement purposes
5. Uses or disclosures that are required by other law

Implementing these specifications requires a covered entity to develop and implement policies and procedures appropriate for its own operations. Policies and procedures are to reflect business practices and the work force component. Reasonable reliance is permitted when honoring requests made by public officials or agencies for a permitted disclosure, another covered entity, a professional who is a workforce member or business associate of the covered entity as holder of the information, and/or a researcher with appropriate documentation and authorization.

The Director of the Office of Civil Rights (OCR) has been delegated with the authority to impose civil monetary penalties for failure of a covered entity to comply with this regulation. The OCR may also make exception determinations regarding state laws that are contrary to federal standards and may make decisions about the interpretation; implementation and recipient of such information could use the information, alone or in combination with other information, to identify an individual. Wrongful use of protected health information can result in penalties such as fines and/or imprisonment up to ten years.

The privacy rule sets the standards for how protected health information should be controlled by setting forth what uses and disclosures are authorized or required and what rights patients have with respect to their health information. Security standards define administrative, physical, and technical safeguards to protect confidentiality, integrity, and availability of electronic protected health information and require covered entities to implement basic safeguards to protect electronic protected health information from unauthorized access, alteration, deletion, and transmission.

Benefits of HIPAA
Processes are directly impacted and reflect improved patient, provider and payer support, provide a more efficient information delivery, improve quality of care, increase good will with patients, provide closer relationships, increase responsiveness between responsible parties, and improve relations with other organizations.

The greatest impact to the provider is in automating the electronic transactions. This automation will increase access to information and benefit the patient as it brings results in greater efficiency in care delivery and administrative areas, be more cost effective, and improves the quality of care.

Glossary of Terms

ANSI – American National Standards Institute, an organization that accredits various standards-setting committees, and monitors their compliance with the open rule-making process.
ASC – Accredited Standards Committee
BA – Business Associate: a person or organization that performs functions or activities on behalf of a covered entity.
CE – a Covered Entities are health plans, health care clearinghouses, and health care providers who transmit any health information in electronic form in connection with a standard transaction.
Health Care Clearinghouse: an entity that processes or facilitates the processing of information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction, or that receives a standard transaction from another entity and processes and facilitates the processing of that information into nonstandard format or nonstandard data content for a receiving entity.
IIHI – Individually Identifiable Information: Information that is a subset of health information, including demographic information collected from an individual, and is created or received by a healthcare provider, health plan, employer, or healthcare clearinghouse, and relates to the past, present or future physical or mental health condition of an individual, and that identifies or where there is a reasonable basis to believe the information can be used to identify an individual.

PHI – Protected Health Information: a subset of IIHI that relates to person/patient level information as specified by the HIPAA Privacy regulation