Home
Home
Store
Site Map
Contact Us
HIPAA Initiatives Forums Data & Research Members Consortium

General Information

Identifiers

Privacy

Security

Transactions & Code Sets

Education

Services by Members

Resources

General Info

Transactions & Code Sets

Identifiers

Privacy

Security

General Info

The Benefits of Administrative Simplification

The Health Insurance Portability and Accountability Act of 1996 has been hailed as a significant step toward achieving the health care industry's vision of uniform health information collection and exchange. While individuals, organizations, and coalitions have been working toward the goal of health data standardization for decades, the federal mandate provided the groundwork for those key players to join forces and develop the strategies and methodologies to finally achieve administrative simplification. HIPAA has been enthusiastically embraced by provider, payer, professional, employer, purchaser, and consumer sectors, with representatives from each segment participating in the planning process at the national level.

The first tangible benefit of HIPAA has been the bringing together of these diverse sectors of the health care industry in an open, public forum to share opinions and recommendations on health data standardization, administrative simplification, and the protection of patient privacy. Throughout the formulation and development process, the national health care community has benefited from the convergence of industry leaders who articulated their views on the positive and negative ramifications of every aspect of the HIPAA legislation. All NCVHS meetings, testimonies, and recommendations are available to the public online at http://aspe.hhs.gov/admnsimp, enabling active participation in the planning process by all health care players, including consumers.

Many other benefits have been identified as a direct result of the HIPAA legislation, benefits that will be realized immediately and provide long-lasting improvement to the delivery of health care in the United States.

Improvement in the Efficiency and Effectiveness of Health Systems

Currently, health care institutions that wish to communicate electronically have no standard way of doing so. Hundreds of thousands of health care providers and payers use their own systems, many of which are based on proprietary data sets that are confusing to other organizations. Even if an organization has made a commitment to use a national standard such as ANSI X12, it may be using a different version or implementation guide than the other organizations with which it wishes to share data. HIPAA mandates the adoption of unique, uniform standards by all health care constituents for the following:


  • Health claims attachments

  • Health claim status

  • Enrollment or disenrollment in a health plan

  • Referral certification and authorization

  • Eligibility in a health plan

  • Coordination of benefits

  • Health care payment and remittance advice

  • Identifiers for providers, payers, and patients

  • Health plan premium payments

  • Code sets

  • First report of injury

  • Privacy, confidentiality, and security

The immediate benefits derived by migrating to a standardized EDI environment include the following:

  • Reducing the amount of time wasted by reentering information that is already in a system

  • Easing the burden of finding information on a patient to perform patient care, determine eligibility, or fulfill a claim

  • Increasing the accuracy and utility of the data stored in the information system

Claims processing is currently a time-consuming, laborious task, for example, requiring considerable manual intervention. Having all health care organizations adopt a uniform claims standard will streamline the process and eliminate unnecessary time and labor. Norma Border, of the National Association of Claims Assistance Professionals, spoke at the NCVHS's meeting, held on January 21-22, 1997. She estimated that approximately 60% of today's claims problems stem from clerical errors or missing information. Robert Merold of IMS, speaking at the NCVHS meeting on February 10-11, 1997, stated that today's claims information is inadequate for 95% of the broader applications of data. These issues will be minimized as HIPAA is implemented, and all participants will profit from more accurate, efficient, and timely claims processing as well as improved access to reliable claims data.

The implementation of unique identifiers is another example of HIPAA's contribution to health care efficiency and effectiveness. Those who need to find information on providers, payers, or patients have had to rely on faulty and error-laden systems of names and myriad identification numbers, many of which have no meaning to anyone outside of their originating organization. Individuals and entities are given multiple identifiers, and two people often have the same identifier. Thus, it is extremely difficult to correctly identify providers, payers, or patients. At an NCVHS meeting on June 3-4, 1997, Dr. Peter Abbot, of the California Office of County Health Services, projected that the utilization of common core elements for unique identifiers would yield a 98%-99% accuracy rate. The installation of unique identifiers ensures the proper identification of individuals and organizations, both of which are crucial to delivering suitable patient care and ensuring the proper payment for that care.

Health information systems will become faster, more reliable, and more robust. Administrative simplification means that the amount of time previously wasted on clerical tasks can be redirected to direct patient care and health improvement. Processes that previously took days or months to complete will literally take seconds. The result will be a standard, uniform system that integrates all of the best attributes of health information technology. Whenever any service is required - such as verifying a patient's eligibility benefits or enrolling a patient in a health plan - it will be accomplished simply, quickly, and accurately.


Cost Reduction

While costs will be involved for most health care providers and organizations that implement all of the HIPAA regulations, the benefits are expected to outweigh the costs. Managers should bear in mind that many of the costs are only one-time costs associated with computer requirements, initial training, and software conversion. Once the systems are in place, they are expected to quickly pay for themselves in terms of the overall productivity gains reaped as a result of switching to standardized EDI. In its 1993 report, the Workgroup for Electronic Data Interchange (WEDI) projected a savings to the health care industry of $8.3 billion annually if full EDI is implemented (Report to the Secretary of U.S. Department of Health and Human Services, WEDI, 1993, p. iii.). The Data Council of the DHHS presented an even brighter outlook for the nation after HIPAA is implemented: an annual savings of $9 billion (http://aspe.os.dhhs.gov/datacncl/index.htm). It has been estimated that between 20% to 30% of national health care expenditures are attributable to the paperwork associated with the hundreds of millions of transactions that take place every month (Woolhandler, S, Himmelstein, DU, Lewont, JP, "Administrative Costs in U.S. Hospitals", New England Journal of Medicine, 329:400-403,428-429, 1993); moving to an EDI environment will curb these costs.


Benefits will be realized in the following ways:

  • Standard interfaces result in lower costs for software development and maintenance.

  • The costs associated with the translation of data will be minimized or eliminated.

  • Administrative overhead costs will be dramatically reduced.

Objections have been made that the implementation of HIPAA requirements will be financially prohibitive, especially for smaller providers and plans. At a NCVHS meeting on January 21-22, 1997, experts demonstrated how organizations could align their systems with the mandate's requirements for a relatively small investment. Dr. Sam Shultz, of the University Health System Consortium, discussed how interfaces that may have cost between $50-$100,000 before 1990 now cost between $5-$15,000. Gary Beatty, of the Mayo Clinic, agreed that smaller providers will be able to move to EDI with a $5,000 investment in technology. "The harvest of cost will level off and be followed by reforms in the delivery of care as the next wave," Beatty said. "That is really where the prize is."


Preventing Fraud and Abuse


There have been many documented cases of fraud and abuse in the health care industry. For example, one study found widespread wrongful and abusive billing schemes to obtain Medicare reimbursement for unnecessary or undeliverable supplies and services. A provider filed Medicare claims over a three-year period for services either not medically necessary or not provided, and was reimbursed $190,000 (Fraud and Abuse: Providers Target Medicare Patients in Nursing Facilities, Report to the Ranking Minority Member, Committee on Commerce, U.S. House of Representatives, GAO/NEHS-96-18, 1/24/96).

The use of standardized electronic transactions would make it difficult for potentially fraudulent operators to carry on abuses. The assignment of unique identifiers would curb the fraudulent practice of billing for nonexistent patients. Through standard datasets and coding, auditors could observe suspicious trends, such as when a facility bills for supplies in a way that suggests an excessive reoccurrence of the same disease within a short time period.


Protecting the Security and Confidentiality of Transmitted Records


The announcement of the Health Insurance Portability and Accountability Act of 1996 was followed by a public and media flurry of debate over the legislation's privacy protection provisions. Articles such as "Health Insurance Reform Bill May Undermine Privacy of Patients' Records" (The Washington Post, August 4, 1996) and "Kassebaum-Kennedy Database Provision Has Some Worried About Patients' Privacy" (BestWeek L/H, August 19, 1996) presented the view that the law "threatens individual privacy in the name of efficiency." It is important that those who plan HIPAA rules and guidelines are cognizant of and understand these concerns.

The NCVHS established two subcommittees: the first, called the Subcommittee on Health Data Needs, Standards, and Security, monitors and makes recommendations on health data needs, data collection efforts, data utility, and data standards and security, with special attention given to standards that relate to administrative transactions and to standards for unique health identifiers for plans, providers, employers, and individuals, as well as code sets, classification systems, security, and electronic signatures.

The second, called the Subcommittee on Privacy and Confidentiality, monitors major developments in health information privacy and confidentiality, identifies issues and opportunities, makes recommendations to the full Committee, and assists the Department on the implementation of the health information privacy provisions of P.L. 104-191. These subcommittees meet regularly with industry leaders, standards development organizations, and special interest groups to gather input from every viewpoint on all aspects of patient confidentiality, privacy, and security. The result has been a comprehensive, unbiased picture of how identifiable patient information can be protected in a standardized, electronic environment. P.L. 104-191 set a 36-month deadline (August 1999) for Congress to enact general privacy legislation. If Congress has not acted within 42 months (February 2000), the Secretary of DHHS is required to promulgate final privacy regulations.

A major milestone in patient privacy protection came on September 11, 1997, when U.S. Secretary of Health and Human Services Donna E. Shalala issued her privacy recommendations to Congress. This document, titled Confidentiality of Individually Identifiable Health Information, demonstrated how HIPAA would protect patient confidentiality. (It is available at http://aspe.os.dhhs.gov/admnsimp/pvcrec0.htm.) The regulation will do the following:

  • Impose new restrictions on those who pay for or provide care as well as those who receive information from them

  • Provide consumers with significant new rights to be informed of how their health information will be used and to whom that information is sent

  • Punish those who misuse personal health information

  • Offer redress to people who are harmed by its misuse

As the executive and congressional branches of government ready their rules and standards on privacy and security, organizations can use Secretary Shalala's document as a framework to formulate their policies to comply with HIPAA and best protect patient confidentiality. The recommendations define steps that organizations can take now to maintain privacy. Forthcoming practical and specific security measures will provide organizations with guidance on how to structure their information security systems to ensure confidentiality.

Modern computer technology has enabled the secure storage and transmission of electronic health information. Encryption, firewalls, and other security features allow a level of security far beyond that offered by traditional paper records stored in file cabinets. The regulations mandated by HIPAA will ensure that organizations have the necessary tools and interfaces to protect patient information from misuse. Today, bank customers that conduct electronic transactions via an ATM have their personal financial records protected by technology; health care consumers will be furnished with comparable protection.

Much of the concern over patient confidentiality does not relate to the use of identifiable health data for primary purposes (such as patient care or payment for health services) but the use of identifiable data for secondary purposes, such as medical research and commercial activities. However, most of the additional uses of patient care data do not require identifiers, and encrypted identifiers may be used when they do. At NCVHS's meeting on June 3-4, 1997, Dr. George Flores, of the Sonoma County Department of Health Services, cited the example that public health's use of encrypted identifiers for AIDS information has no disadvantages for epidemiology, but they prevent contact tracing. One of the future rewards of a uniform system of secure, standardized data is that substantial contributions will be made to medical research and health improvement without jeopardizing the privacy of individual patients (National Research Council. For the Record: Protecting Electronic Health Information National Academy Press, 1997).


Paperwork Reduction


One of the major annoyances in most people's lives is the tremendous amount of paperwork they must complete before receiving medical care. Individuals are asked to fill out forms when choosing a physician, on their first visit to any medical facility (sometimes every visit), any time their employment or health coverage changes, and many other times. Even if a complete set of information is already contained in a database, these forms are still used. There are times when medical care cannot be granted or paid for because a form was not filled out, or was filled out incorrectly. This voluminous paper trail adds up to a sense of discontent and displeasure with the health care system.

Unnecessary paperwork is not the explicit domain of consumers, either. All parties involved with providing and paying for care are subject to the burden of paperwork. The U.S. General Accounting Office provided the following figures to demonstrate the astounding volume of paper generated by the health care industry: "We estimate that the 34 million annual U.S. hospital admissions and the 1.2 billion physician visits could generate the equivalent of 10 billion pages of medical records" (Automated Medical Records. Leadership Needed to Expedite Standards Development, GAO/IMTEC-93-17, Washington, D.C., GAO, 1993) A more recent study by the NIST found that physicians at some sites spend 35% of their time and nurses spend 50% of their time completing paperwork ("Integration of Health Information Systems: The Highway to Health-Part 1", Drug Benefit Trends, November 1996).

The implementation of standardized electronic transactions will diminish, if not eliminate, most of this unnecessary paperwork. Patients will have unique identifiers, so if they change physicians or plans, their record can be transferred simply and quickly with just a few keystrokes and without forms. Electronic signatures will streamline the processing of information and reduce the need to maintain paper records for legal, accreditation, or regulatory purposes (Borzo, Greg, "Reform Law Boost Electronic Records: Insurance Act Promises Standards for Claims Processing", American Medical News 39.33:1996). Caregivers will have more time to spend with patients, and consumers will find their dealings with the health care industry more pleasant and beneficial.


Advancement of Medical Research and Health Status of the Population


The Institute of Medicine's groundbreaking report, titled Health Data in the Information Age: Use, Disclosure, and Privacy (Washington, D.C.: National Academy Press, 1994), identified the foremost issues surrounding the collection, use, and dissemination of health information. The report began with the following paragraph:

    The desire to understand and improve the performance of the health system begets a need for better health data for several purposes: to assess the health of the public and patterns of illness and injury; identify unmet regional health needs; document patterns of health care expenditures on inappropriate, wasteful, or potentially harmful services; identify cost-effective care providers; and provide information to improve the quality of care in hospitals, practitioners' offices, clinics, and other health care settings. This, in turn, motivates proposals for the creation and maintenance of comprehensive, population-based health care databases that can provide such information with ease and reliability.

While limited medical research can be performed without computer-generated health data, databases are critical for documenting and understanding trends in the treatment and management of disease. Researchers look to health data to study health outcomes, provide an analysis of utilization and treatment patterns, foster medical breakthroughs, and disseminate their research into clinical practice. However, researchers have encountered stumbling blocks due to the inaccurate and idiosyncratic use of diagnostic and procedure codes and the difficulty of studying populations across diverse, nonstandard systems. HIPAA's promise of standardized datasets, coding, and classification schemes means that data gathered from diverse health care settings will have comparable content and can be linked, giving researchers the ability to study diseases and treatments across populations and across settings.

Dr. Lisa Iezzoni, of Beth Israel Deaconess Medical Center and a member of the NCVHS, identified the following benefits of HIPAA to researchers in her article titled "What Health Services Researchers Need to Know About the Health Insurance Portability and Accountability Act" Medical Care 35.10, 1997:

  • Increases one's ability to examine outcomes

  • Enhances the generalization of research

  • Allows health service researchers to answer questions with greater clinical authority

Researchers will have access to more meaningful and more reliable data, and it will be possible to perform studies that were not technically feasible in the past. The result will be a better informed medical community and a healthier population.


Improved Quality Assurance Mechanisms


Monitoring the quality of the health care system ensures that patients receive the highest level of care possible. Data must be gathered on the performance of health care providers and plans to maintain quality standards for the health care industry. However, there have been limitations to performance monitoring activities due to the lack of uniform datasets, identifiers, and coding systems.

The industry's compliance with HIPAA will foster the emergence of improved mechanisms for quality measurement, monitoring, and control. Through uniform identifiers, organizations will be able to track providers over time and across settings to analyze patterns in the quality of care. Just as health services research will become more robust through data linkage, new health care quality initiatives will also become possible. Administrative data can be more easily analyzed to determine at what level health care organizations are meeting the needs of consumers. Health data organizations could help improve the quality of health care by making available data or results of the evaluative studies of their services or those of their peers (IOM, Health Data in the Information Age). Organizations that monitor quality at the national level, such as National Committee for Quality Assurance (NCQA), will be able to provide solutions to assist providers and plans in their attainment of quality.

NCQA's report, titled A Road Map for Information Systems: Evolving Systems to Support Performance Measurement (Washington, DC: National Committee for Quality Assurance, 1997), is a landmark study on health care quality. The report's findings indicated that the shortcomings of the existing sets of performance measures are due to constraints posed by poor information systems. NCQA called for an information framework to support detailed and accurate performance-measurement activities. Standards are essential in the implementation of this information framework.

HIPAA sets the standards that will aid NCQA and other organizations in developing better tools and processes for quality measurement. Current systems of fragmented "report cards" will be replaced by comprehensive and all-inclusive designs for measuring and reporting the performance of the health care industry.


Enhanced Patient Care

The major goal of the entire Health Insurance Portability and Accountability Act of 1996 is to "improve portability and continuity of health insurance coverage in the group and individual markets"- in other words, to ensure health care for all Americans, regardless of their job status. The various sections of the law, such as combating fraud and abuse and administrative simplification, support the legislation's goal of providing the best care for all citizens.

Data linkages facilitated by HIPAA will enable any provider to treat any patient whenever necessary. Emergency departments could design systems that would be able to immediately verify a patient's eligibility status so that clinicians could begin treatment rapidly. Access to more complete patient data will give caregivers a better understanding of how to treat the patient.

Visions of how these linkages can prevent diseases, foster medical breakthroughs, and improve the population's health status have abounded in the literature. Following are two illustrations:

  • With unique identifiers, physician/patient encounters or claims information could be linked to physician characteristics, insurer information, or to records of prior encounters for evaluation of complete episodes of care (Coffey, Rosanna M., et. al., "The Case for National Health Data Standards", Health Affairs 16.5:1997).

  • Patient outcome information could be linked to medical treatment data in a variety of settings so that all parties could obtain a better understanding of what works in the practice of medicine and where it works best (Fitzmaurice, J. Michael, Ph.D, Putting the Information Infrastructure to Work: Health Care and the National Information Infrastructure, Rockville, MD: AHCPR, 1994).

The standardization of data elements, identifiers, and coding will set the stage for a health information network that gives providers access to the information they need, whenever and wherever they need it, to best care for patients. Administrative barriers will be removed to allow full concentration on the practice of medicine. The next wave of health information literature will undoubtedly chronicle the tangible and measurable benefits to the health of our nation through the process of health data standardization as mandated by HIPAA.


Benefits by Health Care Sectors

The broad and far-reaching benefits of HIPAA were examined in the previous section of this paper. This section describes the benefits of HIPAA to the following individual sectors :

  • Physicians

  • Health care purchasers

  • Hospitals

  • Government organizations

  • Health plans

  • Professional organizations

  • Patients

  • Employers


The Department of Health and Human Services identified the organizations and individuals that will be impacted by the legislation ("A Letter to NAHDO Members from DHHS on Administrative Simplification", NAHDO News, November 1997), including the following:

  • Those who pay health care claims or coordinate benefits across payers

  • Those who submit claims to health plans

  • Those who submit medical encounters to managed care plans

  • Those who enroll employees in health plans

  • Those who conduct authorized referrals

  • Those who provide prior authorization for services

  • Those who file first reports of injury for worker's compensation

  • Those who query insurance eligibility or claim status

HIPAA impacts a large number and a range of individuals from the chief information officer of a large health plan to the billing clerk of a small neighborhood clinic. All of those individuals involved will experience direct and indirect benefits from a more efficient, less costly, and more useful health information system. The following chart outlines the numerous benefits to various players in the health care spectrum.