Hostname: page-component-848d4c4894-xm8r8 Total loading time: 0 Render date: 2024-07-05T14:24:52.833Z Has data issue: false hasContentIssue false
  • English
  • Français

Internet and Health Care: DHHS Releases Final Rule on Electronic Transactions Standards

Published online by Cambridge University Press:  01 January 2021

Beth Mellen Harrison
Get access Rights & Permissions [Opens in a new window]

Abstract

An abstract is not available for this content so a preview has been provided. Please use the Get access link above for information on how to access this content.
Image of the first page of this content. For PDF version, please use the ‘Save PDF’ preceeding this image.'
Type
Article
Information
Journal of Law, Medicine & Ethics , Volume 28 , Issue 4 , Winter 2000 , pp. 415 - 417
Copyright
Copyright © American Society of Law, Medicine and Ethics 2000

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

“Health Insurance Reform: Standards for Electronic Transactions,” 65 Fed. Reg. 50,312 (August 17, 2000) (to be codified at 45 C.F.R. pt. 160 and 45 C.F.R. pt. 162) [hereinafter cited as “Health Insurance Reform”].Google Scholar
Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104–191, 110 Stat. 1936 (1996). HIPAA was enacted on August 21, 1996. The law amended portions of the Employee Retirement Income Security Act of 1974 (ERISA), Title XI of the Social Security Act (SSA), and the Internal Revenue Code (IRC). Subtitle F, Administrative Simplification, requires the Secretary of the Department of Health and Human Services to adopt standards for specified financial and administrative transactions; unique health identifiers for individuals, employers, health plans, and health-care providers; and electronic signatures. The standards must also protect the security of health-care information exchanged electronically.Google Scholar
DHHS received comments from professional associations and societies in the health-care industry, health-care industry workers, law firms, health insurers, hospitals, and private individuals. The final rule provides a summary of the comments received and the official responses of DHHS.Google Scholar
Final standards covering health claims attachments and first reports of injury are still pending.Google Scholar
HIPAA requires the Secretary of the Department of Health and Human Services to adopt a set of standards developed by a private-sector standards-setting organization accredited by ANSI, unless no such standards are available or the Secretary determines that a different set of standards will further reduce costs. ANSI is a private membership organization that promotes and facilitates the adoption of voluntary, private industry standards in various industries in the United States. ANSI does not develop the standards itself, but instead provides a forum for establishing consensus among various private-sector standards-setting organizations (its members) and accrediting agreed-upon standards. ANSI provides the only nationally recognized system for establishing voluntary, consensus-based standards in the United States. State and local government agencies have formally adopted hundreds of ANSI standards in different areas. Within the federal government, the Office of Management and Budget encourages federal agencies to use ANSI standards whenever appropriate. The National Council for Prescription Drug Programs is a private-sector standards-setting organization — accredited by ANSI — that develops standards specifically for the electronic transmission of prescription drug information.Google Scholar
The final rule defines small health plans as those with $5 million or less in annual receipts, consistent with the requirements of the Small Business Administration. See U.S. Department of Health and Human Services, “Frequently Asked Questions About Electronic Transactions Standards Adopted Under HIPAA” [hereinafter cited as “Frequently Asked Questions”] (visited Oct. 1, 2000) <http://aspe.hhs.gov/admnsimp/faqtxdif.htm>..>Google Scholar
Total monetary penalties imposed on any one entity are not to exceed $25,000 per calendar year for each violated requirement. Additional enforcement procedures are to be published in a future rule. See “Health Insurance Reform,” supra note 1, at 50,313, 50,342.Google Scholar
HIPAA requires the Secretary of the Department of Health and Human Services or the ANSI-accredited organization that authors the proposed standards to consult with several organizations before adopting the final standards—the National Uniform Claims Committee (NUCC), the National Uniform Billing Committee (NUBC), the Workgroup for Electronic Data Interchange (WEDI), and the American Dental Association (ADA). (All of these organizations are private-sector standards-setting organizations.) In addition, HIPAA requires that the Secretary rely on recommendations from the National Committee on Vital and Health Statistics (NCVHS) and consult with appropriate federal and state agencies and private organizations. (The NCVHS is a public advisory body charged by statute with providing advice and assistance to the Secretary in the area of health data and statistics.) DHHS received input from other government agencies and private industry officials through outreach and consultation, including public meetings. Representatives of the health-care industry also testified before the NCVHS Subcommittee on Health Data Needs, Standards, and Security, and DHHS reviewed the testimony. See “Health Insurance Reform,” supra note 1, at 50,313–314. See also “Frequently Asked Questions,” supra note 6.Google Scholar
The Health Informatics Standards Board coordinates standards for ANSI in a variety of specific areas related to health care, including the electronic exchange of health-care information.Google Scholar
Chew, C.M., “Transactions Standard: HHS Releases Final Standards for Electronic Transactions in Health Care,” BNA's Health Law Reporter, 9, no. 1291 (2000).Google Scholar
HIPAA granted the Secretary of the Department of Health and Human Services the authority to adopt modifications to the standards as appropriate and to ensure that procedures exist for the routine maintenance, testing, enhancement, and expansion of the standards. Under the final rule, the Secretary can designate as a DSMO any organization that agrees to serve in this capacity. Pursuant to this authority, the Secretary has chosen six private-sector standards-setting organizations or data content committees to serve as DSMOs—the Accredited Standards Committee X12N, the Dental Content Committee, Health Level Seven, the National Council for Prescription Drug Programs, the National Uniform Billing Committee, and the National Uniform Claim Committee. In addition to reviewing proposed modifications, the DSMOs are also charged with maintenance of the existing standards through technical corrections and revisions. For additional information, see <http://www.hipaa-dsmo.org>..>Google Scholar
The final rule seeks to encourage the development of new technologies by providing an exception that allows covered entities to test proposed new standards. Covered entities must submit an application for an exception to test a proposed modification to the DHHS Secretary, who then decides whether or not to grant the exception. The Secretary may grant an initial exception for a period of up to three years.Google Scholar
The Department of Health and Human Services expects that the privacy regulations will be in place by the end of this year, either through the publication of a final rule or superseding Congressional action, with compliance required by approximately the same date as for this rule. See U.S. Department of Health and Human Services, “HHS Announces Electronic Standards to Simplify Health Care Transactions,” August 11, 2000 (visited Sept. 28, 2000) <http://www.hhs.gov/news/press/2000pres/20000811.html>..>Google Scholar
Paperwork Reduction Act of 1995, 44 U.S.C. § 3501–3520 (2000). The PRA was enacted on May 22, 1995, amending the Paperwork Reduction Act of 1980. Under the PRA, the Office of Information and Regulatory Affairs (part of the Office of Management and Budget) is charged with reviewing and approving proposed information-collection requirements, including those imposed on the private sector. The Office of Management and Budget maintains that the electronic transaction standards fall within the purview of the law because they require private-sector health plans and health-care clearinghouses to disclose specific information in a specific format. Under PRA, the federal agency proposing new information-collection requirements generally must demonstrate that the provisions are necessary and useful to carry out the proper functions of the agency and that they are designed to minimize the burden on the affected public. See “Health Insurance Reform,” supra note 1, at 50,350.Google Scholar
See Chew, supra note 10.Google Scholar
For example, there are currently more than 400 different formats for electronic health claims. See “Health Insurance Reform,” supra note 1.Google Scholar
A cost-benefit analysis commissioned by the Department of Health and Human Services estimates that the new standards will result in gross savings of $36.9 billion over ten years, offset by approximately $7 billion in gross costs over the same period related to implementation and conversion. See “Health Insurance Reform,” supra note 1, at 50,354–359.Google Scholar
“Final Federal HIPAA Rules to be Published This Week,” Item Processing Report, 11, no. 16 (2000). First Consulting Group is a leading provider of information technology and management consulting services to companies in the health-care, pharmaceutical, and life sciences industries in North America and Europe. For additional information, see <http://www.fcg.com>..>Google Scholar