Statement of the National Association of State Medicaid Directors

To the
National Committee on Vital and Health Statistics
Subcommittee on Standards and Security

Presented by Sally Klein, HIPAA Coordinator, Montana Medicaid

May 31, 2001

Perhaps few Health Plans will be as challenged by the transition to HIPAA as Medicaid agencies. Many of the services we perform or fund are unique to Medicaid and are not the function of any other payer. To comply with our requirement for federal reporting, and due to our obligation to be stewards of the taxpayer dollars, we have created a large number of proprietary reporting mechanisms. Our challenge has been to crosswalk data elements such as type of service, provider specialty, provider type, and thousands of local codes and unique provider identifiers into the standards available in the 4010 transactions—without impacting client services or compromising our relationship with Medicaid providers.

We were progressing in these challenging tasks, prior to the “fast track” DSMO process. We had originally believed that the DSMO process would provide an opportunity to continually improve the work done years ago in creation of the 4010 transactions, but we were certainly not prepared for the full scale assault on significant data elements within those transactions. The “fast track” process impacted Medicaid agencies in several ways:

1. While impact assessments and gap analyses continued, any programming for conversion was placed on hold. Work of the local codes subworkgroup to petition for new HCPCS codes was brought to a standstill because there was no idea which data elements would remain in the transaction. Without stable standard data elements, more HCPCS codes would need to be requested to accomplish the same purpose.
2. All crosswalking and implementation processes in states continue to be on hold because of the uncertainty of the outcome of the DSMO “fast track” process. Several critical DSMO requests remain in the appeal process and may not be decided until later this year. Some decisions of the steering committee remain unclear, so it is not possible to understand whether a change request has been approved, is under appeal, or should be appealed.
3. Medicaid agencies took advantage of the DSMO “fast track” process to request a data element that will allow us post payment recovery from third party payers who are actually liable for the claim. Medicaid is mandated to conduct this “pay and chase” and without this data element we stand to lose approximately $500 million per year. The decision of the steering committee seemed to favor this request and was, in fact, posted to the WPC website. Unfortunately, that decision is now reversed and it is necessary to file an appeal. Since the steering committee seemed to support the request, it is not clear how, or with whom, an appeal should be filed.
4. The “fast track” DSMO process seems to run counter to the MOU as originally signed. The original MOU calls for “timely review” and a commitment to open public access. The details of the 90-day business analysis with opportunities for a 45-day extension are clearly detailed in the MOU. Further, the appeals process is confusing. While any person or entity has the right to appeal the outcome of a standard change request at the SDO or DCC level, appeals beyond that level are “restricted to only the collaborating organizations under this MOU and to the requester of the HIPAA Standard Change Request”. This would seem to imply that a change request that completely altered the standard data set and was approved by an SDO could not be appealed at the DSMO level by an entity that was drastically affected by the change.
5. We have been told that the data standards modifications cannot take place without another rule making process. There is no way to determine when that process will begin or to guess what the final outcome will be. The 4010 versions could all be modified, or a more recent version could be adopted. If that were the case, it seems possible that another extensive DSMO process could begin all over again with the newer version.
6. Finally, the “fast track” process kept all Medicaid agencies at a frenzied pace for three months. We frantically gathered data to support positions on data elements we felt were critical to support our business needs. Much of our business is unique, but critical; but we continually encountered the argument that unless all payers needed a particular data element, it was not necessary in the transaction. We found ourselves at odds with healthcare providers and found ourselves resisting change simply because we did not have adequate time to research the profound implications of such drastic data changes. Under calmer circumstances, we might have been able to develop perfectly viable solutions had we had the time and opportunity to work collaboratively.

It is hard to elaborate on very many positive points of the “fast track” DSMO process. It did require us to rapidly assess our systems and business operations which may have jump-started our HIPAA activities. Few processes have served as well to unify Medicaid agencies, solidify partnerships at a federal level, and build alliances with other agencies, both public and private, whose mission is to improve the health of the country.

The old philosophy behind some ancient medical treatments is “that which does not kill you will make you stronger.” It is with that philosophy in mind that we would like to offer a few recommendations to improve the DSMO process.

1. It is clear that without a firm base, progress toward HIPAA will be chaotic and ineffectual. In light of that, it seems that all of the rules for administrative simplification should be finalized before implementation can begin. All states have limited budgets to invest in systems changes and will find it impossible to continue to request funding for reprogramming. We anticipate that we could program our systems to accept the National Provider Identifier as the NPRM currently details it, only to discover that the final rule was significantly different and we would need to reprogram the changes. The “fast track” process has taught us that we cannot even assume that standards are final. Likewise, of what value is the privacy final rule without security rules to ensure that privacy is maintained? We suggest that all significant rules for administrative simplification be finalized before covered entities are expected to begin compliance. Compliance will likely take two years once the rules have become final and there is a solid foundation on which to base our transition efforts.
2. It is our belief that the organizations that comprise the DSMO MOU are well suited to advise the NCVHS, and ultimately the Secretary, when it is time to move forward into a new HIPAA standard. They are well positioned to keep their finger on the pulse of the healthcare industry and know that new standards would better serve our healthcare mission. We would like to propose that the DSMO process be used as a conduit to inform various Standards Development Organizations that some changes are necessary to improve the quality of the data that is transmitted. We believe, however, that each individual SDO has processes in place to continue to evolve and improve the standards and create new versions. Since that process is public, collaborative, and progressive, it would seem well suited to the development of quality standards. Once a standard is developed by the industry, its data content should be final until another standard is named. Standard data content should not be eroded—particularly before implementation has demonstrated the value of the complete data content.
3. Finally, we suggest that new standards should not be named in rule until pilot projects have confirmed that those standards improve healthcare processes and can be implemented without enormous system changes for either provider or payer. This may in some ways slow the progress that could occur with HIPAA, but would assure that each change would be built on a solid base with concurrence and user acceptance by both payer and provider communities.

State Medicaid agencies would like to underscore our commitment to making administrative simplification work for our clients, our providers, and our taxpayer constituents. We believe strongly that there are distinct advantages to be gained with HIPAA implementation and hope that our comments here will help improve the process of healthcare delivery.