Statement of the National Association of State Medicaid Directors
National Committee on Vital and Health Statistics
Presented by Sally Klein, HIPAA Coordinator, Montana Medicaid
We are pleased to have the opportunity to participate in this discussion of HIPAA readiness. Implementation of the administrative simplification title of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) will have a significant impact on state human service programs, especially Medicaid. While we are looking forward to a standardized, HIPAA-compliant world, there are grave concerns in the public and private sectors that the current timeframe for implementation is insufficient, particularly in light of the fact that not all of the regulations have been finalized.
While state Medicaid agencies are working diligently on moving towards HIPAA compliance, it is a time-consuming and resource intensive process. The complexities of the final rule on standards for electronic standards and the related implementation guides first had to be carefully reviewed and understood in the context of Medicaid's unique business needs and processes. Only after addressing this huge learning curve have states been able to move forward with assessments, putting out RFPs, and securing vendor contracts. Major issues for Medicaid programs include:
· Local codes - State Medicaid programs have relied heavily on local procedure codes to support coverage of many services. Areas such as home and community-based services, mental health, and non-traditional supports are billed almost exclusively under local codes. Nationally, over 30,000 local codes currently used by Medicaid will have to be re-engineered. We are in the process of crosswalking the codes and getting new ones added through the HCPCS committee, but it will take a substantial amount of time to complete. To date, 7 of the 34 categories of local codes being crosswalked are completed. An additional 4 categories will be left to each individual state for review and subsequent code requests.
· Prior authorization - The 278 Health Care Service Review - Request for Review and Response transaction lacks a great many of the data requirements used by Medicaid agencies to pre-authorize certain medical services. The transaction lacks clinical data elements that are used to determine the medical necessity of the service being requested. Medicaid agencies are struggling with how this transaction can be useful for pre-authorization purposes with its present lack of clinical data elements. The current transaction would not serve the business needs of either the Medicaid agencies or their providers.
· Third-party liability and coordination of benefits - Current regulations do not clearly include Medicaid post-payment recovery as a HIPAA required transaction, and the code sets do not support such activities. While we have sought clarity on this issue, a ruling has not been received from HHS. Under federal Medicaid rules, states are required to “pay and chase” claims from other payers. States stand to lose millions of dollars in recoveries if they are not able to bill claims electronically to major carriers.
The HIPAA regulations require massive changes to systems, processes and business practices. In Medicaid, partially as a result of HIPAA, at least fourteen states are choosing to totally replace their Medicaid Management Information Systems. However, the short implementation period will not provide adequate time for most states to complete a reprocurement. These states will have to purchase temporary solutions to support their old system until the new one becomes operational. From our viewpoint, this is not a prudent use of taxpayer dollars.
To ensure a smooth implementation of the transaction and code sets, significant time must be allocated towards all phases of the HIPAA project’s life cycle and implementation period. For a few states that have been working on implementing these standards even before the final rule was published, the current date may be feasible. Unfortunately, this scenario does not apply to most states. There are also no assurances that there will be enough qualified vendors to meet demand in such a short amount of time.
States have serious concerns about budgetary implications. Costs of HIPAA implementation are coming in much higher than initially projected. While state assessments are ongoing, current estimates from submitted and approved advanced planning documents suggest that the cost of bringing state Medicaid agencies into compliance – only with the standards for electronic transactions – could exceed $1 billion dollars. While states will receive 90% or 75% federal financial participation for the majority of systems changes and training activities, coming up with state funding will be difficult in a time when Medicaid budgets are rapidly rising. The funding issue is further exacerbated by the fact that such dollars are tied to state budgetary cycles. There are still states completing gap analyses and assessments that will not have a good cost estimate in time to receive adequate funding for the upcoming fiscal year. In addition, a few state legislatures meet biannually and have already finalized budgets for fiscal years 2001 and 2002. A longer implementation period would enable costs to be spread out over several years and would substantially reduce unnecessary spending on temporary solutions.
The American Public Human Services Association (APHSA), NASMD's parent association, has been part of a coalition with the Blue Cross Blue Shield Association and the American Medical Association to actively seek a legislative solution that would extend the implementation period and create a single date for compliance with the administrative simplification requirements of HIPAA. As each administrative simplification regulation is related to the others, it is difficult for states to begin complying until all sets of regulations are finalized, when their impact can be assessed as a whole. At this point, many questions are unanswered with final rules still pending on security, national employer identifiers, and national provider identifiers and proposed rules are forthcoming on claims attachments, national health plan identifiers, and enforcement. The staggered release of rules means that states replacing their MMIS or even making substantial changes will have to make critical systems design decisions based on incomplete information and quesswork. If the rules differ, states will have to pay to re-engineer. Finally, a longer implementation period will eliminate unnecessary spending on temporary solutions, enable costs to be spread over several years, and provide needed time to develop national code sets and security safeguards that will support the unique needs of public programs. The proposals introduced in S. 836 and H.R. 1975 address these concerns, and we hope that they are passed. While Medicaid has long been supportive of the goals of administrative simplification, we feel strongly that more time is necessary for proper implementation. We look forward to being able to advise the NCVHS and the Administration as we continue to meet the challenges of HIPAA administrative simplification.