Testimony by Robert B. Burleigh on behalf of the International Billing Association

Before the National Committee on Vital and Health Statistics Subcommittee on Privacy and Confidentiality

February 3, 1997

Good afternoon Mr. Chairman and members of the subcommittee, my name is Robert B. Burleigh. I am President of Brandywine Healthcare Services, a practice consulting firm located in Malvern, PA. My firm has advised medical practices and practice owners throughout the U.S. for nearly ten years; I also serve as Consultant to the Board of Directors of the International Billing Association (IBA), whom you have invited to offer testimony today. On behalf of IBA, I would like to thank you very much for the opportunity to appear before your subcommittee to offer our comments on the Committee's efforts to develop recommendations to the Secretary of Health and Human Services on medical records privacy and confidentiality legislation, as required by the Health Insurance Portability and Accountability Act (HIPAA). Further, to provide specific comments on Congressman Condit's proposed "Fair Health Information Practices Act of 1997" (H.R. 52).

The International Billing Association is the only trade association representing third party medical billing companies. Third party billing companies employ nearly 20,000 people nationwide. The Association represents over six hundred members located in all fifty states and the U.S. territories. Most IBA members bill for physicians, although some billers are also involved in billing for other providers, such as hospitals, suppliers, therapists, and ambulatory surgery centers. Attached is a profile of our typical member and their typical client base. We estimate that there are eighteen hundred commercial billing providers of the size outlined, with as many as two thousand additional "kitchen table" billers who support one or two practices. The industry can be traced back to the 1950's, although the advent of large-scale billing vendors emerged in the early 1980's as a result of TEFRA's requirement that hospital- based physicians' services be separately billed. Revenues generated by billing companies are estimated to be approximately $2+ billion. Although the average company grosses less than $1 million, the largest biller represents between $300 and $400 million in annual revenues. Several of our members are publicly traded companies.

We estimate that our members submit nearly $55 billion in provider charges annually, representing approximately 650 million claims per year; over half of them are submitted in some electronic form. While there are many organizations who represent providers from various perspectives, our members do this for a living, and deliver services to the healthcare providers who will be the primary subject of proposed legislation. To the extent that federal legislation impose new duties on providers, some of the new duties may, and probably will, be delegated to our members. In preparing for today's hearing, we have tried to identify some of the more significant issues that will affect our customers, and, by proxy, our members.

Billing services vary widely in the scope of services offered, and the manner in which they conduct business. The most common elements of billing are the processing of claims for practices that consist of: patient identity, residence and telephone; patient and/or insured party employment; insurer(s) and policy numbers; date(s) of service; identity of provider(s) and their identity codes [UPIN numbers, Provider I.D. number(s), and FEIN number(s)]; service(s) performed [typically communicated in the form of CPT-4/HCPCS codes]; diagnoses [typically communicated in the form of ICD-9 CM, ADA, and/or DSM IV codes]; place(s) of service; and, in the case of worker's compensation or tort liability (auto accidents, slip-and-fall, etc.) accident reports and/or incident data.

The variety of additional patient or service-specific information and/or attachments are considerable. Specialized billing requirements affect billing for commercial laboratories, durable medical equipment (DME) companies, nursing homes and home health care providers, ambulance services, physical therapists, psychotherapists, anesthesiologists, dentists, and radiation oncologists, to name only a few. Many hybrid arrangements exist, as well, whereby providers perform portions of the billing functions, and hire a service bureau to complete the process; this junction is also where the claims clearinghouse segment of the industry plays an important role, since they are also independently hired by providers to support claims submission.

As you can tell from the member profile, our services are extremely cost-sensitive, since the real-dollar amounts tend to be very small when measured on a "per-visit" basis. The billing industry, along with its customers, has been adversely affected by the payment reductions imposed on providers over the past decade. Most have been able to offset the effect of payment reductions on their income (most billers are paid on a percent of collected funds) through greater use of technology, careful attention to micro- management, and greater "critical mass;" billing companies tend to be larger today than they were five years ago. The billing industry has also been affected by cost increases resulting from new efforts to assist clients with regulatory compliance as well as with their own compliance.

We have reviewed Congressman Condit's FAIR HEALTH INFORMATION PRACTICES ACT OF 1997, and have prepared our comments on the basis of this bill, as well as our knowledge of the provisions of Senator Bennett's bill (S. 1360). We have also outlined some additional issues that we believe will bear on the efforts of this Subcommittee and the responsibilities assigned under HIPAA to develop recommendations on legislation and regulations to protect a patient's right to privacy and confidentiality of health information, which we fully support.

H.R. 52, Section 3, (c), (1), (B) and (C) We have concerns about the definition of "affiliated person" in this section which provides that an "affiliated person" means a person who is a "contractor, subcontractor, associate, or subsidiary of a person who is a health information trustee;" "and pursuant to an agreement...with such trustee, receives, creates, uses, maintains, or discloses protected health information." This language poses the potential of obligating a biller to comply with a law that would be in conflict with: their legal duty to honor the doctor/patient privilege; breach of contract liability for disclosing and/or changing information without the legal authority or qualifications to do so; disclosing or changing clinical information without possession of the original document or record; the ability to consult or change the original record. (PP. 12)

It appears that under TITLE I, Subtitle A, (b), (5) concerning EXCEPTIONS that a health information trustee is not required to permit inspection or copying of protected health information if the information possessed is a duplicate of the information held by the TRUSTEE (Provider). (PP. 17) However, this exception language does not appear to shield third party billers from inspection and copying requirements.

Recommendation: The IBA firmly believes that providing access to an individual's medical records should only be the responsibility of the "originating provider." The term "originating provider" would mean a health care provider who initiates treatment that generates information which is or becomes part of an individual's medical record. Requiring billing companies to allow individual's to inspect, copy or amend or correct the medical information billing companies receive from providers is utterly inappropriate as stated above. Billing companies should not be considered "health information trustees" under any circumstances. However, we do believe that billing companies should be required to maintain the confidentiality of the medical record information they receive from "health information trustees."

Section 103. NOTICE OF INFORMATION PRACTICES, creates a process which will be extremely difficult to implement for hospital-based practices (radiologists, pathologists, anesthesiologists and emergency physicians) since they rarely, if ever, deal directly with their patients in securing informed consent to release information; revocation of such a release, once signed would be even more problematic. (PP. 22)

Recommendation: This section should be amended to clarify that the hospital, rather than the individual hospital-based physician be required to provide a notice of information practices. This will insure that consumers receive the necessary information without creating confusion by having a multiplicity of hospital-based physicians providing the same consumer with multiple copies of basically the same information.

Section 104. DISCLOSURE HISTORY, would appear to create a wholly new record keeping requirement that does not currently exist in medical practice. While most practices, and billers, maintain records of submitted claims, this information is routinely deleted from computer files once the subject claim(s) have been paid. We agree that, in the context of this proposed legislation, it is entirely logical to require a system of records to identify: what information; when; and to whom, information was provided. However, the costs of developing and maintaining these records should be carefully considered. In addition, patients routinely change insurer(s), the information is often submitted to multiple payers, and the information is normally identical for a given service/encounter. (PP. 23-24)

Section 105. SECURITY. We agree with, and strongly support, the requirements that obligate all parties to "maintain reasonable and appropriate administrative, technical, and physical safeguards-" and the twenty-nine months proposed to allow for development of guidelines regarding security. (PP. 24-25)

SUBTITLE B - Use and Disclosure of Protected Health Information - Section 111(d) This section provides that a "health information trustee may disclose protected health information only if the recipient has been notified that the information is protected health information...." In the normal course of business today, the technical means of notifying a recipient of (proposed) protected health information, prior to, or concurrently with, disclosure does not exist. In practice, it would be necessary to identify, with specificity, the information subject to protection, since some information may be protected in some, but not all instances. (PP. 27)

Recommendation: This section should be revised to conform with the reality of the flow of medical records information.

Section 112. AUTHORIZATIONS FOR DISCLOSURE OF PROTECTED HEALTH INFORMATION We are concerned that the legislation proposes eight separate elements before a disclosure can be made. In the ordinary course of business, many forms are used to accomplish the same function for multiple providers, particularly in a hospital-based setting. In addition, identification of the payer(s) to receive the information, and the information they will require (the subject of the consent) at the time of consent (crucial to informed consent) is often not possible. The remedy would be both inconvenient and intrusive to the patient and the provider(s). (PP. 28-29) Having said this, however, we are pleased to see that a "recipient" of the protected health information could be "generically described" in the authorization. In this way the authorization could be for billing purposes without specifically having to name the billing company receiving the protected health information.

(f) COPY. "A health information trustee who discloses protected health information pursuant to an authorization under this section shall maintain a copy of the authorization." Providers and in particular hospital-based providers often never take custody of these documents, nor do they convey them to their biller. This would appear to create a significant new record keeping and paper-bound duty on healthcare providers and their vendors. (PP. 33)

Recommendation: Provide an exception for hospital-based physicians whereby the hospital would receive the general authorization to disclose protected health information for payment purposes to billing companies and other third party billers for all of the medical providers who are hospital-based providers.

Section 143. STANDARDS FOR ELECTRONIC DOCUMENTS AND COMMUNICATIONS We agree with and support the development of common standards and protocols for the communication of information. This is consistent with the already excellent work being done by the ANSI organization as well as various federal agencies, including HCFA, to standardize the data sets and communication protocols. These efforts should be incorporated into your recommendations to the Secretary, since they have already made significant progress. (PP. 65)

Section 144. DUTIES AND AUTHORITIES OF AFFILIATED PERSONS. (a), (1) This section addresses the activities performed by IBA members and those in the billing industry. It would require billing companies to be considered health information trustees under certain circumstances. We strongly believe making billing companies trustees is wholly inappropriate, unethical, and unreasonably administratively burdensome. While our members most definitely support the concept that the information they receive from health information trustees should remain confidential and protected they adamantly oppose the notion that they should perform the roles of trustees in allowing for the inspection, copying, amending or correcting of medical information in their possession. Only the originator of the medical information should be subject to the inspecting, copying, amending and correcting rules, as all of the information billers receive has been provided by the health information trustee.66-67)

ADDITIONAL ISSUES TO BE CONSIDERED IN DEVELOPING FEDERAL PRIVACY LEGISLATION

As professionals who are routinely responsible for serving, supporting and advising healthcare providers we also believe that the Subcommittee should be aware of the following issues:

1. We are concerned that an unintended result of this proposed legislation would be the decision by providers to discontinue accepting insurance coverage in order to avoid the burdensome (in their view) new duties of securing informed consents, providing disclosures, maintaining new disclosure logs and related records, and other proposed responsibilities. In other words, medical providers may seek immediate payment from patients rather than accepting insurance coverage in order to get out from under some of the requirements of the Condit bill.
2. Patients are largely unaware that a provider has contracted with a company to perform billing services. It has been IBA's experience that for many patients, their approach to communications about medical bills assumes that they are calling or writing to the provider, rather than a third party. This fact should be taken into consideration in this legislation.
3. The provider/patient relationship is legally protected. Providers do not, to our knowledge, ever delegate or share this with a biller. Therefore, it would be wholly inappropriate to require billing companies to perform functions that fall within the provider/patient relationship, such as amending or correcting medical record information.
4. Many billers are now asked to perform coding (CPT-4 and/or ICD-9 CM) services, placing in their possession copies of clinical information. In addition, another industry segment exists: companies which only perform coding services for providers. In some cases, these activities are subcontracted by a biller, on behalf of their provider/client. All of those providing these functions should be required to maintain the privacy and confidentiality of medical information in their possession but it would inappropriate to make any of these industries health information trustees.
5. Payers engage in various behaviors related to claim processing and/or adjudication which draw providers, patients, and billers into controversy:
   • a. Payers develop and maintain unique policies regarding their view of "correct" coding of professional services.
   • b. Payers engage in what is known as "down-coding," revising codes assigned by providers, usually without the provider's knowledge or permission. This is also known as "recoding."
   • c. Different payers in the same area often interpret coding rules in vastly different ways, leading to confusion for the provider, the biller, and the patient. In addition, this often results in patients requesting changes to the codes assigned, having been told by payer representatives "the [provider] did not code [the service] correctly." This practice is often used to avoid admitting that the beneficiary is not covered for a particular service.

   In all of these situations federal legislation should reflect that the patient should be directed to the medical professional who provided the services and not "affiliates" like third party billers.

6. There is constant change in the computer software used by hospitals, practices, clearinghouses, payers, and others involved in the commerce of paying for health care. The data elements used are not (nor are they likely to be) constant, the completeness of data available to a provider and/or biller is seldom certain, the accuracy of information provided by patients is often poor, and the quality and completeness of information collected by hospitals on behalf of physicians is seldom adequate due to limitations in hospital system software which are not designed to collect "physician" data. Given these realities, it would be totally inappropriate to require billers to be the source of medical information about specific patients.
7. The following coding systems and the rules which govern them change at least annually:
   • a. The AMA's CPT-4 codes, used to express the service(s) performed.
   • b. HCFA's HCPCS codes change more often than annually, and often vary by region or state. These are also used to express the service(s) performed.
   • c. ICD-9 CM codes change annually. These are used to express the reason(s) a service was performed.
   • d. The American Dental Association's ADA codes, and the American Psychiatric Association's DSM IV codes change with less-than-annual frequency.
8. Emerging issues that we believe will also affect your efforts include:
   • a. Growing involvement of employers, Third Party Administrators, and insurers in communication with patients about their health problems, without any existing or proposed record keeping requirements.
   • b. Use of "gatekeepers" and other, similar organizations, in screening, referring and/or approving treatment, without existing or proposed record keeping requirements.
   • c. Growing interest in, and experimentation with, Electronic Medical Records. The widespread use of EMR's is, in our opinion, five or more years in the future. This is not viewed, at present, as an established or mature industry segment.
   • d. Use of the Internet to communicate between: providers, payers, and patients.
   • e. The significant consolidation of the Claims Clearinghouse industry, placing significant amounts of information about patients in a few clearinghouses' hands.

On behalf of the International Billing Association, I wish to thank you again for the opportunity to be part of your deliberations. In addition, we stand ready and willing to offer the assistance of our organization and its members in providing further input and commentary in the development of recommendations to the Secretary.

IBA MEMBERSHIP PROFILE

TYPICAL MEMBER

• 10.3 YEARS IN BUSINESS
• 3 OFFICES
• 5 STATES
• 20.4 FULL TIME EMPLOYEES, 7.5 PART TIME EMPLOYEES
• AVERAGE ANNUAL COMPANY REVENUE = $ 862,000
• AVERAGE BILLING FEE = 5.4% OF COLLECTED FUNDS
• AVERAGE COMPANY REVENUE PER CLAIM = $ 2.44

TYPICAL CLIENT BASE

• 25.2 PRACTICES
• 55.6 PROVIDERS
• $ 29.5 MILLION IN PROVIDER BILLINGS
• 352,992 CLAIMS PER YEAR (30.9% Medicare, 10.3% Medicaid, 33.2% Commercial, 23.7% Managed Care, 2.0% Miscellaneous)
• $ 83.57 AVERAGE CLAIM BILLED
• $ 44.96 AVERAGE CLAIM PAYMENT
• 232,392 PATIENT STATEMENTS/YEAR