GEORGE B. (PETER) ABBOTT, MD, MPH
Acting Deputy Director
Health Information and Strategic
Planning Division
California Department of Health Services
Data Standards
Health Information Confidentiality
Medical/Clinical
Coding and Classification
QUESTIONS TO BE ADDRESSED:
What does your organization expect to be the impact of the administrative simplification requirement in the Health Insurance Portability and Accountability Act of 1996 (HIPAA)? (Transactions? Coding Sets? Privacy/Confidentiality? Security?)
Administrative simplification requirements in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) will impact Public Health and Research in a number of important ways. As Deputy Director of the Health Information and Strategic Planning Division (HISP), California Department of Health Services (DHS), I speak as a provider of local public health services and as a payor of health care services for medically indigent populations in California. As California's State Registrar and the Acting Chief of the DHS Center for Health Statistics (CHS), I direct the collection, coding, processing, maintenance, provision of access, and dissemination of California's vital statistics data. Additionally, the Center is responsible for intra-departmental information policy planning and development.
Implementation of the HIPAA requirements will notably increase State and local program administrative work loads and costs during the next three to five years. The timing for HIPAA planning and implementation can be expected to further stretch public health information resources (fiscal and staff) which already are pressed by the massive Year 2000 and decennial data base changes underway.
State medicaid and medicare programs anticipate receipt of federal matching funds to support implementation of these complex and initially costly HIPAA changes. Local and State public health agencies and their partners face even more difficult challenges identifying and obtaining the fiscal and staff resources needed to implement these required provisions in a timely, reliable, technically sound, and secure way.
However, the HIPAA simplification provisions for unique identification of individuals, providers, plans and individuals (along with standardized health data items, transaction specifications, and coding sets), offer potentially even greater benefits for providers and users of public, preventive and environmental health data than the estimated implementation costs. Expected benefits include:
1) Increased ability for health care providers, payors, and public health researchers to link and use current data sets for more effective and comprehensive case management, administrative simplification and enhancements, health care outcomes assessment, public health surveillance, quality control, and fraud detection;
2) Less costly, more straightforward and effectively coordinated public and preventive health care functions and services;
3) Enhanced opportunities to develop population-based public and environmental health surveillance systems that utilize (in aggregate, non-personally identifiable forms) a wide range of administrative and clinical data which previously have been inaccessible to public health researchers; and
4) Simplified, less costly, and more timely software development and information systems modifications leading to increasingly useful, flexible, and cost effective information transactions and systems.
The ease by which individually identifiable health care data can be collected, accessed, and transmitted will be greatly enhanced by implementation of HIPAA electronic data, coding and transmission standards. Adoption of appropriate and rational confidentiality and security measures is critical to successful implementation and public acceptance of HIPAA. Furthermore, these essential measures must be supported by a health work force that clearly understands and respects the basic principles of "fair information practice". It is imperative that appropriate confidentiality and security measures be developed and adopted concomitantly with implementation of HIPAA standards and provisions. These measure include:
1) Detailed written data access and security policies, protocols and procedures for the agency and each specific program/data system;
2) Effective training in these data access and security provisions for all agency staff with potential access to data and information systems;
3) Strict accountability by all agency staff for maintaining these policies, protocols and procedures at all times; and
4) Appropriate security tools to be in place and accessible for regular use by all staff, including the routine application of firewalls and reasonably sophisticated encryption procedures.
The potential benefits as well as potential threats of HIPAA to the public health and research communities deserves special mention. We in public health have had a long and generally successful experience in collecting and using sensitive, personal data for critical public health surveillance and research. Also, we have traditionally balanced the privacy rights of individuals with the health and safety needs of society and with the promotion of the health and welfare for the general population. Please ensure in your deliberations and recommendations that appropriate and reasonable access is allowed for authorized public health interests to access, link, and utilize the extremely valuable databases that should result from implementation of HIPAA. Requests for informed consent, confidentiality, and privacy must be reasonable and allow individual consent for public health research purposes.
Are any of these standards currently priority areas for your organization or members of your organization? How are you addressing/or planning to address these standards?
The California Department of Health Services places high priority on department-wide implementation by June 30, 1998, of a common core data set (CCDS) for uniquely identifying individuals served by departmental programs. This DHS data set includes five required demographic data items (i.e., Birth Name, Mother's First Name, Gender, Date of Birth, and Place of Birth) and seven confirmatory data items (i.e., Social Security Number, Other Client Numbers, Father's Name, Mother's Maiden Name, Current Name/Client Aliases, County of Residence, and Zip Code of Residence). See Attachment for detailed CCDS Specifications.
In the early 1990's, the California Health and Welfare Agency (CHWA) convened stakeholders to assess State and local health information needs and opportunities. Representatives from all sectors of the health care industry advised CHWA to adopt a common method to uniquely identify State and local health health program clients. In response to a State legislative mandate to integrate maternal and child health program functions and information systems (Assembly Bill 99), with federal and foundation support, the DHS proceeded to determine and pilot the most effective means of uniquely and securely identifying individual clients in DHS programs and other California health data sets.
After extensive stakeholder and technical review of alternative approaches, DHS and local health agency staff pilot tested the collection and uses of CCDS . Based on the results of these assessments, DHS Executives adopted the CCDS for department-wide implementation by June 30, 1998. Anticipated benefits of implementing the CCDS to DHS programs include:
1) Relatively low cost implementation, since the core data elements are common demographic data items frequently collected for other programmatic purposes;
2) Gradual implementation throughout DHS programs as a concurrent modification or augmentation which can be introduced to most established data collection, coding, processing and dissemination system(s) when making other system changes;
3) Minimal, if any, interferance with previously instituted approaches for uniquely identifying individual clients;
4) Flexibility to use a wide range of algorithms to create a secure client identification system for use within a given program or organization, while also enabling the transfer and linkage of uniquely identifiable client data with other entities in the health care industry when legally and programmatically appropriate;
5) More convenient to both client and service providers than a method requiring an identification number or card when faced with a forgotten, lost, or stolen identification number or card;
6) More accurate than a method dependent upon a unique number, e.g., the Social Security Number, which is especially vulnerable to transposition errors and fraudulent multiple users of a single number;
(Note: DHS program data systems often receive numerous program applicants, and enrollees, identified by the same social security or other "unique" identification number. This is both administratively costly and clinically dangerous, thus ruling out the single number concept as an adequately unique individual identification method for DHS and for the health care industry in California. If HIPAA were to adopt the Social Security Number, or a similar numeric identification, DHS would add the required HIPAA Identification Number to the established CCDS and use it in conjunction with the other core data elements DHS's unique identification purposes.)
7) Enhances the accuracy of the DHS Master Patient Index and supports the concept of a Master Patient Index Mediator which is being considered by the California's Healthcare Data and Information Corporation, the HL7 Special Interest Group on the MPI Mediator, and other related state and national work groups.
At the present time, the DHS Core Common Data Set has been implemented in: the DHS Master Patient Index (MPI), a number of new departmental data systems, the Calfornia Department of Mental Health, and other local and state health program data sets. Additionally, a collaborative DHS CCDS Confidentiality and Security Committee is actively working to improve Departmental confidentiality and security policies and protocols, as well as promote a clear understanding of and respect for these guidelines.
Also, CHWA's California Health Information for Policy Project (CHIPP) and DHS are working with the Department of Social Services and other departments in the CHWA to facilitate further adoption of the CCDS by Agency programs and departments. The coinciding changes in required social service programs and information requirements provide an opportunity for fairly rapid and cost-effective adoption of the CCDS and other electronic data and transmission standards.
Members of numerous California stakeholder organizations have advised and supported DHS staff in the development and testing of the CCDS which has been adopted by DHS. These organizations include the: California Conference of Local Health Officers and Affiliates; County Health Administrators Association of California; University of California, San Francisco, Institute for Health Policy Studies; Healthcare Data and Information Corporation; National Health Foundation; Public Health Institute; Western Consortium for Public Health; California's Schools of Public Health; and California Public Health Association.
Do members of your organization have concerns about the type of transactions specified under HIPAA? Data Producers: How available is the information that you need to report in the transactions? Data Users: Is the information useful for bill payment, managing the care process, and health policy analysis and assessments?
Though DHS appreciates the basis for the provisions specified under HIPAA, staff have a number of concerns about the transactions, including:
1) Assurance of appropriate confidentiality and SECURITY provisions, particularly regarding electronic signatures and use of Internet-based applications for data transmission;
2) Lack of adequate resources for making the required changes;
3) Need for complex change controls as we migrate to the new standards;
4) Loss of long collected data items used for program trend analysis, and of "most appropriate" or "most effective" data items, definitions, and codes for particular program purposes, in lieu of commonly adopted standards; and
5) Critical needs to integrate public, preventive and environmental health data and information requirements into the HIPAA standards development and implementation process.
Much of the general type of data needed to meet HIPAA reporting requirements is presently collected. However, most data items will require revision, codes will need to be redefined and data sets will require modifications.
Though HIPAA is clearly moving in a beneficial direction, it is imperative that national, state and local stakeholders collaboratively continue to assess data and information requirements of all health care industry sectors (including public, preventive, and environmental health), and agree upon routine revisions of HIPAA data and transmission standards to meet dynamically evolving information needs.
Quality data (i.e., accurate, reliable, and timely) are essential for effective public health surveillance and research, as well as for administrative and clinical data uses. It is critical that we know how accurate and reliably coded data are for any given data set. Based on the quality, appropriate steps need to be implemented to routinely reassess and to continuously improve data quality. Adequate verification and validation methods should be established along with attractive incentives for improving data quality. In particular, it is important that those initially collecting a given set of data have enhanced and timely access to the data they have contributed and practical uses for those data.
How can administrative simplification best be achieved while balancing clinical and payment needs with maintaining privacy protection for the individuals?
Administrative simplification can best be achieved through a thoughtful, inclusive, step- wise migration process, including pilot demonstrations and assessment of optional approaches. The primary focus of this important migration needs to be maximization of both individual needs for privacy and the confidential use of accurate personal data. Programmatic requirements for cost-effective access to reliable information about individuals for a wide range of administrative, clinical and research purposes must be balanced with individual needs to maintain accurate and confidential personal demographic and health data. For example, providing individuals with access and rights to review and initiate corrections on their personal data can assist entities that collect and use these data to detect and correct erroneous data entries in a sensitive and cost- effective way.
Clearly defined and well publicized standard data collection, processing, transmission, and access policies and protocols which are implemented with well-conceived, detailed audit trails of data access and attempted access are critical in order to maintain accountability for data confidentiality and access.
Linkage of individually identifiable data from two or more data sets can often be conducted in highly secure environments. Most administrative and population based research can be conducted with data sets stripped of identifiers. Secure linkage environments can also be used to conduct data quality checks using cross edits and verifications between data sets. Finally, administrative and research uses of linked data sets with individual identifiers require appropriate "informed consent".
Ensuring patient confidentiality throughout the process is critical. However, the focus of standardization is the ability to identify services easily through use of standardized codes.
An important benefit from standardization is greater ease in the creation of software which lowers the cost of software development and purchase. Lower software costs increase the potential use of more current billing/reporting systems at the provider level This in turn reduces the staff work required to report services and provides a mechanism for reporting services in a standardized, acceptable, automated format.
Recognizing the intent of P.L. 104-191 of administrative simplification, what coding approach would best meet your needs? Please suggest how administrative simplification could be achieved while reducing administrative burden and obtaining clinically useful information.
In response to questions regarding how to best achieve administrative simplification, please note the earlier discussion of the California Department of Health Service's Common Core Data Set and see the Attachment outlining CCDS definitions and specifications.
Additionally, we recommend that coding software based upon use of expert systems be developed and implemented to perform standardized coding for all standardized data sets required under P.L. 104-191. The software requirements can be collaboratively developed in tandem with the coding standards, and the software can be available to all entities required to adopt the respective set(s) of coding standards. Periodic software revisions can be released to users as the software continues to "learn" and becomes increasingly accurate. This approach can increase coding accuracy and reliability while decreasing the staff time and costs required for coding. In fact, over time, expert coding software can be expected to code many data sets even more reliably and accurately than staff coders.
One successful national example of this approach is the recent development of expert software to code standardized occupation and industry codes (SOIC) from electronic literals on vital and other administrative records. This SOIC software has been developed collaboratively by: the National Center for Health Statistics, the National Institute for Occupational Safety and Health, the Federal Bureau of the Census, and several other federal agencies; the California Department of Health Services, the Massachusetts Department of Health and more than 30 other state health departments; the National Association for Public Health Statistics and Information Systems; several university research centers; local health agencies; and technology vendors.
What medical/clinical codes and classifications do you use in administrative transactions now?
Medical/clinical codes and classifications currently used in administrative transactions, as directed by HCFA include:
1) ICD-9
2) CPT-4
3) HCPC's (level 1 through level 3)
4) State only codes (State only codes equate too HCPC level 3)
5) unique program codes
What do you perceive as the main strengths and weaknesses of the current methods for coding and classification of encounter and/or enrollment data?
(b) Main strengths of the current methods for coding and classification of encounter and/or enrollment data include:
1) The Department allows and accepts most of the industry standard coding for encounter data;
2) The codes for encounter reporting submissions are defined to match coding used by the Department;
3) We define what codes plans use for submission of encounter data to the State, we do not interfere with the coding structures required by plans for their internal processing; and
4) On enrollment data, a unique plan code is added to the State's Medicaid eligibility file.
Weaknesses of the current methods for coding and classification of encounter and/or enrollment data include:
1) Since the Department does not interfere with the internal coding structures of plans, they use different codes. If codes are different, plans must map from their system to our codes when creating records for State encounter data submission.
What procedure classification to do you recommend as the initial standard for outpatient transactions? Is it practical to move to a single procedure classification on the schedule required for the implementation of administrative standards? Should the standards continue the current practices of requiring different procedure coding systems for the ambulatory and inpatient sectors?
It is our recommendation that standard codes be used in all settings and that place of service be used to identify and differentiate between ambulatory and inpatient settings. The reason for using standard codes across both places is that similar/same services are performed in the various settings.
Before the passage of HIPAA, the national Center for Health Statistics initiated the development of a clinical modification of the ICD,10th Ed. (ICD-10-CM) to replace IDC-9-CM. In addition, the Health Care Financing Administration undertook the development of a new procedure coding system for inpatient services, entitled ICD-10-PCS (Procedure Classification System). There is a plan to implement these systems simultaneously in the year 2000. On the pre-HIPAA schedule, they will be released to the field for evaluation and testing by 1998. Should ICD be used for administrative transactions? If so, which version do you advocate and why?
Yes, ICD's should be used for administrative transactions. California will implement the use of ICD-10-CM's in year 2000. HCFA specifies which version of ICD-CM's California uses.
Do you have any advice or recommendations for NCVHS and/or The Department of Health and Human Services related to the implementation of the standards and privacy provisions of the HIPAA? Do you have any concerns?
Key recommendations for NCVHS about implementation of HIPAA include:
1) Focus on defining and working from points of mutual benefit for individuals providing the required data, and for organizations collecting and using the resulting data sets and information;
2) Establish and routinely use clear, documented confidentiality and security policies and protocols, including specific informed consent procedures; and
3) Integrate priority public, preventive, and environmental health information requirements into HIPAA standards development and implementation.