The Secretary of HHS formulated a 5-part strategy for developing and implementing the standards mandated under Administrative Simplification.
While not a part of the 5-part strategy, a critical sixth step that will be implemented once the standards have been put in place will be the ongoing monitoring of the implementation of the standards to determine if additions or modifications to the standards are needed.
This implementation strategy was designed to assure coordination among HHS agencies, participation by other Federal departments, as well as interaction with the industry and the research and public health communities. Responsibilities within HHS were distributed across three interrelated organizational components: the HHS Data Council, the Data Council's Health Data Standards Committee, and the Implementation Teams.
The HHS Data Council, the Department’s senior internal data policy body, was given the responsibility to oversee implementation of Administrative Simplification by the Secretary. The Council consists of representatives from each major operating and staff division within HHS. The Council, as a senior policy guidance and decision making body, has been designated to guide the process and report to the Secretary on the progress of the standards and privacy efforts. During the past year, the co-chairs of the Data Council have been the Assistant Secretary for Planning and Evaluation and the Administrator of the Health Care Financing Administration (HCFA). The Data Council serves as the contact point for the NCVHS and resolves disputes that cannot be resolved by the Data Council's Health Data Standards Committee.
The Data Council's Health Data Standards Committee (HDSC) is responsible for the daily operation and management of the standards activities. The membership of the Health Data Standards Committee includes representatives from the Executive Office of Management and Budget, HHS components and other affected Federal Departments, including the Department of Defense, the Department of Veterans Affairs, and others. The HDSC determines the membership and coordinates the activities of the Implementation Teams. It is also responsible for ensuring that external groups -- NCVHS' Committee on Health Data Needs, Standards, and Security; the Workgroup for Electronic Data Interchange (WEDI); the American National Standards Institute's Healthcare Informatics Standards Board (ANSI HISB); the National Uniform Claim Committee (NUCC); the National Uniform Billing Committee (NUBC); the American Dental Association (ADA); and the National Council for Prescription Drug Programs (NCPDP) -- are appropriately consulted and involved in the development process. The HDSC resolves issues that cannot be resolved by the Implementation Teams.
Seven Implementation Teams (ITs) are responsible for the research, analysis, and development of recommendations for national standards for consideration by the HDSC and the Data Council. These teams are made up of representatives from HHS and from a number of other government Agencies that will be affected by the standards or have specific expertise necessary for development of the recommendations. These include the Department of Defense, the Department of Veterans Affairs, the Department of Labor, the Department of Commerce, the Social Security Administration, the Department of the Treasury, the Office of Personnel Management, and CHAMPUS. A member of the NCVHS has been assigned as liaison to advise and assist each of the Teams and to monitor their progress. To assure a broad perspective, each Team is headed by two co-chairs, one selected from the Health Care Financing Administration and the other from another Federal agency.
The subject matter of the teams includes (1) claims/encounters, (2) identifiers, (3) enrollment/eligibility, (4) systems security, (5) medical coding/classification, (6) claims attachments. A seventh team addresses cross-cutting issues and coordinates the subject matter teams. The teams have consulted with external groups such as the NCVHS Workgroup on Data Standards, WEDI, the ANSI HISB, the NUCC, the NUBC, and the ADA.
With significant input from the health care industry, the Implementation Teams charged with developing recommendations for national standards defined a set of principles for guiding their choices for standards to be adopted by the Secretary. These principles are based on direct specifications in HIPAA, the purpose of the law, and generally desirable principles. To be designated as a HIPAA standard, each standard should:
The HHS implementation strategy was designed to afford many opportunities for interested and affected parties to participate in the standards development and adoption processes. They can:
Early on, ANSI HISB provided the Department with an inventory of standards that currently exist in the health care industry. This inventory served as the starting point for the Implementation Teams' evaluation of existing standards to identify candidate standards for adoption.
In response to its new responsibilities, the NCVHS achieved an unprecedented level of activity and output during the first year of HIPAA implementation. The NCVHS formed the Subcommittee on Privacy and Confidentiality; the Subcommittee on Health Data Needs, Standards, and Security; and the Workgroup on Data Standards and Security within that Subcommittee to conduct extensive hearings, coordinate with the Department, and develop the recommendations to the Secretary required by the law. The NCVHS also formed the Subcommittee on Population-Specific Issues, which has been instrumental in seeking out the perspectives of populations at risk to determine the impact of administrative simplification on those populations.
The NCVHS has served as the Department's primary liaison with the private sector and has held a numerous public hearings to obtain the views, perspectives, and concerns of interested and affected parties, as well as their input and advice on health data standards and privacy. In addition to providing numerous opportunities for the private sector to participate in the standards adoption process, these public hearings sponsored by the NCVHS helped shape the belief that this was indeed an open process.
The Full Committee held public hearings on:
Topic: Implementation of administrative simplification provisions of P.L. 104-191: research, public health, and quality assurance perspectives and perspectives on administrative transaction standards.
Participating Stakeholders: Joint Commission on Accreditation of Healthcare Organizations, National Committee for Quality Assurance, Urban Institute, National Association of Health Data Organizations, ANSI HISB, WEDI, NUCC, NUBC, Association for Electronic Health Care Transactions, Computerized Patient Record Institute.
Topic: Issues surrounding unique identifiers, privacy and confidentiality, and the conceptual framework for coding and classification.
Participating Stakeholders: Christopher Chute, M.D.; James Cimino, M.D.; Karen Weigel, R.R.A.; DHHS and NCVHS staff.
Topic: State-based standards and privacy issues and discussion of privacy and health data standards recommendations.
Participating Stakeholders: Minnesota Health Data Institute, Foundation for Health Care Quality, and Massachusetts Health Data Consortium, Inc.; DHHS and NCVHS staff.
Topic: Discussion of privacy and health data standards and public education recommendations.
Participating Stakeholders: DHHS and NCVHS staff.
Topic: Discussion of privacy and health data standards and public health data issues.
Participating Stakeholders: DHHS and NCVHS staff.
The Subcommittee on Population Specific Issues and the Executive Subcommittee held joint public hearings in San Francisco, California on:
Topic: Perspectives on privacy, confidentiality, data standards, and medical coding and classification issues in implementation of the administrative simplification provisions of P.L. 104-191.
Participating Stakeholders: The panelists included representatives from insurers, health plans, providers, public health and research, public hospitals, community health centers, academic centers, patient advocacy groups, integrated health systems, employers, and State health departments.
The Subcommittee on Health Data Needs, Standards, and Security conducted hearings on:
Topic: Perspectives on implementation of the administrative simplification provisions of P.L. 104-191.
Participating Stakeholders: The panelists included representatives from health care purchasers, professional health care providers, health care facilities and other providers, health plans, and payors.
Topic: Perspectives on implementation of the administrative simplification provisions of P.L. 104-191.
Participating Stakeholders: The panelists included representatives from health care oversight and management organizations, experts on the electronic transmission of health care transactions, software vendors, and representatives from ANSI HISB and ANSI SDOs.
Topic: Perspectives on medical/clinical coding and classification issues in implementation of the administrative simplification provisions of P.L. 104-191.
Participating Stakeholders: The panelists included representatives from professional health care providers, health care facilities, special data users, providers, health plans, public health and research, Federal agency data users, and developers of coding and classification systems.
Topic: Perspectives on security issues in implementation of the administrative simplification provisions of P.L. 104-191.
Participating Stakeholders: The panelists included representatives from providers, payors, professional associations, vendors, standards development organizations, and accreditation organizations.
Topic: Development of recommendations for security and payer ID to the Secretary.
Participating Stakeholders: DHHS and NCVHS staff.
The Subcommittee on Privacy and Confidentiality conducted hearings on:
Topic: Privacy issues and concerns related to research, public health, and health oversight.
Participating Stakeholders: The panelists included representatives from research, public health, and health oversight organizations.
Topic: Privacy issues and concerns related to insurers and employers, claims processors, and other intermediaries, the pharmaceutical industry, and social welfare agencies.
Participating Stakeholders: The panelists included representatives from insurers, employers, claims processors and other intermediaries, the pharmaceutical industry, Federal agencies, and social welfare agencies.
Topic: Privacy issues and concerns related to law enforcement agencies, health care providers, privacy and patient advocacy groups, and privacy enhancing technologies.
Participating Stakeholders: The panelists included representatives from law enforcement agencies, health care providers, privacy and patient advocacy groups, and privacy-enhancing technology experts.
In all, more than 200 witnesses from across the health spectrum presented testimony at these hearings. To enhance participation further, NCVHS public meetings are now routinely broadcast live on the Internet with the help of the Department of Veterans Affairs. For those unable to attend or listen to the meetings as they occur, recordings of the live broadcasts are available also on the Internet. Agendas and transcripts of these hearings, minutes, announcements of public meetings, and schedules for future hearings are distributed through the NCVHS web site at:
The NCVHS has participated with the Department in every aspect of the standards selection process. Through the Data Council, the NCVHS has submitted recommendations to the Secretary for standards to be adopted and on privacy guidelines and has commented on HHS draft proposals for data standards. The NCVHS Workgroup on Data Standards has worked closely with the HDSC and the ITs.
The NCVHS provides to, and receives from the Data Council, the HDSC, and the ITs regularly scheduled reports and informal communications on their respective activities. The Data Council Chairs attend NCVHS meetings, and the NCVHS Chair attends the monthly meetings of the Data Council. Each IT has a liaison from the NCVHS who participates in Team meetings and provides advice and guidance. Upon request, the NCVHS also advises the Secretary on particularly sensitive and controversial issues.
The recommendations of the NCVHS to the Secretary have been based in large part on testimony received during the numerous public hearings discussed above. The full text of these recommendations is available from the NCVHS web site. Following are summaries of these recommendations.
On June 25, 1997, the Committee recommended that HHS adopt the proposed National Provider Identifier (NPI) as the unique identifier for health care providers. The NPI is an eight-digit alphanumeric identifier that would be assigned to all providers, upon receipt and validation of essential identifying information. The Committee found broad support for the NPI and urged HHS to publish the proposal for public comment without delay.
On June 25, 1997, the NCVHS recommended the adoption of the following standards for transmission of administrative and financial transactions:
Pharmacy -- NCPDP Telecommunications Standard Format
Institutional -- ASC X12N Health Care Claim (837)
Professional -- ASC X12N Health Care Claim (837)
Dental -- ADA Implementation Guide for ASC X12N 837
* the X12N standard for claims includes standard information for coordination of benefits.
ASC X12N Benefit Enrollment and Maintenance (834)
ASC X12N Health Care Eligibility/Benefit Inquiry (270)
ASC X12N Health Care Eligibility/Benefit Information (271)
ASC X12N Health Care Claim Payment/Advice (835)
ASC X12N Consolidated Service Invoice/Statement (811)
ASC X12N Payment Order/Remittance Advice (820)
ASC X12N Report of Injury, Illness or Incident (148)
ASC X12N Health Care Claim Status Request (276)
ASC X12N Health Care Claim Status Notification (277)
ASC X12N Health Care Service Review Information (278)
The Committee also recommended that HHS specify the acceptable versions and implementation guides for these standards at the time the final rules are issued.
Finally, recognizing the concerns of providers that technical problems associated with the conversion to these standards could delay payments and cause significant financial harm, the NCVHS recommended a transition strategy, whereby willing trading partners, by mutual agreement, could continue to use existing flat-file mechanisms until February 2002.
On June 25, 1997, the Committee recommended that ICD-9-CM diagnosis codes, ICD-9-CM Volume 3 procedure codes, and HCPCS (including CPT and CDT) procedure codes be adopted as the standards to be implemented by February 21, 2000. The Committee further recommended that HHS advise the industry to build its information systems to accommodate a change to ICD-10-CM diagnostic coding in the year 2001 and to anticipate a major change to a unified approach to coding procedures (yet to be defined) by the year 2002 or 2003. The Committee recommended that HHS identify and implement an approach for procedure coding that addresses deficiencies in the current systems, including issues of specificity and aggregation, unnecessary redundancy, and incomplete coverage of health care providers and settings.
The Committee has a long-standing interest and involvement in coding and classification issues. Given the need for a major change in the mechanisms for coding procedures, the Committee's active involvement in this area will continue.
On September 9, 1997, the Committee submitted a number of technical security principles and recommendations for organizational practices for the Secretary's consideration. The Committee did not recommend the adoption of specific standards because standards in this area are not fully mature and have not been extensively implemented by the health care industry.
In order for health information systems to be secure, there must be:
a. Individual authentication of users
b. Access controls
c. Monitoring of access
d. Physical security and disaster recovery
e. Protection of remote access points
f. Protection of external electronic communications
g. Software discipline
h. System assessment
i. Monitoring of integrity of data
A number of organizational practices are recommended to promote security:
a. Scalable confidentiality and security policies and procedures
b. Security/confidentiality committees
c. Designation of an information security officer in health care organizations
d. Education and training programs for all employees, medical staff, agents, and contractors
e. Organizational sanctions for violation of policies and procedures
f. Improved patient authorization forms for disclosure of health information
g. Patient access to audit logs
Finally, the Committee recommended that, in the short-term, health care organizations institute a risk assessment of their current state of compliance with these organizational and technical practices and, in the longer term, the development of criteria to evaluate and monitor compliance and the incorporation of these requirements in the standards of organizations that license or accredit health care organizations.
On June 27, 1997, the Committee presented a set of privacy recommendations to the Secretary. The Committee recommended that the Administration assign the highest priority to the development of a strong position on health privacy and that the 105th Congress enact a health privacy law before it adjourns in the fall of 1998. The Committee called for a law that requires creators and users of identifiable health care information to establish a full range of fair information practices, including a patient's right of access to records, right to seek amendment of records, and right to be informed about uses of health information. The Committee felt that the law must also impose restrictions on disclosure and use of the information, require adequate security, impose sanctions for violations, and increase reliance on non-identifiable information whenever possible.
In its recommendations, the Committee strongly supported the use of health records for health research, subject to independent review of research protocols and other procedural protections for patients. The Committee also strongly supported the use of health records for public health purposes, subject to substantive and procedural barriers commensurate with the importance of the public health functions. The Committee stated that patients need strong substantive and procedural protections if their health records are to be disclosed to law enforcement officials.
The Committee strongly supported limiting use and disclosure of identifiable information to the minimum amount necessary to accomplish the purpose. The Committee also indicated that when identifiable health information is made available for non-health uses, patients deserve a strong assurance that the data will not be used to harm them.
On September 9, 1997, the Committee endorsed the proposal for the national standard for identifying health plans or PAYERID. The Committee suggested that the Department leave open the option of moving to an alphanumeric identifier in the future.
On September 9, 1997, the Committee recommended that the selection of a unique health identifier for individuals be delayed until the passage of legislation to assure the confidentiality of individually identifiable health information and to protect an individual’s right to privacy. The Committee also recommended that alternative methods of identifying individuals and linking health information of individuals for health purposes be evaluated on the basis of the American Society for Testing and Materials criteria coupled with a cost-benefit evaluation and public comment. The Committee stated its intention to continue to receive public comment on this issue.
During the coming year, the NCVHS is planning to conduct additional hearings on the Unique Health Identifier for Individuals, Security, and Claims Attachments, as well as other standards-related issues, as necessary.