HIT US: Healthcare information technology in the United States

By

Bryan Hamel

HIT US 2

Abstract Over the last decade use of electronic information technology (IT) through electronic data interchange (EDI) has accelerated throughout the healthcare sector. Healthcare policy signed by President Clinton leading to the adoption of Health Insurance Portability and Accountability Act of 1996 (HIPAA) and policies set by President Bush for a national standard for electronic health records (EHR) are set to affect hospitals, healthcare providers, insurance companies, clearinghouses, software vendors and patients. These policies in healthcare information technology (HIT) change the way healthcare conducts business across the entire system. Policies are helping to create a standard for the sharing of information while ensuring privacy and accountability. Though the standards are apparent in HIPAA and are currently being adopted for standards in electronic medical records (EMR), many vendors and payers create a standard of their own based upon their interpretation of the rules. The patient and consumer worries regarding the way this information will be used along with security and privacy are a growing concern. This paper gives an overview of health policy as it relates to healthcare information technology and how it affects the patients, providers, payers, and vendors.

HIT US 3 Table of Contents

1. 2. 3. 4. 5. 6. 7. 8.

Introduction to HIT 4 Policy as it relates to HIT 5 HIPAA 7 Administrative Simplification and the claims process 10 The Clearinghouse 11 National standard for electronic health records 13 Privacy concerns 15 Conclusion 16

HIT US 4

HIT US: Healthcare information technology in the United States In the United States, information technology (IT) and e-commerce is playing an important role in healthcare. Increased access and use of information technology is more prevalent through lower hardware costs, increased computing speed, storage capacity, and internet advancements. Proper use of healthcare information technology improves the accuracy and speed at which the information can be used to save lives, time, and money. Healthcare information is a very thorough process which requires computers, databases, and networks to manage the cycling of the information through data connections. Quality patient care relies on careful documentation of each patients medical history, health status, current medical conditions, and treatment plans. Management of financial information through out the revenue cycle of a healthcare provider is essential for strategic planning and operational support of the patient care process. An argument can be made that the healthcare industry is one of the most information intensive sectors of our economy (Austin & Boxerman, 2003). Over the last decade use of electronic information technology (IT) through electronic data interchange (EDI) has accelerated throughout the healthcare sector. Healthcare policy signed by President Clinton leading to the adoption of Health Insurance Portability and Accountability Act of 1996 (HIPAA) and policies set by President Bush for a national standard of electronic health records (EHR) affect hospitals, healthcare providers, insurance companies, clearinghouses, software vendors and patients. The

HIT US 5 policies set for healthcare information technology change the way healthcare conducts business across the entire healthcare system by helping to create a standard for the sharing of information while ensuring privacy and accountability. Though the standards are apparent in the HIPAA manual and are currently being adopted for electronic medical records (EMR), many vendors and payers create their own set of standards based upon their interpretation of the rules. The patient and consumer worries regarding the way this information will be used along with security and privacy are a growing concern. How providers are going to pay for these changes is another major concern. Reimbursements are on the decline and spending is on the rise. Providers are just now seeing return on investment (ROI) from HIPAA standardized transactions. Many hospitals utilize out-dated hospital information systems (HIS) which are not HIPAA compliant. Furthermore, many providers will need to start looking into EMRs that connect to a national EHR database. Policy Policy as it relates to healthcare information technology is typically promoted by the government to protect and safeguard the consumer or patient and often result in money savings for the government and large corporations. The providers including: hospitals, physician offices, and specialty clinics are typically the ones to bear the cost of policy changes, which in turn are passed on to the consumer or patient. Longest (2002) defines public policy as authoritative decisions made in the legislative, executive, or judicial branches of government that are intended to direct or influence the actions,

HIT US 6 behaviors, or decisions of others. When public policies or authoritative decisions pertain to health or influence the pursuit of health, they are health policies (Longest, 2002). In healthcare, it is the governments responsibility to keep watch on industry trends that affect public health. The gross domestic product (GDP) for the healthcare industry is around 16% and growing. The government has determined a need to develop policy by recognizing certain technologies have a significant impact in the process and delivery of healthcare and the flow of funds. Government intervention in healthcare is generally a good idea as it pertains to the standardization and privatization of electronic transactions. Large business corporations that influence technologies, i.e. insurance, pharmaceutical, and software companies, tend to drive the provider to adapt to their set of standards. Many companies deploy their technology before policy is ever made. Big business often set the standard before government intervention, thus creating multiple sets of information in a nonstandard format. Often times there will be a buzz in the industry created by the media of policies that are being debated in legislature. Some policy can take years to be developed and implemented. Providers are often persuaded by sales representatives to buy the products. Some providers want to be the first to buy certain technologies without even knowing how the policies being legislated will affect the product. Multiple standards that do not connect can be frustrating to all looking to transmit or access the data. This hindrance can be a financial constraint when vendors, physicians, pharmacies, payers and patients need access to this critical information.

HIT US 7 Often access is deprived because this nonstandard format. Medicare accounts for 31% of a hospitals source of funds; with the average revenue of a hospital being at $87 million (AHA, 2002). Seemingly, it behooves the government to set these policies and regulate information technology as it relates to the flow of funds. Over the past decade President Clinton, President Bush, and President Obama have developed policies to promote the utilization of information in the healthcare sector. These policies promote and set a standardization of healthcare information while ensuring the privacy and protection of the people. HIPAA As part of the Clinton healthcare reform, the federal government will be urged to take leadership on healthcare information issues: confidentiality/security/privacy and information standards (Task force representative says information lifeblood of reform, 1993). HIPAA is the Health Insurance Portability and Accountability Act of 1996 and is also known as Public Law 104-191 and the Kennedy-Kassebaum Bill, named after its creators, Senators Edward Kennedy (D-MA) and Nancy Kassebaum (R-KS). The overall goal of HIPAA is to provide insurance portability, fraud enforcement, and administrative simplification for the healthcare industry. HIPAA was formed out of growing concerns for keeping healthcare information private with need to consolidate nonstandard healthcare data and transaction formats, as well as the general consensus to streamline healthcare operations and reduce the cost of providing healthcare services (Beaver & Herold, 2003, p3). This legislation was passed by the congress and signed into law by President Bill Clinton, and became effective on August, 1996.

HIT US 8 HIPAA has created an enormous responsibility for healthcare providers. HIPAA consultants have been reaping the rewards by fully understanding HIPAA and following its constant changes. HIPAA requires health care organizations to establish formal, stringent procedures on how health information is handled internally and by business partners. It requires the retraining of all employees that handle identifiable information in new procedures governing the use and disclosure of information. It requires physical safeguards to protect computer systems and information technology to control and monitor access to data and secure data in transit (Goedert, 2000). Utilizing consultants and outside help allows providers to ensure compliance within the healthcare organization. Failure to comply with HIPAA can contribute to some hefty fines. As it relates to confidentiality provisions, a violator can be punishable by civil and criminal penalties of up to $250,000 in fines and 10 years imprisonment (Goedert, 2000). HIPAA not only affects healthcare providers and insurance companies, but employers as well. The need for a compliance officer within the human resources department of a large corporation can help keep employers compliant with HIPAA regulations. Employers are required to provide their health plans with enrollment and disenrollment information in a standardized electronic format (More computer hassles over HIPAAs EDI standards, 1999). This enrollment/disenrollment format is known as an 834 transaction. Additionally, fines can be enforced up to $100 per day per employee for noncompliance (More computer hassles over HIPAAs EDI standards, 1999).

HIT US 9 The Administrative Simplification process of HIPAA addresses the transaction standards that Hospitals and Healthcare providers now need to adopt. The central purpose of the Administrative Simplification provisions of HIPAA is to reduce the costs and administrative burdens of healthcare by making possible the standardized, electronic transmission of administrative and financial transactions. The electronic transactions rule, issued by HHS on August 17, 2000, applies to covered entities-namely, health plans, heath care clearing houses and health providers who transmit any health information in electronic form in connection with a transaction for which HHS has adopted a standard (Michael & Pritchett, 2001). Within the revenue cycle process of a provider; there are sets of electronic data interchange (EDI) transaction standards. These EDI standards, shown in Figure 1, are set by HIPAA to be in an ASC X12 4010A format and will soon change to 5010.

Figure 1.

HIT US 10

(Moynihan & McLure. 1996, p49)

Administrative Simplification and the revenue cycle To fully understand the impact of Administrative Simplifications issued by HHS, one must understand the revenue cycle process of a healthcare provider. As a patient walks into a hospital, typically the first step to the process is patient registration. The patient demographic and insurance information is entered into the hospital information system (HIS) or in the practice management system (PMS). A registration person will then verify health insurance benefits by submitting an eligibility inquiry (270) and a transaction is processed. The 270 inquiry can be run real-time; meaning live and instantaneous with the payer. The 270 inquiry of benefits leaves the hospital

HIT US 11 electronically, reaches the payer and returns a 271 transaction back to the provider. The eligibility response (271) will enable the registration clerk to verify insurance benefits, determine co-pay information, primary care physician information, health maintenance organization (HMO) information and display any third party payers if applicable. Having this information correct in the HIS is detrimental to sending proper claims to a payer. A referral certification and authorization or utilization review can be obtained through the 278 transaction. In a hospital, once services are rendered, and diagnosis & procedure information is entered into the system by the medical records department, then an electronic claim is ready for submission to the payer. The electronic claim submission transaction known as an 837 can then be sent to the payer. The payer often takes time to adjudicate the electronic claims into the system, typically 24/48 hours. A 997 transaction acknowledgment can be sent back to the provider alerting the sender that the claims were accepted. A person in the billing department can perform a claim status transaction known as a 276/277. The 276 identified as the inquiry and 277 identified as the payer response. This transaction will give a preview to where the claim is in the adjudication process at a payer level. Lastly, when a payer decides the claim warrants payment, a remittance advice is sent to the provider in an 835 format along with an explanation of benefits (EOB) sent to the patient. The 835 transaction can then be uploaded to the HIS or PMS. The 835 can be further worked by the billing department by recognizing denied and rejected claims information. The information of payments within the 835 that has been uploaded to the system can then be reconciled against the checks sent to a bank lock box by the payer.

HIT US 12 Additionally, the bank may be able to provide an electronic file transfer (EFT) for upload and reconciliation. One can understand how this process can be confusing for the hospital or provider. To further complicate the issue, even with the Administrative Simplification provisions set by HIPAA, it is up to the payer to determine what the ASC X12 4010A format really means and is often based upon the interpretation of the data. With thousands of differing payer interpretations; it can be said the transactions may be dissimilar. Consequently, providers are dealing with a standard of nonstandard EDI processes. To help alleviate this headache the clearinghouse business evolved. Clearinghouse HIPAA defines a health care clearinghouse as a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements. A healthcare clearinghouse is an intermediary between healthcare providers, hospitals, patients, and payers. Clearinghouses help bridge the communication gap that results from an interpretation of the standard format for the transmission of healthcare information. The clearinghouse receives health care data from a provider, translates the data from a given format into a HIPAA standard X12 4010A transaction that is acceptable by payer standards and forwards the processed data back to the provider. Historically, perhaps the best known claim clearinghouse is the National Electronic Information Corporation (NEIC), a company founded by major commercial insurance companies including: Aetna, Travelors, John Hancock, Cigna, and Metropolitan Life. NEIC was purchased by Envoy; which was then purchased by

HIT US 13 WebMD Business Services in 2000, who recently in 2005 changed its company name to Emdeon. In 2001 WebMD Envoy processed more than two billion electronic healthcare transactions for approximately 300,000 physician and 1,000 healthcare plans. In 2005, another large clearinghouse, Per-Se Technologies purchased clearinghouse company NDCHealth. Other well know clearinghouses include; SSI, and MedAvant formerly ProxyMed. Many companies will claim to be a clearinghouse, but actually connect to one or more of the large clearinghouses and should be considered resellers. An inherent risk in using a clearinghouse reseller is the inadequacy to track the claims to adjudication and receive other transactions, like the electronic remittance advice (ERA 835). ERAs can only be obtained from the last source of transmission from the claim being received at a payer level. Meaning, if clearinghouse ABC receives claims from the hospital and has to route the claims through XYZ clearinghouse, who has an exclusive payer arrangement, quite often the provider is only able to get the ERAs from XYZ. National standard for electronic health records President Bush has been a strong advocate in spending for healthcare information technology. More specifically, On April 26, 2004, President Bush announced a series of specific measures in a White House document titled, A new generation of American innovation (2004), which includes policies to assure better delivery of health care. President Bush believes that innovations in electronic medical records and the secure exchange of medical information will help transform health care in America by improving health care quality, reducing health care costs, preventing medical errors, improving administrative efficiencies, reducing paperwork, and

HIT US 14 increasing access to affordable health care. The President has set an ambitious goal of assuring that most Americans have electronic health records within the next 10 years. Congress has approved the Department of Health and Human Services' fiscal 2006 budget with a sizable funding hike for the Office of the National Coordinator for Health Information Technology. The office will receive $61.7 million. That includes direct funding of $42.8 million, and $18.9 million in discretionary spending redirected to the office. Within the office's total budget are funds to pay for the four recently awarded contracts to develop prototypes for a national health information network (Health Data Management, Feb 2006). These policies developed under President Bush are centered on the use of electronic medical records and the sharing of information between providers by creating a national standard of electronic health records to be processed through the internet. As President Bush urges the nation's health system to move into a new era of information technology, the federal government has made final plans to create a model electronic record for both consumers and providers within a year (Romano. 2006). The American Health Information Community, a 17-member advisory panel on healthcare IT that was formed in 2005 by HHS Secretary Mike Leavitt, laid out a strategy for four working groups to carry out its plans (Romano. 2006). Two of those groups, which were charged with creating electronic records for selected populations, are the consumer-empowerment work group and the electronic health-records (EHR) work group (Romano. 2006). These new EHR transactions proposed by President Bush will have a significant impact in healthcare by improving the accuracy of patient medical records and reduce

HIT US 15 medical errors. In commerce with electronic medical records, inaccessibility to this information could prove deadly, hence President Bushs push for standardization. The author envisions the final outcome to include the enabling of consumers and patients with the capacity to update their own information and medical history and drug information in conjunction with what the provider has added to their records. The patient will have limited access to this information through a regulated website. When a patient comes in for service hospitals and providers could upload the information to the hospital information system through HL7 transfer. If this information is not available to upload into the system, then the provider should have access to it through a controlled and centralized website. At a hospital or physician office the registration process will become integrated with the national EHR database through a standard electronic transaction. When the EMRs are pulled the physician will have instant access to view a patients medical history, test and lab results, allergies, medications, and conditions. Access to this information should save thousands of lives and help to save time and money.

Privacy concerns The conundrum with the standardization of electronic medical records and allowing this information to flow over the internet creates an issue for the security and privacy of who will have access to the information. The March, 2006 issue of Consumer Reports questions the security and privacy of national electronic medical records in (The new threat to your medical privacy).

HIT US 16 Could computer hackers or pranksters release the information onto the Internet, where your co-workers could learn, say, that you are being treated for alcoholism? Might your record become available to potential employers or lenders who decide that youre not healthy enough to perform the job or handle a 30-year mortgage? And will you be able to control who has access to or find out who has viewed your medical records? Other consumer concerns can have a more serious impact to the healthcare industry. The government needs to ensure the information will be safe and educate consumers so they are onboard with the national electronic health records database. Patients need to understand that the information will not be used against them and will be safe guarded by strict security measures. Those skeptical to the proposed system may react differently. These behaviors included asking a doctor not to record a health problem, avoiding their regular doctor for certain conditions, paying for a test or procedure instead of filing an insurance claim, or deciding not to be tested out of fear others might learn the results (Robeznieks. 2005). Conclusion The costs associated with moving this initiative will be enormous for hospitals and physician groups, yet the return on investment can be great. The following from a Computers in healthcare article written in 1992 shows that costs were as much a concern for providers as they are today. It has become increasingly clear in recent months that there is a growing crisis in healthcare costs--costs that have proven difficult to control given the conflicting goals of our current healthcare policies--increased coverage for the poor, continued access to high-cost technology for all, freedom of choice in selecting and

HIT US 17 consulting caregivers, and defense of high-risk lifestyle choices (Halseth & Paul, 1992). As time continues and baby boomers become more dependant on healthcare the industry will continue to feel the effects of this growing crisis. In order to manage the current and emerging technologies a hospital needs to ensure that the decision makers have a proper vision of how EDI and EHR will transform the industry. As a consultant in the hospital information technology sector the author has worked with hospitals who have invested thousands and millions of dollars into a system, that will have to be replaced in a couple of years due to lack of vision. This is part of the reason why a CIO is important to have within the healthcare organization. More importantly, it will be critical to the hospital or large physician groups that the CIO has the vision needed to make decisions that could inadvertently make or break the organization. Information technology is still in its infancy within healthcare. Moving forward technology advancements coupled with policy will set the stage for processes to be automated, allowing providers and insurers to speed the flow of funds, reduce administrative costs, and most importantly improve the quality of care. The clinical decision making process will be expedited amongst providers and help reduce medical errors. Certain care will be monitored and administered electronically, thus alleviating the nurse shortage. In short; healthcare information technology can be a good thing. The determinant for the success of technology will be weighed from its cost, return on investment, and the improvement of quality care. Technology is only a success if it improves the quality of our lives.

HIT US 18

References A New Generation of American Innovation. (2004, April). Retrieved February, 2006, from http://whitehouse.fed.us/infocus/technology/ economic_policy200404/chap3.html American Hospital Association (2002). Hospital Statistics. Chicago: American Hospital Association. Austin, C. J., & Boxerman, S. B. (2003). Information Systems for Healthcare Management (6th ed.). Chicago: Health Administration Press. Beaver, K., & Herold, R. (2003). The Practical Guide to HIPAA Privacy and Security Compliance, CRC Press LLC.

HIT US 19 Goedert, J. (2000, April). The dawn of HIPAA. Health Data Management, Vol.8, 4, p.84-93. Halseth, M. J., & Paul, J.R. (1992, November.). The coming revolution in information systems. Computers in Healthcare, p.43-44. Health Data Management, (2006, February). Retrieved February, 2006, from http://www.healthdatamanagement.com/html/current/PastIssueStory.cfm? ArticleId=12875&issuedate=2006-02-01 HIPAA Public Law 104-191, (1996, August). Health Insurance Portability and Accountability Act of 1996. Retrieved February, 2006, from http://aspe.hhs.gov/admnsimp/pl104191.htm#1171 Longest, B. B. (2002). Health policymaking in the United States. (3rd ed.). Chicago: Health Administration Press. Michael, P., & Pritchett, E. (2001, May). The impact of HIPPA electronic transmissions and health information privacy standards. Journal of the American Dietetic Association, Vol.101, p.524-528. More computer hassles over HIPAA's EDI standards. . (1999, November.). Business & Health, p.9. Moynihan, J. J., & McLure, M. L. Ph.d. (1996). EDI: A Guide to Electronic Data Interchange and Electronic Commerce Applications in the Healthcare Industry. Chicago: Probus Co. Robeznieks, A. (2005, November). Privacy fear factor arises. Modern Healthcare, Vol.35, 46; p.6-9. Romano, M. (2006, February). Moving IT forward. Modern Healthcare, Vol. 36, 6, p.7.

HIT US 20 Task force representative says information lifeblood of reform. (Dr. John S. Silva, chairman of the Information Systems Working Group of the White House's Healthcare Reform Task Force). (1993, July). Computers in Healthcare, Vol.14, 7 p.8-9. The new threat to your medical privacy. (2006, March). Consumer Reports, Consumers Union of U.S., Inc.