Proposed Rule2022-27437
Administrative Simplification: Adoption of Standards for Health Care Attachments Transactions and Electronic Signatures, and Modification to Referral Certification and Authorization Transaction Standard
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
December 21, 2022
Issuing agencies
Health and Human Services Department
Abstract
This rule would implement requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Patient Protection and Affordable Care Act, as amended by the Health Care and Education Reconciliation Act of 2010, enacted on March 30, 2010--collectively, the Affordable Care Act. Specifically, this proposed rule would adopt standards for "health care attachments" transactions, which would support both health care claims and prior authorization transactions, and a standard for electronic signatures to be used in conjunction with health care attachments transactions. To better support the use of the proposed standards for attachments transactions with prior authorization transactions, this rule also proposes to adopt a modification to the standard for the referral certification and authorization transaction (X12 278) to move from Version 5010 to Version 6020.
Full Text
<html>
<head>
<title>Federal Register, Volume 87 Issue 244 (Wednesday, December 21, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 244 (Wednesday, December 21, 2022)]
[Proposed Rules]
[Pages 78438-78468]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-27437]
[[Page 78437]]
Vol. 87
Wednesday,
No. 244
December 21, 2022
Part V
Department of Health and Human Services
-----------------------------------------------------------------------
Office of the Secretary
-----------------------------------------------------------------------
45 CFR Parts 160 and 162
Administrative Simplification: Adoption of Standards for Health Care
Attachments Transactions and Electronic Signatures, and Modification to
Referral Certification and Authorization Transaction Standard; Proposed
Rule
��Federal Register / Vol. 87, No. 244 / Wednesday, December 21, 2022 /
Proposed Rules��
[[Page 78438]]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of the Secretary
45 CFR Parts 160 and 162
[CMS-0053-P]
RIN 0938-AT38
Administrative Simplification: Adoption of Standards for Health
Care Attachments Transactions and Electronic Signatures, and
Modification to Referral Certification and Authorization Transaction
Standard
AGENCY: Office of the Secretary, Department of Health and Human
Services (HHS).
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: This rule would implement requirements of the Administrative
Simplification subtitle of the Health Insurance Portability and
Accountability Act of 1996 (HIPAA) and the Patient Protection and
Affordable Care Act, as amended by the Health Care and Education
Reconciliation Act of 2010, enacted on March 30, 2010--collectively,
the Affordable Care Act. Specifically, this proposed rule would adopt
standards for ``health care attachments'' transactions, which would
support both health care claims and prior authorization transactions,
and a standard for electronic signatures to be used in conjunction with
health care attachments transactions. To better support the use of the
proposed standards for attachments transactions with prior
authorization transactions, this rule also proposes to adopt a
modification to the standard for the referral certification and
authorization transaction (X12 278) to move from Version 5010 to
Version 6020.
DATES: To be assured consideration, comments must be received at one of
the addresses provided below, no later than 5 p.m. on March 21, 2023.
ADDRESSES: In commenting, please refer to file code CMS-0053-P. Because
of staff and resource limitations, we cannot accept comments by
facsimile (FAX) transmission.
You may submit comments in one of three ways (please choose only
one of the ways listed):
1. Electronically. You may submit electronic comments on this
regulation to <a href="http://www.regulations.gov">http://www.regulations.gov</a>. Follow the ``Submit a
comment'' instructions.
2. By regular mail. You may mail written comments to the following
address ONLY: Centers for Medicare & Medicaid Services, Department of
Health and Human Services, Attention: CMS-0053-P, P.O. Box 8013,
Baltimore, MD 21244-1850.
Please allow sufficient time for mailed comments to be received
before the close of the comment period.
3. By express or overnight mail. You may send written comments to
the following address ONLY: Centers for Medicare & Medicaid Services,
Department of Health and Human Services, Attention: CMS-0053-P, Mail
Stop C4-26-05, 7500 Security Boulevard, Baltimore, MD 21244-1850.
For information on viewing public comments, see the beginning of
the SUPPLEMENTARY INFORMATION section.
FOR FURTHER INFORMATION CONTACT: Daniel Kalwa, (410) 786-1352. Geanelle
G. Herring, (410) 786-4466. Christopher Wilson, (410) 786-3178.
SUPPLEMENTARY INFORMATION:
Inspection of Public Comments: All comments received before the
close of the comment period are available for viewing by the public,
including any personally identifiable or confidential business
information that is included in a comment. We post all comments
received before the close of the comment period on the following
website as soon as possible after they have been received: <a href="http://www.regulations.gov">http://www.regulations.gov</a>. Follow the search instructions on that website to
view public comments. CMS will not post on <a href="http://Regulations.gov">Regulations.gov</a> public
comments that make threats to individuals or institutions or suggest
that the individual will take actions to harm the individual. CMS
continues to encourage individuals not to submit duplicative comments.
We will post acceptable comments from multiple unique commenters even
if the content is identical or nearly identical to other comments.
I. Executive Summary
A. Purpose
This rule proposes to adopt a set of standards for the electronic
exchange of clinical and administrative data to support prior
authorizations and health care claims adjudication. In determining the
necessity of a health care service as part of making a coverage
decision, health plans often require additional information that cannot
adequately be conveyed in the specified fields or data elements of the
adopted prior authorization request or health care claims transaction.
If adopted as proposed, this proposed rule would support electronic
transmissions of this type of information, which should have the effect
of decreasing the use of time and resource-consuming manual processes
such as mail or fax often used today to transmit this information. This
would facilitate prior authorization decisions and claims processing,
reduce burden on providers and plans, and result in more timely
delivery of patient health care services.
a. Need for the Regulatory Action
This rule would adopt a set of standards for the electronic
exchange of clinical and administrative data to support prior
authorizations and claims adjudication. Despite widespread deployment
of electronic health records (EHRs), and industry experience with
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
standards that continues to advance since HIPAA's advent, transmitting
health care attachments is still primarily a manual process and, at
this time, there are no adopted HIPAA standards, implementation guides,
or operating rules for health care attachments or electronic
signatures. If adopted, this proposed rule would support electronic
transmissions of this type of information rather than the use of manual
processes such as mail and fax that still predominate in the health
care industry.
We believe that the health care industry has long anticipated the
adoption of a set of HIPAA standards for the electronic exchange of
clinical and administrative data to support electronic health care
transactions, such as prior authorization of services and claims
adjudication, and the standards we are proposing to adopt are an
important step in reducing provider burden.
B. Summary of the Major Provisions
This rule would implement requirements of the Administrative
Simplification subtitle of HIPAA and the Patient Protection and
Affordable Care Act, as amended by the Health Care and Education
Reconciliation Act of 2010, enacted on March 30, 2010--collectively,
the Affordable Care Act. Specifically, this proposed rule would adopt
standards for ``health care attachments'' transactions, which would
support health care claims and prior authorization transactions, and a
standard for electronic signatures to be used in conjunction with
health care attachments transactions. This rule also proposes modifying
the referral certification and authorization transaction standard to
move from the X12 278, Version 5010, to the X12 278, Version 6020.
C. Summary of Costs and Benefits
Based on industry research by the Council for Affordable Quality
[[Page 78439]]
Healthcare (CAQH), the 2019 CAQH report indicates that a fully
electronic system for prior authorization with health care attachments
could result in as much as $454 million in annual savings to the health
care industry. Similar savings can be expected for the industry by
switching to health care attachments for claims. The 2019 CAQH report
further estimates that the industry could expect as much as $374
million in savings per year with the full adoption of health care
attachments for claims. This results in total anticipated industry
savings of $828 million per year for prior authorization and claims.
II. Background
A. Legislative Authority for Administrative Simplification
This background discussion presents a history of statutory
provisions and regulations that are relevant for the purposes of this
proposed rule.
1. Standards Adoption and Modification Under the Administrative
Simplification Provisions of the Health Insurance Portability and
Accountability Act of 1996 (HIPAA)
Congress addressed the need for a consistent framework for
electronic transactions and other administrative simplification issues
in the Health Insurance Portability and Accountability Act of 1996
(HIPAA) (Pub. L. 104-191, enacted on August 21, 1996). Through subtitle
F of title II of HIPAA, Congress added to title XI of the Social
Security Act (the Act) a new Part C, titled ``Administrative
Simplification,'' which required the Secretary of the Department of
Health and Human Services (the Secretary) to adopt standards for
certain transactions to enable health information to be exchanged more
efficiently and to achieve greater uniformity in the transmission of
health information. For purposes of this and later discussion in this
proposed rule, we sometimes refer to this statute as the ``original''
HIPAA provisions.
Section 1172(a) of the Act indicates that any standard adopted
under HIPAA shall apply, in whole or in part, to the following persons,
referred to as ``covered entities'': (1) a health plan; (2) a health
care clearinghouse; and (3) a health care provider who transmits any
health information in electronic form in connection with a [HIPAA
transaction]. Generally, section 1172 of the Act indicates that any
standard adopted under HIPAA is to be developed, adopted, or modified
by a standard setting organization (SSO). In adopting a standard, the
Secretary must rely upon recommendations of the National Committee on
Vital and Health Statistics (NCVHS), in consultation with the
organizations referred to in section 1172(c)(3)(B) of the Act, and
appropriate federal and state agencies and private organizations.
Section 1172(b) of the Act indicates that a standard adopted under
HIPAA must be consistent with the objective of reducing the
administrative costs of providing and paying for health care. The
transaction standards adopted under HIPAA enable financial and
administrative electronic data interchange (EDI) using a common
structure, as opposed to the many varied, often proprietary,
transaction formats on which industry had previously relied and that,
due to lack of uniformity, engendered administrative burden. Section
1173(g)(1) of the Act, which was added by section 1104(b) of the
Affordable Care Act, further addresses the goal of uniformity by
requiring the Secretary to adopt a single set of operating rules for
each transaction during the implementation of the electronic standards.
These operating rules are required to be consensus-based and reflect
the business rules that affect health plans and health care providers
and the manner in which they operate.
Section 1173(a) of the Act indicates that the Secretary must adopt
standards for financial and administrative transactions, and data
elements for those transactions, to enable health information to be
exchanged electronically. The original HIPAA provisions require the
Secretary to adopt standards for the following transactions: health
claims or equivalent encounter information; health claims attachments;
enrollment and disenrollment in a health plan; eligibility for a health
plan; health care payment and remittance advice; health plan premium
payments; first report of injury; health claim status; and referral
certification and authorization. The Affordable Care Act added the
requirement that the Secretary adopt a standard for electronic funds
transfers. Additionally, section 1173(a)(1)(B) of the Act requires the
Secretary to adopt standards for any other financial and administrative
transactions the Secretary determines appropriate.
Section 1173(c) through (f) of the Act indicates the Secretary must
adopt standards for code sets for appropriate data elements for each
listed health care transaction; security standards for health care
information; standards for electronic signatures in coordination with
the Secretary of Commerce, compliance with which will be deemed to
satisfy both state and federal statutory requirements for written
signatures for the listed transactions; and standards for the
transmission of appropriate standard data elements needed for the
coordination of benefits, sequential processing of claims, and other
data elements for individuals who have more than one health plan.
Section 1174 of the Act requires the Secretary to review the
adopted standards and adopt modifications to them, which include
additions to the standards, as appropriate, but not more frequently
than once every 12 months. Section 1174(b)(2)(B)(ii) of the Act
requires that modifications must be completed in a manner that
minimizes disruption and cost of compliance.
Section 1175 of the Act prohibits health plans from refusing to
conduct a transaction as a standard transaction.\1\ It also prohibits
health plans from delaying the transaction, or adversely affecting or
attempting to adversely affect, a person or the transaction itself on
the ground that the transaction is in standard format. It establishes a
timetable for covered entities to comply with any standard,
implementation specification, or modification as follows: for an
initial standard or implementation specification, no later than 24
months (or 36 months for small health plans) following its adoption;
for modifications, as the Secretary determines appropriate, but no
earlier than 180 days after the modification is adopted.
---------------------------------------------------------------------------
\1\ Defined at 45 CFR 162.103.
---------------------------------------------------------------------------
Sections 1176 and 1177 of the Act establish civil money penalties
(CMPs) and criminal penalties to which covered entities may be subject
for violations of HIPAA Administrative Simplification rules. HHS
administers the CMPs under section 1176 of the Act and the U.S.
Department of Justice administers the criminal penalties under section
1177 of the Act. Section 1176(b) of the Act sets out limitations on the
Secretary's authority and provides the Secretary certain discretion
with respect to imposing CMPs. For example, this section provides that
no CMPs may be imposed with respect to an act if a penalty has been
imposed under section 1177 of the Act with respect to such act. This
section also generally precludes the Secretary from imposing a CMP for
a violation corrected during the 30-day period beginning when an
individual knew or, by exercising reasonable diligence, would have
known that the failure to comply occurred.
The original HIPAA provisions are discussed in greater detail in
the August 17, 2000 final rule titled ``Health
[[Page 78440]]
Insurance Reform: Standards for Electronic Transactions'' final rule
(65 FR 50312, hereinafter referred to as the Transactions and Code Sets
final rule), and the December 28, 2000, final rule titled ``Standards
for Privacy of Individually Identifiable Health Information'' (65 FR
82462). We refer the reader to those documents for further information.
2. Amendments to HIPAA Administrative Simplification by the Affordable
Care Act
Section 1104(c)(3) of the Affordable Care Act reiterated the
original HIPAA requirement to adopt a health claims attachment
standard, and directed the Secretary to promulgate a final rule to
establish a transaction standard and a single set of associated
operating rules. Section 1104(c)(3) of the Affordable Care Act requires
that the adopted standard be ``consistent with the X12 Version 5010
transaction standards'' and indicates that the Secretary must adopt the
standard and operating rules by January 1, 2014, to be effective no
later than January 1, 2016, and that the Secretary may adopt the
standard and operating rules on an interim final basis. This provision
makes no allowance for an extended time for small health plans to
achieve compliance.
B. Prior Rulemaking
In the Transactions and Code Sets final rule, we implemented some
of the HIPAA Administrative Simplification requirements by adopting
standards for electronic health care transactions developed by SSOs,
and medical code sets to be used in those transactions. We adopted X12
Version 4010 standards for administrative transactions, and the
National Council for Prescription Drug Programs (NCPDP)
Telecommunication Version 5.1 standard for retail pharmacy
transactions, which were specified at 45 CFR part 162, subparts K
through R.
Since then, we have adopted a number of modifications to the HIPAA
standards, most recently in a January 16, 2009 final rule (74 FR 3296)
titled ``Health Insurance Reform; Modifications to the Health Insurance
Portability and Accountability Act (HIPAA) Electronic Transaction
Standards'' (hereinafter referred to as the Modifications final rule).
That rule, among other things, adopted updated versions of the
standards, X12 Version 5010, and the NCPDP Telecommunication Standard
Implementation Guide Version D.0 and equivalent Batch Standard
Implementation Guide, Version 1, Release 2. We also adopted the NCPDP
Implementation Guide for Batch Standard Version 3.0 standard for the
Medicaid pharmacy subrogation transaction. Covered entities were
required to comply with the Version 5010, Version D.0, and Version 3.0
standards on January 1, 2012, though with respect to the latter, small
health plans were required to comply on January 1, 2013.
In the September 23, 2005 Federal Register (70 FR 55990), in a rule
titled ``HIPAA Administrative Simplification: Standards for Electronic
Health Care Claims Attachments; Proposed Rule,'' we proposed to adopt
certain standards with respect to health care attachments. In that
rule, rather than a standard with generalized applicability, we
proposed to adopt health care claims attachment standards with respect
to specific service areas that included ambulance services, clinical
reports, emergency department, laboratory results, medications, and
rehabilitation services. Due, however, to comments we received on our
proposals, including comments related to the standards' lack of
technical maturity and stakeholders' lack of readiness to implement
electronic capture of clinical data, we did not finalize that rule. As
a result, and despite the subsequent widespread deployment of
electronic health records (EHRs) and greater industry experience with
the HIPAA standards, transmitting health care attachments is still
primarily a manual process and, at this time there are no adopted HIPAA
standards, implementation guides, or operating rules for health care
attachments or electronic signatures. Other specific details of prior
rulemaking are discussed as appropriate in the context of the proposals
in section II. of this proposed rule.
C. Standards and Code Sets Organizations
In this section, we discuss information about the organizations
responsible for developing and maintaining the transaction standards
and code sets that we are either proposing or discussing in this
proposed rule. Information about each organization's balloting
process--the process by which they vet and approve the products they
develop and changes thereto--is available on their respective websites,
links to which are provided in this section of this rule.
As we have discussed, the law requires any standard adopted under
HIPAA to be developed, adopted, or modified by an SSO. Section 1171 of
the Act provides that an SSO is an organization accredited by the
American National Standards Institute (ANSI) that develops standards
for information transactions, data elements, or any standard that is
necessary to, or will facilitate the implementation of, Administrative
Simplification. Per section 1172(c)(3) of the Act, a HIPAA SSO must
develop, adopt, and modify standards in consultation with certain
organizations--the National Uniform Billing Committee (NUBC), the
National Uniform Claim Committee (NUCC), the Workgroup for Electronic
Data Interchange (WEDI), and the American Dental Association (ADA). The
two SSOs applicable to this proposed rule are the Accredited Standards
Committee X12 (X12) and Health Level Seven International (HL7). Both
SSOs maintain websites where the proposed implementation specifications
may be obtained. One other organization, which is a health research
institution and not an SSO, maintains a code set that is important to
this rulemaking--the Regenstrief Institute, maintains a code set named
Logical Observation Identifiers Names and Codes (LOINC).
1. X12 (<a href="http://www.x12.org/">http://www.x12.org/</a>)
X12 develops and maintains standards for the electronic exchange of
business-to-business transactions. An ANSI-accredited organization, X12
membership is open to all individuals and organizations. An X12
subcommittee known as Subcommittee N: Insurance (X12N) develops and
maintains electronic standards specific to the insurance industry,
including health care insurance. The subcommittee, which is comprised
of volunteers, develops standards for electronic health care
transactions for common administrative activities including: claims,
remittance advice, claims status, enrollment, eligibility,
authorizations and referrals, and electronic health care claims
attachments. The X12N subcommittee is responsible for obtaining
consensus on the standards from the entire organization, and produces
draft documents that are made available for public review and comment,
which the subcommittee addresses as necessary before voting on any
proposal. Proposals must then be reviewed and ratified by a majority of
the voting members of the X12N subcommittee and the executive committee
of X12 itself.
2. Health Level Seven (HL7) (<a href="http://www.HL7.org">www.HL7.org</a>)
HL7 is an ANSI-accredited SSO that develops and maintains standards
for the exchange, integration, sharing, and retrieval of electronic
health information that supports clinical practice and the management,
delivery and evaluation of health services. Its
[[Page 78441]]
domain is principally clinical data and its specific emphasis is on the
interoperability between health care information systems. HL7, whose
membership is open to all individuals and organizations, focuses its
interface requirements on the entire health care organization rather
than on a particular subset of the health care industry.
HL7 conducts a three-step process to establish standards. First, a
technical committee develops standards through a voting process. All
HL7 members are eligible to vote on standards, regardless of whether
they are members of the committee that developed the standard. Non-
members may also vote on a given ballot for a standard, though they
must pay an administrative fee (that does not exceed the cost
associated with an individual HL7 membership) associated with handling
and processing. Second, HL7 technical committees vote on
``recommendations,'' which require a two-thirds majority for approval.
Third, any recommended standards are submitted to the entire HL7 body
for approval and, if approved, are submitted to ANSI for certification.
3. Regenstrief Institute (<a href="http://LOINC.org">LOINC.org</a>)
Regenstrief Institute (Regenstrief) is a health research
institution that develops and maintains a proprietary code set, Logical
Observation Identifiers Names and Codes (LOINC). LOINC is the code
system, terminology, and vocabulary for identifying individual clinical
results and other clinical information. Regenstrief worked closely with
the HL7 Payer/Provider Information Exchange Workgroup, formerly known
as the Attachments Work Group, to develop a set of LOINC codes to
uniquely indicate the type and content of attachment information in
electronic transmissions. Regenstrief maintains LOINC through its LOINC
Committee, which is comprised of volunteer representatives from
academia, industry, and government who serve as subject matter experts
in their domains of expertise. That committee establishes overall
naming conventions and policies for the development process.
D. Industry Standards, Code Sets, and Implementation Guides
1. Electronic Data Interchange (EDI) and Transaction Standards
HIPAA transactions involve the electronic transmission of
information between two parties to carry out health care-related
financial or administrative activities, such as health insurance claims
submissions and prior authorization requests, and HHS-adopted standards
for those transactions represent uniform requirements for EDI of those
transmissions.
The benefit of HIPAA standards is that they use a common
interchange structure, eliminating covered entities' need to have
information technology (IT) systems that accommodate multiple
proprietary, and potentially continually changing, data formats. By
enabling covered entities to exchange medical, billing, and other
information to process transactions in a more expedient and cost-
effective manner by reducing handling and processing time and
eliminating the risk of lost paper documents, HIPAA standards can
reduce administrative burdens, lower operating costs, and improve
overall data quality.
HIPAA transaction standards specify: (1) data interchange
structures (message transmission formats); and (2) data content (all
the data elements and code sets inherent to a transaction, and not
related to the format of the transaction). Implementation
specifications detail the nature, location, and content format of each
piece of information transmitted in a transaction. Standardization of
transactions also involves: specification of the data elements that are
exchanged; uniform definitions of those specific data elements in each
type of electronic transaction; identification of the specific codes or
values that are valid for each data element; and specification of the
business actions each party must take to ensure the exchange of
administrative transactions occurs smoothly and reliably, regardless of
the technology employed.
a. Implementation Guides--X12
As discussed previously, X12 develops and maintains standards for
the electronic exchange of business-to-business transactions. The X12N
subcommittee (X12N) publishes transmission standards that apply to many
lines of business, not just health care. For example, the X12N 820
message format for premium payment may be used for automobile and
casualty insurance, not just health insurance. X12 implementation
specifications, referred to by the industry as ``implementation
guides'' and written collaboratively by X12N workgroups, make these
general standards functional for industry-specific uses. The
specifications are based on X12 standards but contain detailed
instructions for using the standard to meet a specific business need.
X12's implementation specifications for HIPAA transaction standards
adopted by the Secretary are known as ``Technical Reports Type 3''
(TR3); an example is the X12 standard adopted as the HIPAA standard for
the health plan premium payments transaction, the ASC X12 Standards for
Electronic Data Interchange Technical Report Type 3--Payroll Deducted
and Other Group Premium Payment for Insurance Products (820), February
2007, ASC X12N/005010X218).
Each X12N implementation guide has a unique version identification
number (for example, 004010, 004050, or 005010), where the highest
version number represents the most recent version. HHS adopted updated
versions of the X12 standards in the Modifications final rule (74 FR
3296). We are proposing to adopt a Version 6020 standard for one of the
HIPAA transactions, the rationale for which we discuss in section II.
of this proposed rule.
b. Implementation Guides--HL7
HL7's Payer/Provider Information Exchange Workgroup develops
standards for electronic health care attachments. The workgroup, which
includes industry experts representing health care providers, health
plans, and health technology vendors, is also responsible for creating
and maintaining the implementation guides, which are sets of
instructions and associated code tables that describe, list, or itemize
the content, format, and code to be sent, and specify how such
information is to be conveyed in an electronic health care attachment.
An HL7 standard that we are proposing to adopt in this proposed
rule is the Clinical Document Architecture (CDA), which is an XML-based
(a computer programming language) markup standard that specifies the
encoding, structure, and semantics of clinical documents for purposes
of transmitting attachment information. XML-coded files have the same
characteristics and information as hard copy documents, so regardless
of how data are sent within a transaction, they can be read and
processed by both people and machines. Some health care attachments may
not be conducive to XML formatting, such as medical imaging, video, or
audio files. An important CDA feature is that it allows the entire body
of an electronic document to be replaced by an image, for example, a
scanned copy of a page or pages from a medical record. Although a
header still supports automated document management, the clinical
content can be conveyed by image or text document.
HL7 also produces the Consolidated CDA (C-CDA), an implementation
guide that provides specifications for formatting document templates,
[[Page 78442]]
depending on whether they are structured or unstructured, enabling the
CDA to create numerous specific document types (templates). The HL7 C-
CDA implementation guide document templates are designed to be
electronic versions of the most common types of paper document
attachment information. Attachment information not included in a
template may be created by using instructions included in the proposed
unstructured document implementation guide; supported unstructured
formats include MSWORD, PDF, Plain Text, RTF Text, HTML Text, GIF
Image, TIF Image, JPEG Image, and PNG Image.
2. Code Sets
Transaction data content standardization involves identifying the
specific codes or values for each data element. Health care EDI
requires many types of code sets, including large medical data code
sets and classification systems for medical diagnoses, procedures, and
drugs, and smaller code sets to identify categories, such as type of
facility, currency, or units, or a specific state within the United
States. The American Medical Association's (AMA) Current Procedural
Terminology (CPT-4), which identifies physician procedures, is an
example of a health care code set. Federal agencies (the National
Center for Health Statistics, the Centers for Medicare & Medicaid
Services (CMS), and the U.S. Food and Drug Administration) and some
private organizations (the AMA and the American Dental Association)
have developed and maintain standards for large medical data code sets.
These code sets are mandated for use in some federal and state
programs, such as Medicare and Medicaid, and SSOs require or permit
them for use in their standards. As we explain in section II. of this
proposed rule, the X12 and HL7 standards we are proposing to adopt
specify the use of the LOINC for HIPAA Attachments code set.
3. Implementation Guides as HIPAA Standards
Section 1172(d) of the Act directs the Secretary to establish
specifications for implementing each of the adopted standards. As we
explained previously, SSOs have developed various ``Implementation
Guides'' by which to implement the same standards for different
business purposes. We are proposing an approach we have taken with
previous HIPAA rules that adopted a specific ``Implementation Guide''
as both the ``standard'' and the ``implementation specifications'' for
each health care transaction.
In pursuing this approach, we were mindful that section 1104(c)(3)
of the Affordable Care Act requires that the Secretary promulgate a
final rule to establish a transaction standard and a single set of
operating rules for health care attachments that is ``consistent with
the X12 Version 5010 transaction standards.'' We interpret this
requirement to mean that the proposed health care attachment
implementation specifications must be compatible with X12 standards
generally, meaning any standard we adopt for attachment information can
be electronically transmitted by an X12 transmission standard in the
same transaction. In this rule, we are proposing to adopt Version 6020
of the X12 standards. The Affordable Care Act was enacted in 2010, at
which time we had recently adopted Version 5010 of the X12 standards. A
decade later, and with X12 continuing to publish newer versions of its
standards, we interpret the Affordable Care Act's mandate as
referencing the then-current standards (the X12 Version 5010), but the
Affordable Care Act did not specifically require a static standard in
perpetuity, as that would be incongruent with the HIPAA standards
paradigm.
In section II. of this proposed rule, we are proposing to adopt
transaction standards that can be used together in a single electronic
transmission. HL7 has noted that an extensive architecture already
exists for information exchange based on the HIPAA transactions and
code sets, which architecture is currently being used by the same
stakeholders who would use the health care attachments transactions, so
adoption of this architecture using X12 standards could have the least
impact on covered entities.\2\
---------------------------------------------------------------------------
\2\ Transcript of NCVHS Subcommittee on Standards Hearing on
Electronic Attachments Standards and Operating Rules, February 27,
2013: <a href="https://ncvhs.hhs.gov/transcripts-minutes/transcript-of-the-february-27-2013-ncvhs-subcommittee-on-standards-hearing/">https://ncvhs.hhs.gov/transcripts-minutes/transcript-of-the-february-27-2013-ncvhs-subcommittee-on-standards-hearing/</a>.
---------------------------------------------------------------------------
Independent of that concept, we are also aware that there are other
types of standards being developed and piloted by SSOs. We solicit
comment on this discussion and any alternative implementation
specifications that may be considered consistent with X12 Version 5010.
E. NCVHS Recommendations to the Secretary
The NCVHS (<a href="https://ncvhs.hhs.gov/">https://ncvhs.hhs.gov/</a>) is a statutory advisory
committee responsible for providing HHS with recommendations on health
information policy and standards. It does so by, among other things,
convening regular forums for interaction with industry groups on key
issues related to population health, standards, privacy and
confidentiality, and data access and use. Pursuant to HIPAA, the NCVHS
advises HHS on the adoption of standards, implementation
specifications, code sets, identifiers, and operating rules for HIPAA
transactions.
The NCVHS has held a number of hearings, and made several sets of
recommendations to the Secretary (see <a href="https://ncvhs.hhs.gov/reports/recommendation-letters/">https://ncvhs.hhs.gov/reports/recommendation-letters/</a>) on claims attachments standards; we briefly
summarize them here. The NCVHS Standards Subcommittee held a November
17, 2011 hearing on health claims attachments to gather information
regarding updated industry practices, priorities, issues, and
challenges. Participant testimony addressed the development status of
standards and implementation specifications. Some organizations
testified regarding their interest in serving as attachments operating
rules authoring entities. By letter to HHS dated March 2, 2012, the
Subcommittee told HHS it was premature to make formal recommendations
regarding the adoption of any standard, implementation specification,
or operating rule associated with health care attachments. On May 5,
2012, the NCVHS recommended that the Council for Affordable Quality
Healthcare Committee (CAQH), a non-profit entity whose mission is to
improve the efficiency, accuracy and effectiveness of industry-driven
business transactions, be designated as the operating rules authoring
entity.
CAQH established the Committee on Operating Rules for Information
Exchange (CAQH CORE), an industry-wide collaboration committed to the
development and adoption of health care operating rules for
administrative transactions. CAQH CORE facilitates the adoption of
health care operating rules that support standards, improve
interoperability, and align administrative and clinical activities with
market needs.
The Subcommittee held a second hearing on attachments on February
27, 2013, where it identified a trend toward convergence of
administrative and clinical information. In a June 21, 2013 letter, the
NCVHS recommended that, by January 1, 2016 (the date by which the
Affordable Care Act required claims attachment standards to be
effective), HHS adopt a number of initial attachments-related
transaction standards, but advised HHS to take a comprehensive and
incremental approach to considering attachment
[[Page 78443]]
standards in order to promote innovation and flexibility. The NCVHS
noted an industry consensus that adoption of standards should not be
limited to ``claim attachments,'' but, rather, should be more inclusive
of any kind of attachment with administrative or clinical information,
and it recommended that attachments-related transaction standards
should be applied to claims, eligibility, prior authorization,
referrals, care management, post-payment audits, and any other
administrative processes for which supplemental information is needed.
Among other recommendations, the NCVHS advised HHS that attachment
standards should support structured and unstructured data, and both
solicited and unsolicited transmissions. It further advised that
attachments standards should be defined for two types of transactions:
(1) Query (the electronic solicitation of an attachment); and (2)
Response (the electronic transmission of an attachment).
The NCVHS held another hearing on health care attachments on
February 15, 2016, and on July 5, 2016 sent the Secretary a letter
titled ``Recommendations for the Electronic Health Care Attachment
Standard.'' This letter consolidated its previous recommendations on
attachments and advised that updated versions of the available
standards were ready for industry use and there was unanimous testimony
that the health care industry was eager to see them adopted.
Considering both the length of time that had elapsed since the previous
proposed rule was published and the subsequent technology advances, the
NCVHS recommended that HHS publish an expedited proposed rule adopting
the recommended standards.
Finally, and most recently, on March 30, 2022, the NCVHS sent to
the Secretary a letter titled ``Recommendations to Modernize Aspects of
HIPAA and Other HIT Standards to Improve Patient Care and Achieve
Burden Reduction.'' This letter continued to stress previous
recommendations that urged the Secretary to adopt a standard for
electronic attachments as soon as possible. The recommendation letter
also states the following:
We recognize that there is ongoing debate and no definitive
industry consensus about the role of attachments (i.e., documents)
as opposed to data (i.e., a string of data elements not structured
within a document). While the vision with APIs [(Application
Programming Interfaces)] based on FHIR[supreg] [(Fast Healthcare
Interoperability Resources)] seems to be driving toward more of a
data-driven transaction, we see more than sufficient industry demand
for a document-based attachment standard, and we do not foresee any
imminent demise of the utility of digital documents. We suggest
short-term publication of an attachment rule, with consideration for
emerging standards based on recent input from industry and other
advisory group discussions. This could add immediate value for
industry and could support future actions as HIPAA's procedural
requirements may be updated to allow for non-document type digital
attachment data.\3\
---------------------------------------------------------------------------
\3\ ``Recommendations to Modernize Aspects of HIPAA and Other
HIT Standards to Improve Patient Care and Achieve Burden
Reduction,'' available at <a href="https://ncvhs.hhs.gov/wp-content/uploads/2022/04/Recommendation-Letter-HIT-Standards-Modernization-to-Improve-Patient-Care-March-30-2022.pdf">https://ncvhs.hhs.gov/wp-content/uploads/2022/04/Recommendation-Letter-HIT-Standards-Modernization-to-Improve-Patient-Care-March-30-2022.pdf</a> (March 2022)
Based on the NCVHS's previous recommendations to the Secretary, and
particularly in consideration of its most recent March 30, 2022
recommendation, we propose here a document-based attachments standard.
We acknowledge that there is a growing base of evidence that may, in
the future, support our proposing attachment standards relying on other
technologies such as FHIR[supreg], and we will continue to monitor and
evaluate emerging technologies for their readiness to potentially
propose in future rulemaking.
F. Other Industry Recommendations
1. Consensus-Based Organization Support
Industry consensus-based organizations have demonstrated the
maturity of the NCVHS-recommended standards to support health care
business needs and described the opportunities inherent in the adoption
of health care attachments standards to integrate administrative and
clinical data, such as in automating and streamlining workflows that,
today, are primarily manual processes and sources of significant
administrative burden.
WEDI (<a href="https://www.wedi.org/">https://www.wedi.org/</a>) is a public-private coalition formed
by HHS in 1991 to serve as an advisory body on the use of health IT
aimed at health care information exchange. WEDI, which section
1172(c)(3) of the Act identifies as an entity required to be consulted
with respect to standards adoption, published a November 2017 white
paper, in concert with X12 and HL7.\4\ That white paper, described by
WEDI as ``a single resource document for implementers to use to help
them get started in their implementation planning for the request and
receipt of electronic attachments,'' details the business and
operational processes of exchanging additional information
(attachments) using the HL7 standards for clinical information and the
X12 transaction sets for requesting and transmitting the additional
information. Its contents, which we have taken into account in this
proposed rule, include all of the following:
---------------------------------------------------------------------------
\4\ ``Guidance on Implementation of Standard Electronic
Attachments for Healthcare Transactions,'' available at <a href="https://www.wedi.org/2017/11/17/guidance-on-implementation-of-standard-electronic-attachments-for-healthcare-transactions/">https://www.wedi.org/2017/11/17/guidance-on-implementation-of-standard-electronic-attachments-for-healthcare-transactions/</a> (November 2017).
---------------------------------------------------------------------------
<bullet> An overview of attachments.
<bullet> A discussion of resources needed to have a successful
implementation of attachments standards.
<bullet> A review of current processes for requesting and
responding to the need for attachment information.
<bullet> Examples of implementation approaches in the industry.
<bullet> A review of Electronic Attachment Business flows for
Claims, Prior Authorizations and Notification.
<bullet> Business use cases and examples.
<bullet> Guidance on how to embed additional information within the
applicable X12N transaction.
In May 2019, CAQH CORE issued a document titled ``Report on
Attachments: A Bridge to a Fully Automated Future to Share Medical
Documentation,'' \5\ where it reported evidence from its 2018
environmental scan indicating a high degree of industry readiness and
interest in the attachments standard. The report noted that ``the
healthcare industry continues to wait for an electronic attachments
standard that can simplify the exchange of necessary medical
information and supplemental documentation'' and that ``health plans,
providers and vendors lack the direction needed to support broad use of
automation in the attachment workflow, or for industry to coalesce
around the use of even a small number of electronic solutions,''
leading to largely manual, and often paper-based, processes, and
ultimately underscoring the need to standardize electronic attachment
exchange methods.
---------------------------------------------------------------------------
\5\ ``CAQH CORE Report on Attachments: A Bridge to a Fully
Automated Future to Share Medical Documentation,'' available at
<a href="https://www.caqh.org/sites/default/files/core/core-attachments-environmental-scan-report.pdf">https://www.caqh.org/sites/default/files/core/core-attachments-environmental-scan-report.pdf</a> (April 23, 2021).
---------------------------------------------------------------------------
Shortly after, in July 2019, CAQH CORE released another report
titled ``Moving Forward: Building Momentum for End-to-End Automation of
the Prior Authorization Process.'' \6\ There, CAQH CORE reported how,
for even the HHS-adopted prior authorization transaction standards,
health care industry uptake
[[Page 78444]]
lagged that of other transaction standards, and remained largely paper-
based, due in large measure to a lack of infrastructure supporting
electronic transmission of attachments that frequently serve as
necessary supporting documentation in the prior authorization
transaction.
---------------------------------------------------------------------------
\6\ ``Moving Forward: Building Momentum for End-to-End
Automation of the Prior Authorization Process,'' available at
<a href="https://www.caqh.org/sites/default/files/core/white-paper/CAQH-CORE-Automating-Prior-Authorization.pdf">https://www.caqh.org/sites/default/files/core/white-paper/CAQH-CORE-Automating-Prior-Authorization.pdf</a> (April 23, 2021).
---------------------------------------------------------------------------
2. Other Recent Public Comment Support
On June 11, 2019, CMS published a request for information (RFI) in
the Federal Register titled ``Reducing Administrative Burden To Put
Patients Over Paperwork'' (84 FR 27070). Particularly with respect to
prior authorization, that RFI solicited public comment on ideas for
regulatory, subregulatory, policy, practice, and procedural changes to
reduce unnecessary administrative burdens for clinicians, providers,
patients, and their families, with an aim to improve quality of care,
lower costs, improve program integrity, and make the health care system
more effective, simple, and accessible. To be clear, the RFI did not
relate to, and was not for the purpose of, soliciting comments on HHS's
efforts pertaining to HIPAA Administrative Simplification, but,
nevertheless, many commenters, including organizations representing
physician provider groups, insurance payers, health technology vendors,
health care financial managers, and HIT standard advisory bodies,
called for the release of an electronic attachments proposed rule to be
accelerated, as well as guidance on other standards such as electronic
signature protocols to achieve these goals. These commenters indicated
that a HIPAA attachments transaction standard regulation could help
reduce administrative burden in many clinical and administrative
situations where documents need to be shared, and relieve providers of
current burdensome, largely paper-based, processes.
In preparation for its August 25, 2020 Standards Committee Meeting,
the NCVHS invited the public to provide feedback on the CAQH CORE
operating rules for prior authorization transactions.\7\ Commenters
expressed their support for an attachments transaction standard
regulation. In addition, commenters provided input on current standards
development efforts underway to address prior authorization challenges,
including recommendations for the Secretary to explore or allow the use
of other standards or alternative approaches.
---------------------------------------------------------------------------
\7\ <a href="https://ncvhs.hhs.gov/wp-content/uploads/2020/10/Public-Comments-CAQH-CORE-Operating-Rules-for-Federal-Adoption-August-2020r.pdf">https://ncvhs.hhs.gov/wp-content/uploads/2020/10/Public-Comments-CAQH-CORE-Operating-Rules-for-Federal-Adoption-August-2020r.pdf</a>
---------------------------------------------------------------------------
We solicit comments on other standards or alternative approaches in
development, for example the use of FHIR Clinical Data Exchange (CDex)
as discussed in an NCVHS recommendation letter,\8\ including how they
may be considered ``consistent with the X12 Version 5010 transaction
standards.''
---------------------------------------------------------------------------
\8\ <a href="https://ncvhs.hhs.gov/wp-content/uploads/2022/04/Recommendation-Letter-HIT-Standards-Modernization-to-Improve-Patient-Care-March-30-2022.pdf">https://ncvhs.hhs.gov/wp-content/uploads/2022/04/Recommendation-Letter-HIT-Standards-Modernization-to-Improve-Patient-Care-March-30-2022.pdf</a>.
---------------------------------------------------------------------------
III. Provisions of the Proposed Rule
A. Overview
This rule proposes to adopt new standards and modify a currently
adopted standard which we believe would meet a health care business
need to integrate administrative and clinical data. These proposed
actions would facilitate streamlined prior authorization processes that
would help minimize clinical response times, reduce potential barriers
to the transition to value-based payments, and significantly reduce
administrative burden on provider and health plan organizations.\9\
Consistent with NCVHS recommendations and collaborative industry
organizations and stakeholders' input, we believe these industry
consensus-based standards are sufficiently mature for adoption and that
covered entities are ready to implement them.
---------------------------------------------------------------------------
\9\ CAQH CORE Report on Attachments: ``A Bridge to a Fully
Automated Future to Share Medical Documentation'', CAQH CORE, May 9,
2019: <a href="https://www.caqh.org/about/press-release/caqh-core-study-reveals-five-opportunities-increase-electronic-exchange-medical">https://www.caqh.org/about/press-release/caqh-core-study-reveals-five-opportunities-increase-electronic-exchange-medical</a>.
---------------------------------------------------------------------------
Nearly every health plan has various requirements for health care
providers to sometimes submit additional information beyond that
contained in a HIPAA transaction. These requirements may be
communicated to providers via contracts, manuals, or online databases
of payment rules. This additional information may enable a health plan
to make an administrative decision regarding whether a particular
service is ''covered,'' or about the medical necessity of a service a
provider has rendered or intends to render, or for other purposes. The
information a health plan requires may, for example, include medical
documentation to support health care claims payment, referral
authorizations, enrollee eligibility inquiries, coordination of
benefits, workers' compensation claims, post-payment claims auditing,
and provider dispute resolution.\10\
---------------------------------------------------------------------------
\10\ Letter from NCVHS to the Secretary of HHS, March 2, 2012:
<a href="https://ncvhs.hhs.gov/wp-content/uploads/2014/05/120302lt1.pdf">https://ncvhs.hhs.gov/wp-content/uploads/2014/05/120302lt1.pdf</a>.
---------------------------------------------------------------------------
A health care provider may transmit attachment information either
in response to a health plan's specific request for the information
(solicited), or, in certain situations, in the absence of a specific
request (unsolicited). A ``solicited'' attachment transmission occurs
where a health care provider transmits an attachment pursuant to a
health plan's specific electronic request for attachment information.
Conversely, a health care provider's transmitting to a health plan
electronic attachment in the absence of a health plan's specific
electronic request is known as an ``unsolicited'' transmission, and
usually occurs pursuant to pre-established requirements for attachment
information set forth in trading partner agreements or other guidance
that specifies when additional information must be submitted to support
certain diagnoses, items, services, or medications.
Although providers may transmit this additional information
electronically via an attachment to a transaction, currently providers
frequently transmit via manual processes that often involve paper mail,
fax, and phone because there are no adopted HIPAA standards for health
care attachments.
We are proposing standards herein to address these issues; in doing
so, we need to define the term ``attachment information.''
B. Proposed Definition of Attachment Information
We propose to define ``attachment information'' at Sec. 162.103 as
documentation that enables the health plan to make a decision about
health care that is not included in either of the following:
<bullet> A health care claims or equivalent encounter information
transaction, as described in Sec. 162.1101.
<bullet> A referral certification and authorization transaction, as
described in Sec. 162.1301(a) and the portion of Sec. 162.1301(c)
that pertains to authorization.
We use the term ``attachment information'' in our proposed
definition of the health care attachments transaction at Sec. 162.2001
to specify the information transmitted by a health care provider or
requested by a health plan. We are proposing to separately define
``attachment information'' to prevent the transaction definition at
Sec. 162.2001 from becoming too unwieldy.
[[Page 78445]]
The NCVHS recommended defining attachments as ``any supplemental
documentation needed about a patient(s) to support a specific health
care-related event (such as a claim, prior authorization, or referral)
using a standardized format,'' and we have incorporated key aspects of
their recommendation into our proposed definition of attachment
information.\11\ We have attempted to ensure that our proposed
definition is broad and general enough to include all possible patient-
related information that could be generated with respect to health care
services, and have done this in several ways.
---------------------------------------------------------------------------
\11\ NCVHS Letter to the Secretary of HHS on Recommendations for
the Electronic Health Care Attachment Standard, July 5, 2016:
<a href="https://ncvhs.hhs.gov/wp-content/uploads/2018/03/2016-Ltr-Attachments-July-1-Final-Chair-CLEAN-for-Submission-Publication.pdf">https://ncvhs.hhs.gov/wp-content/uploads/2018/03/2016-Ltr-Attachments-July-1-Final-Chair-CLEAN-for-Submission-Publication.pdf</a>.
---------------------------------------------------------------------------
Documentation: First, we believe the word ``documentation,'' which
the NCVHS recommended and that we include in our proposed definition,
is adequately broad to indicate the wide scope of information the
definition should cover.
Supplemental: Second, the NCVHS recommended the definition specify
that the documentation be ``supplemental.'' In and of themselves, the
health care claims and prior authorizations transactions, which the
proposed health care attachments transactions would support, do not
provide the documentation that would be furnished by a health care
attachments transaction. To express that the documentation would be
supplemental, our proposed definition indicates that we are referring
to documentation ``that is not included'' in a health care claims
transaction or prior authorization transaction, and we include specific
references to the regulatory provisions defining the health care claims
and prior authorization transactions. Should we propose to adopt health
care attachments transaction standards to support additional
transactions, we would likely propose to broaden our definition of
attachment information to include regulatory references to them.
Needed: Third, the NCVHS recommended that the definition specify
the supplemental documentation should be ``needed'' by a health plan to
enable it to decide whether to pay a claim or authorize the provision
of health care; our proposed definition accounts for this with the
language ``enables the health plan to make a decision about health
care.''
C. Proposed Code Set, Transaction Definitions, and Standards
We are proposing to adopt certain industry consensus standards
that, when used together, provide the functionality necessary for the
transmission of electronic health care attachment information.\12\ In
this section, we describe proposed new requirements for: (1) a code set
to be used for health care attachments transactions; (2) X12 standards
for requesting and transmitting attachment information and HL7
standards for clinical information content; and (3) electronic
signatures standards.
---------------------------------------------------------------------------
\12\ For additional information about the business and
operational processes involved in the exchange of these standards,
we refer readers to the aforementioned November 2017 WEDI whitepaper
and the HL7 CDA[supreg] R2 Attachment Implementation Guide: Exchange
of C-CDA Based Documents, Release 1 Release 1 (Universal Realm) for
more technical information. Both are available at: <a href="http://www.hl7.org/implement/standards/product_brief.cfm?product_id=464">http://www.hl7.org/implement/standards/product_brief.cfm?product_id=464</a>.
---------------------------------------------------------------------------
1. Code Set (LOINC for HIPAA Attachments)
Health plans and health care providers must have a clear and
unambiguous way to specify attachment information--for example, a
discharge summary, surgical operation note, or cardiovascular disease
consult note--to be transmitted or requested in a health care
attachments transaction.
The LOINC code set was developed for the following three principal
purposes:
<bullet> To identify the specific kind of information that a health
plan electronically requests of a health care provider and a health
care provider electronically transmits to a health plan; for example, a
discharge summary or a diagnostic imaging report.
<bullet> To specify certain optional modifier variables for
attachment information, such as, for example, a time period for which
the attachment information is requested.
<bullet> For structured attachment information, to identify
specific HL7 Implementation Guide: LOINC Document Ontology document
templates.
This rule proposes numerous implementation specifications
containing specific instructions for how to utilize the LOINC for HIPAA
Attachments with respect to those three purposes. Where an
implementation specification requires the use of LOINC, it instructs
users to utilize the codes valid at the time a transaction is
initiated, similar to how other nonmedical data codes sets in HIPAA
implementation specifications are treated. Regenstrief's website
maintains online tools to help users search the LOINC database for
specific LOINC codes or map local terms to LOINC codes (<a href="https://loinc.org/attachments">https://loinc.org/attachments</a>). To improve ease of use, Regenstrief released
and enhanced the search functionality to the SearchLoinc tool (<a href="https://loinc.org/search-app/">https://loinc.org/search-app/</a>). In addition, Regenstrief offers the LOINC
Attachments Knowledge Base (<a href="https://loinc.org/attachments">https://loinc.org/attachments</a>) to help
users better find and utilize LOINC codes and resources such as
mapping. Regenstrief maintains a twice-yearly release cycle, and
covered entities would be expected to utilize the LOINC for Attachments
codes, as specified by the relevant implementation specification. In
our discussion of each implementation specification, we describe in
more detail how each uses LOINC.
2. Electronic Health Care Attachments Transactions
In this section, we propose to adopt standards for requesting and
transmitting attachment information (as we have proposed to define that
term in Sec. 162.103). We are proposing to adopt X12 standards with
respect to the transmission of attachment information and HL7 standards
with respect to the clinical content of attachments. Specifically, as
detailed in the sections that follow, we are proposing to adopt three
X12N Technical Report Type 3 (TR3) implementation specifications for
requesting and transmitting attachment information, and three HL7
implementation guides for the clinical information embedded in those
transactions. While CAQH CORE has developed operating rules for
attachments, the NCVHS has yet to evaluate them and make a
recommendation to the Secretary. Should the NCVHS recommend that the
Secretary adopt those operating rules, we will consider adopting them.
a. Scope of Health Care Attachments Transactions
Section 1173(a) of the Act requires the Secretary to adopt
standards for ``Health claims attachments,'' and section 1104(c)(3) of
the Affordable Care Act reiterated that requirement, directing the
Secretary to promulgate a final rule to adopt a transaction standard
and a single set of associated operating rules. The attachments
standards we are proposing satisfy the requirement to adopt a standard
to support health care claims, but they also support prior
authorization transactions. Hereafter we refer to ``health care
attachments'' to refer to attachments for claims as well as prior
authorization transactions
[[Page 78446]]
instead of ``health claims attachments,'' which only includes the
former.
Historically, the referral certification and authorization
transaction has had among the lowest implementation rates of all the
HIPAA transactions, likely attributable to the fact that we have not
yet adopted standards for attachments. In a 2016 report, the CAQH CORE
Index \13\ noted that the uptake rate for such transactions being
conducted fully electronically was only 18 percent, even 5 years after
the adoption of Version 5010 of the X12 278 standard. The report also
indicated that more than 50 percent of prior authorization transactions
were conducted through proprietary web portals and automated phone
calls as a means to conform to business processes due to the lack of an
adopted health care attachments standard. Four years later, the 2020
CAQH Index reported only limited progress, with the uptake rate having
increased to only 21 percent. As we have discussed, health plans
frequently require attachment information before approving requests for
prior authorization for health care services. Although section
1173(a)(1)(A) of the Act does not specifically require the Secretary to
adopt attachments standards with respect to prior authorization
transactions, section 1173(a)(1)(B) of the Act requires the Secretary
to adopt standards for other appropriate financial and administrative
transactions, consistent with the goals of improving the operation of
the health care system and reducing administrative costs.
---------------------------------------------------------------------------
\13\ CAQH CORE ``2016 CAQH INDEX[supreg] A Report of Healthcare
Industry Adoption of Electronic Business Transactions and Cost
Savings'' <a href="https://www.caqh.org/sites/default/files/explorations/index/2016-caqh-index-report.pdf?token=qV_hI4H5">https://www.caqh.org/sites/default/files/explorations/index/2016-caqh-index-report.pdf?token=qV_hI4H5</a>.
---------------------------------------------------------------------------
However, we are not proposing to adopt attachments standards for
all health care transaction business needs. Not only would it be
challenging to identify standard specifications and appropriate codes
for the full array of different health care attachment types used
today, but we also believe it is important that covered entities should
consider gaining experience with a limited number of standard
electronic attachment types so that technical and business issues can
be identified to inform potential future rulemaking for other
electronic attachments standards.
We request comment on alternative standards and approaches that can
address the challenges described previously.
b. Proposed Definition of the Health Care Attachments Transaction
We are proposing to add a new Subpart T to 45 CFR part 162--Health
Care Attachments. In Subpart T, in new Sec. 162.2001, we are proposing
to specify the electronic health care attachments transaction;
specifically, we are proposing that any of three different types of
transmissions would constitute a health care attachments transaction.
For each type of transmission, we specify the entity type from which
the transaction is being transmitted and to which it is being sent, the
type of information being transmitted, and the purpose for the
transaction. We note that the overarching purpose for all three types
of transactions--to enable a health plan to make a decision about
health care--is incorporated into the definition of attachment
information, while for the two transmission types in Sec. 162.2001(a),
and as discussed later in this section, we further specify the purpose.
We are proposing the following three types of transmissions:
<bullet> In Sec. 162.2001(a)(1) and (a)(2), a health care
attachments transaction is either of two different types of
transmissions, both of which are sent from a health care provider to a
health plan and where the type of information being transmitted in both
is attachment information.
<bullet> In Sec. 162.2001(b), a health care attachments
transaction is one type of transmission that is sent from a health plan
to a health care provider, and where the type of information being
transmitted is a request for attachment information.
The purpose for the transmission described in Sec. 162.2001(a)(1)
is to support a referral certification and authorization transaction,
as described in Sec. 162.1301(a), while the purpose for the
transmission described in Sec. 162.2001(a)(2) is to support a health
care claims or equivalent encounter information transaction, as
described in 162.1101. We are also proposing to make a conforming
change to the definition of ``transaction'' in Sec. 160.103, by
replacing ``(10) Health claims attachments'' with ``(10) Health care
attachments.''
3. Proposed Adoption of Electronic Health Care Attachments Transaction
Standards
As noted earlier, the NCVHS has held a number of hearings and made
several sets of recommendations to the Secretary on attachments
standards.\14\ By letter dated July 5, 2016, the NCVHS consolidated its
earlier recommendations on attachments and advised that updated
versions of the available standards were ready for industry use, noting
that one of the most significant findings from its February 16, 2016
hearing was the general consensus across testifiers about the need for
HHS to adopt the NCVHS-recommended standards.\15\ The NCVHS noted that
it considered a number of criteria and factors in evaluating standards,
particularly whether candidates would meet the goals of administrative
simplification. Among other recommendations, the NCVHS advised that
attachments standards for queries, and both solicited and unsolicited
responses, should support structured and unstructured data. The NCVHS
concluded that its recommended standards meet the industry's business
needs, improve administrative efficiency and reduce administrative
burden, are flexible and agile to meet future technology developments
and health system changes, and are mature, adoptable, and enforceable.
---------------------------------------------------------------------------
\14\ <a href="https://ncvhs.hhs.gov/reports/recommendation-letters/">https://ncvhs.hhs.gov/reports/recommendation-letters/</a>.
\15\ See ``Recommendations for the Electronic Health Care
Attachment Standard,'' <a href="https://ncvhs.hhs.gov/wp-content/uploads/2018/03/2016-Ltr-Attachments-July-1-Final-Chair-CLEAN-for-Submission-Publication.pdf">https://ncvhs.hhs.gov/wp-content/uploads/2018/03/2016-Ltr-Attachments-July-1-Final-Chair-CLEAN-for-Submission-Publication.pdf</a>.
---------------------------------------------------------------------------
The NCVHS noted that its recommended standards represented a
collaboration between X12 and HL7, with X12 providing for existing
provider/payer EDI, and HL7 providing for the CDA. Specifically, the
NCVHS recommended that HHS adopt the following standards for
attachment-related transactions:
<bullet> For requesting attachments, the following standards:
++ For claim-related attachment requests, the ASC X12N 277 Health
Care Claim Request for Additional Information.
++ For non-claim-related attachment requests, the ASC X12N 278
Health Care Service Review--Request for Review and Response--Response.
<bullet> For attachment message content and format in the
transmission of attachment information, the following standards:
++ The HL7 CDA R2--Consolidated CDA Templates for Clinical Notes
R2.1.
++ The HL7 Attachment Supplement Specification Request and Response
Implementation Guide R1.
++ The Attachment Type Value Set: Logical Observation Identifier
Names and Codes (LOINC) developed and maintained by the Regenstrief
Institute, Inc.
[[Page 78447]]
++ The HL7 Implementation Guide for CDA Release 2: Additional CDA
R2 Templates--Clinical Documents for Payers--Set 1.
<bullet> For the routing/envelope of attachment information, the
following standards:
++ The ASC X12N 275 Additional Information to Support a Health Care
Claim or Encounter.
++ The ASC X12N 275 Additional Information to Support a Health Care
Services Review.
The health care attachments standards we are proposing are those
recommended by the NCVHS, and discussed in its July 5, 2016 letter to
the Secretary. Also, as previously discussed, section 1104(c)(3) of the
Affordable Care Act requires that the adopted attachments standard be
``consistent with the X12 Version 5010 transaction standards,'' which
we interpret as requiring that the proposed health care attachment
implementation specifications be compatible with X12 standards
generally, meaning any standard we adopt for attachment information can
be electronically transmitted by an X12 transmission standard in the
same transaction.
While the NCVHS did not recommend specific versions of the X12N
attachments standards, we are proposing to adopt the X12N Versions 6020
for both the X12N 277 standard, that is, the X12N 277--Health Care
Claim Request for Additional Information (006020X313), as well as for
the X12N 278--Health Care Services Request for Review and Response
Version (006020X315) standard for the referral certification and
authorization transaction. We are proposing to adopt Version 6020 of
these standards because they better harmonize with the X12N 275--
Additional Information to Support a Health Care Claim or Encounter
Version (006020X314) and the X12N 275--Additional Information to
Support a Health Care Services Review Version (006020X316) standards we
are proposing to adopt for a provider to transmit attachment
information.
Although it may be possible to use different versions of the
standards for health plan requests for, and provider transmissions of,
attachment information, X12 recommended to the NCVHS that all parties
to those transactions use Version 6020 of the standards as they are
most compatible with each other.\16\
---------------------------------------------------------------------------
\16\ Transcript of NCVHS Subcommittee on Standards Hearing on
Electronic Attachments Standards and Operating Rules, February 27,
2013: <a href="https://ncvhs.hhs.gov/transcripts-minutes/transcript-of-the-february-27-2013-ncvhs-subcommittee-on-standards-hearing/">https://ncvhs.hhs.gov/transcripts-minutes/transcript-of-the-february-27-2013-ncvhs-subcommittee-on-standards-hearing/</a>.
---------------------------------------------------------------------------
a. Proposed Adoption of X12N Standards for Health Care Attachments
Transactions
(1) Proposed Adoption of Standards for Request From a Health Plan to a
Health Care Provider for Attachment Information
(a) X12N 277--Health Care Claim Request for Additional Information
(006020X313)
At Sec. 162.2002(e)(1), we propose to adopt the X12N 277--Health
Care Claim Request for Additional Information (006020X313) as the
standard a health plan must use to electronically request attachment
information from a health care provider to support a health care claim.
We also propose to incorporate the same by reference in Sec. 162.920.
The X12N 277 contains two noteworthy fields, which we discuss
sequentially. The first is the health plan assigned claim control
number, which allows for document reassociation. A health plan assigns
a claim control number to associate its request with a provider's
electronic health care claim. The health care provider then uses the
health plan assigned claim control number in the X12 275 standard in
the health care attachments transaction, discussed later in this
proposed rule, that it transmits to the health plan, enabling the
health plan to associate the attachment information with the previously
submitted health care claim.
The other noteworthy X12N 277 field is for LOINC for HIPAA
Attachments. The X12N 277 standard requires the use of the appropriate
LOINC for HIPAA Attachments data element to identify the specific
attachment information the health plan is requesting. The previously
referenced 2017 WEDI whitepaper illustrates how the LOINC code is used
in an X12 277 standard in the following hypothetical scenario: A
provider performs a particular surgery for which there is no HCPCS code
and sends the health plan a health care claim using a Not Otherwise
Classified (NOC) procedure code. The health plan requires additional
information about the procedure to adjudicate the claim, and sends the
health care provider an X12N 277 Health Care Claim Request for
Additional Information request using the appropriate LOINC for HIPAA
Attachments code to specify the surgical operative note it needs.\17\
---------------------------------------------------------------------------
\17\ Workgroup for Electronic Data Interchange (WEDI),
``Guidance on Implementation of Standard Electronic Attachments for
Healthcare Transactions'' <a href="https://www.wedi.org/2017/11/17/guidance-on-implementation-of-standard-electronic-attachments-for-healthcare-transactions/">https://www.wedi.org/2017/11/17/guidance-on-implementation-of-standard-electronic-attachments-for-healthcare-transactions/</a>.
---------------------------------------------------------------------------
(b) X12N 278--Health Care Services Request for Review and Response
(006020X315)
At Sec. 162.2002(e)(2), we propose to adopt the X12N 278--Health
Care Services Request for Review and Response (006020X315) as the
standard a health plan must use to electronically request attachment
information from a health care provider to support a prior
authorization transaction. We also propose to incorporate the same by
reference in Sec. 162.920. The X12 278 standard is unique in that it
is also used for a health care provider's request for prior
authorization, as reflected at Sec. 162.1302(b)(2)(ii). We are
proposing to adopt Version 6020 of that standard, which would represent
a modification to the currently adopted Version 5010 of the X12N 278.
As we discussed previously, the NCVHS indicated that the updated
version, that is, Version 6020, of the X12 278 is more compatible with
the Version 6020 X12N 275 standard we are proposing for a health care
provider's transmission of an attachment information transaction to a
health plan in support of a prior authorization request. Version 6020
of the X12 278 also contains the same two noteworthy fields as the X12N
277, that is, the health plan assigned claim control number and the
field for LOINC for HIPAA Attachments. In section II.D. of this
proposed rule we discuss our proposed modification to update the
current HIPAA standard, Version 5010 of the X12 278, to Version 6020.
(2) Proposed Adoption of Standards for Response From a Health Care
Provider to a Health Plan for Attachment Information
(a) X12 275--Additional Information to Support a Health Care Claim or
Encounter (006020X314)
We propose to adopt, at Sec. 162.2002(d), the X12N 275--Additional
Information to Support a Health Care Claim or Encounter (006020X314) as
the standard a provider must use to electronically transmit attachment
information to a health plan to support a health care claims or
equivalent encounter information transaction. We also propose to
incorporate the same by reference in Sec. 162.920.
The X12N 275--Additional Information to Support a Health Care Claim
or Encounter standard may be used with respect to both solicited and
unsolicited attachment information. Using the previous example of a
surgery for which there is not a HCPCS code, in the case where a health
plan has solicited attachment information, the provider would reply to
the X12N 277
[[Page 78448]]
request from the plan using the X12N 275 to convey the operative note
as the attachment information. In the unsolicited scenario, the
provider could concurrently transmit the X12N 275--Additional
Information to Support a Health Care Claim or Encounter and a claim
using the X12N 837 to enable the health plan to make a decision about
the claim at the time of initial claim processing.
We note that the X12N 275--Additional Information to Support a
Health Care Claim or Encounter claims attachment standard, as well as
the X12N 275--Additional Information to Support a Health Care Services
Review prior authorization standard (discussed in this section of this
proposed rule), do not themselves contain claim or prior authorization
attachment information. Rather, the standards serve as the electronic
envelope for attachment information that is embedded in an HL7
standard. We describe in detail the specific HL7 standards for
embedding attachment information in this section of the proposed rule,
but the critical concept is that the health care attachment information
is transported by the X12N 275 standard.
(b) X12N 275--Additional Information To Support a Health Care Services
Review (006020X316)
We propose, at Sec. 162.2002(c), to adopt the X12N 275--Additional
Information to Support a Health Care Services Review (006020X316) as
the standard a provider must use to electronically transmit attachment
information to a health plan to support a health care provider's
request for the review of health care to obtain an authorization for
the health care; in other words, a prior authorization request. We also
propose to incorporate the same by reference in Sec. 162.920.
As we described in greater detail in our proposal to adopt the X12
275--Additional Information to Support a Health Care Claim or
Encounter, this standard also can be sent in a solicited or unsolicited
manner. Using our example of a surgery for which there is no HCPCS
code, for solicited attachment information the provider would reply to
the X12N 278 request from the health plan using the X12N 275 standard
that conveys the operative note. In the unsolicited scenario, the
provider could concurrently transmit the X12N 275 Additional
Information to Support a Health Care Services Review and a prior
authorization request using the X12N 278 to enable the health plan to
make a decision about the prior authorization without additional
requests for information.
B. Proposed Adoption of HL7 Implementation Guides for Health Care
Attachment Information
The HL7 CDA standard is the only currently available SSO-created,
NCVHS-recommended standard in the United States with published
implementation specifications designed to support the HIPAA
transactions. Other standards for the exchange of clinical information
are being developed and piloted but, due in part to its readiness, we
believe the HL7 CDA is the most appropriate standard for adoption at
this time.
We are proposing to adopt the following three HL7 implementation
guides as HIPAA standards for the attachment information included in
health care attachments transactions:
<bullet> HL7 Implementation Guide for CDA Release 2: Consolidated CDA
Templates for Clinical Notes (US Realm) Draft Standard for Trial Use
Release 2.1, Volume 1--Introductory Material, June 2019 with Errata
(hereafter Volume One or C-CDA Volume One or C-CDA 2.1)
<bullet> HL7 Implementation Guide for CDA Release 2: Consolidated CDA
Templates for Clinical Notes (US Realm) Draft Standard for Trial Use
Release 2.1, Volume 2--Templates and Supporting Material, June 2019
with Errata (hereafter Volume Two or C-CDA Volume Two or C-CDA 2.1)
<bullet> HL7 CDA R2 Attachment Implementation Guide: Exchange of C-CDA
Based Documents, Release 1, March 2017 (hereafter the Attachment
Implementation Guide)
Generally, the Attachment Implementation Guide specifies how to
combine HL7 and X12 standards to transmit health care attachments
transactions. For example, it contains instructions with respect to how
to construct electronic health care attachments transactions, including
how to attach and send the attachment information using the proposed
X12N health care attachments standards. It also contains instructions
for health plans to utilize the necessary LOINC codes for health plans
to request health care attachments from a health care provider, and for
providers to identify health care attachments document templates when
transmitting them to a health plan. For the transmissions described in
proposed Sec. 162.2001, that is, transmissions of attachment
information from a health care provider to a health plan for the
specified purposes, and requests for attachment information from a
health plan to a health care provider, we would require the use of the
Attachment Implementation Guide at Sec. 162.2002(a). We propose to
incorporate this HL7 standard by reference in Sec. 162.920 in a new
paragraph (e) where we provide information about the availability of
the HL7 standards we are proposing.
We are also proposing that for the transmissions of attachment
information from a health care provider to a health plan for the
specified purposes, as described in proposed Sec. 162.2001(a), we
would require the use of Volume One and Volume Two, and would include
these requirements at Sec. 162.2002(b)(1) and (b)(2), respectively.
Collectively, these standards are instructions for the use of specific
sections of the CDA, a larger set of clinical information standards
developed by HL7, that provide specifications for users to create the
HL7 document templates for the clinical information that would be used
in the proposed health care attachments transactions.
Attachment information comes in two variants, ``structured'' and
``unstructured,'' and the proposed HL7 standards support both. A
structured document is one that has a high degree of organization that
is able to be interpreted by a computer, includes a header that
contains metadata about the clinical information found in the body of
the document, and a structured body. The clinical information contained
in the document is subdivided into systematic sections and entries that
can be identified and sorted by a computer using descriptive codes. HL7
Volume One and Volume Two instruct readers how to assemble the segments
into a standardized set of document sections known as a document
``template,'' which is essentially a set of C-CDA components identified
by a LOINC code, and include templates for the most common paper
documents that serve as attachment information. An HL7 structured
template is in a format that can be easily displayed in a human-
readable format, while also enabling a computer to make an automated
decision about a claim or a prior authorization request. Volume One and
Volume Two also contain instructions for creating an unstructured
document template for attachment information for which HL7 has not
created a structured template. Unstructured documents still utilize an
HL7 standard header that includes meta-data about the clinical
information found in the document body, but the body does not contain
tags that systematically identify the attachment information within.
Examples of unstructured documents include medical imaging files,
audio, video, and legacy attachment information such as scanned paper
[[Page 78449]]
documents. Unstructured content may also include attachment information
that is not collected in a health care environment, but that a health
plan may require for payment decisions, such as delivery receipts, home
inspection reports, or patient-created diabetic logs.
The Attachment Implementation Guide also specifies how to construct
a health care attachments transaction when Volume One or Volume Two do
not provide a document template for particular attachment information.
The Attachment Implementation Guide contains three criteria that any
document template to be used as a health care attachment must meet if
it is not already specified in one of the proposed implementation
guides: (1) the template must be developed and published through the
HL7 standards process; (2) the new template must be designated by HL7
as being compatible with a C-CDA 2.1 implementation specification and
for use in the United States; and (3) a LOINC code for the template
must be created by Regenstrief via its code creation process as
previously described. This means that once a C-CDA 2.1 implementation
guide-compatible document template has been created by HL7 and is
assigned a LOINC code, which happens upon request of the HL7 Payer/
Provider Information Exchange Workgroup once HL7 creates a new
template, it may be used as attachment information in a health care
attachments transaction. We invite comment on the proposed adoption of
the HL7 standards--Volume One, Volume Two, and the Attachment
Implementation Guide.
C. Electronic Signatures
Section 1173(e)(1) of the Act provides that the Secretary, in
coordination with the Secretary of Commerce, must adopt standards
specifying procedures for the electronic transmission and
authentication of signatures for HIPAA transactions. Pursuant to that
requirement, we proposed to adopt standards for electronic signatures
in the August 12, 1998 proposed rule (63 FR 43242) titled ``Security
and Electronic Signature Standards.'' That proposal, never finalized
with respect to electronic signatures, would not have required the use
of electronic signatures with any specific transaction. Rather, the
proposed rule recognized that electronic signatures would require
certain implementation features, including message integrity,
nonrepudiation, and user authentication, and proposed that the standard
for electronic signatures would be digital signatures--electronic
stamps that contain information about both the user creating the
signature and the document being signed--as the only technically mature
means available that could provide for nonrepudiation in an open
network environment. In comments on the proposed rule, industry
overwhelmingly indicated that then-available technology was
insufficient to enable the proposed provisions to be implemented. As
such, in the February 20, 2003 final rule (68 FR 8334) titled, ``Health
Insurance Reform: Security Standards'' (hereafter, February 2003
Security rule), we elected not to finalize the proposal, instead
indicating that a final rule on electronic signature standards would be
published at a later date. In the September 23, 2005 proposed rule
titled HIPAA Administrative Simplification: Standards for Electronic
Health Care Claims Attachments (70 FR 55990), we recognized that an
electronic signature consensus standard still did not exist and that no
federal standard governed the use of electronic signatures for private
sector health care services. We sought industry input on how signatures
should be handled when an attachment is requested and transmitted
electronically.
Signatures play a vital role with respect to the documentation of
health care, as a signature is often the only indicator available to
health plans and health care providers that attachment information has
been reviewed and approved by the service provider or other clinician
with appropriate authority to supervise care. Health care entities
recognize numerous legal and compliance best practices for clinician
attestation of medical record documentation consistent with applicable
federal and state laws and regulations, accreditation standards, payer
requirements, documentation requirements for clinical services offered,
and technology functionalities.\18\
---------------------------------------------------------------------------
\18\ Electronic Signature, Attestation, and Authorship, AHIMA:
<a href="https://bok.ahima.org/PdfView?oid=107152">https://bok.ahima.org/PdfView?oid=107152</a>.
---------------------------------------------------------------------------
Health care best practices, such as those of the National Committee
for Quality Assurance (NCQA), generally direct that all entries in the
medical record contain the author's identification.\19\ A health care
providers' signature (whether wet--in ink on paper documents--or
electronic) on medical record documentation generally serves as the
attestation that the appropriate provider representative has reviewed
and approved the documentation. Health plans commonly require written
and signed documentation as evidence of medical necessity for certain
types of services. For example, in order for a laboratory to submit a
claim for reimbursement of a laboratory test, a health plan may first
require a physician visit and a signed physician order. When the
laboratory later bills a health plan for the test, the plan may ask for
evidence that it was ordered by an authorized health care provider; if
the laboratory is unable to produce a signed order, it may not be
reimbursed.
---------------------------------------------------------------------------
\19\ ``Guidelines for Medical Record Documentation'', NCQA:
<a href="https://www.ncqa.org/wp-content/uploads/2018/07/20180110_Guidelines_Medical_Record_Documentation.pdf">https://www.ncqa.org/wp-content/uploads/2018/07/20180110_Guidelines_Medical_Record_Documentation.pdf</a>.
---------------------------------------------------------------------------
1. Proposed Definition of Electronic Signature
An electronic signature can be any of a number of types of marks or
data that indicate a signatory's intent to sign. Examples of electronic
signatures include an online check box indicating acceptance, a name
entered by the signer in an online form, a signing device at a
commercial checkout line on which a customer writes his or her
signature, and an image of a signature that was written by hand and
then scanned into an electronic image format.
We are proposing to define the term ``electronic signature'' as
broadly as possible to ensure that it meets health care providers' and
health plans' needs now and can also encompass future electronic
signature technologies. However, we propose to narrowly specify the
scope of the required use of electronic signatures, such that their
required use would be limited to just attachment information
transmitted electronically in electronic health care attachments
transactions. Accordingly, the electronic signature standard we are
proposing at Sec. 162.2002(f) would pertain only to electronic
signatures for attachment information transmitted by a health care
provider in an electronic health care attachments transaction.
At Sec. 162.103, we propose to define electronic signature as
follows: Electronic signature means an electronic sound, symbol, or
process, attached to or logically associated with attachment
information and executed by a person with the intent to sign the
attachment information.
[[Page 78450]]
2. Proposed Electronic Signature Standard
Electronic signatures vary in reliability and value based on the
type of technology used, and any HIPAA electronic signature standard
has to meet the needs of both health plans and health care providers
that produce and use attachment information. Any standard that we adopt
needs to support all of the current business functions and uses for
signatures in the health plan payment decision process while providing
assurance that attachment information is accurate and unaltered. The
1998 proposed rule that we mentioned previously, ``Security and
Electronic Signature Standards,'' enumerated three implementation
features necessary to achieve these goals: user authentication, message
integrity, and non-repudiation (63 FR 43257). These core features,
developed in conjunction with the Department of Commerce's National
Institute of Standards and Technology and the health care industry,
remain relevant to electronic signatures today. We discuss each in the
following sections.
Authentication is the ability of a health plan to identify and
verify the identity of the provider who signed a document, and is a
vital signature characteristic because such verification serves to
validate the attachment information. Just as a health plan might
compare a physical signature to a signature card to authenticate a
health care provider's identity, an electronic signature must provide a
method of authentication. Some forms of electronic signatures do not
allow for authentication; for example, a typed signature line in a word
processing document that indicates it was signed by a physician does
not have any unique traits that would permit authentication by a health
plan.
Because some electronic signatures can be readily manipulated,
there must also be a mechanism to ensure that signed attachment
information remains unaltered since the time it was affixed; this
feature is called message integrity. To maintain message integrity,
there must be a way to electronically validate that the attachment
information signed by the health care provider and sent to the health
plan are identical. Without such a mechanism it would be possible, for
example, to alter the amount or type of the medical item (such as,
medication, durable medical equipment, a medical service, etc.) ordered
by a physician after he or she had completed and signed the order.
Finally, an electronic signature standard must embody a feature
known as nonrepudiation, which provides strong assurance of identity
such that it is difficult for a signatory to later claim that the
electronic representation is not valid or that he or she did not sign
the document.\20\ Nonrepudiation is a necessary feature of an
electronic signature for health care attachments transactions because
health plans will use attachment information to make administrative
decisions about payment for health care services and may deny payment
to a health care provider based on the information in electronically
signed attachments.
---------------------------------------------------------------------------
\20\ Office of National Coordinator for Health Information
Technology (ONC). Identity Management, December 6, 2017: <a href="https://www.healthit.gov/sites/default/files/identitymanagementguidev5.13.pdf">https://www.healthit.gov/sites/default/files/identitymanagementguidev5.13.pdf</a>.
---------------------------------------------------------------------------
An electronic signature standard must manifest each of these three
features to suffice for attachment information in electronic health
care attachments transactions. For example, were a signing system to
incorporate authentication and nonrepudiation but lack a mechanism to
ensure message integrity, a health plan could not be confident that the
attachment information had not been altered since being signed. Or,
were a signing system to incorporate nonrepudiation and message
integrity but lack a mechanism for authentication, the health plan
receiving the attachment information would be assured that the content
had not been altered and that someone had signed, but it could never be
certain of the actual signatory. In the previously discussed 1998 and
2005 proposed rules, HHS identified digital signature technology as the
only electronic signature approach offering the features of
authentication, message integrity, and nonrepudiation. We continue to
believe that digital signature technology is the only electronic
signature technology that supports all three features.
We considered proposing, as an electronic signature standard, the
specifications for electronic signatures that are included in the HL7
implementation guides we are proposing here for electronic health care
attachments transactions. But we decided not to pursue that route
because the specifications included in those guides do not support
authentication, message integrity, and nonrepudiation.
However, HL7 has also developed an implementation guide called the
HL7 Implementation Guide for CDA Release 2: Digital Signatures and
Delegation of Rights, Release 1 (hereafter Digital Signatures Guide),
with supplemental specifications that add support for authentication,
message integrity, and nonrepudiation to their other published
implementation guides. The Digital Signatures Guide promotes these
three features by utilizing digital signature technology to implement
identity management using digital certificates, encryption requirements
to support message integrity, and multiple signed elements to support
nonrepudiation. As we previously noted, a digital signature is an
electronic stamp that contains information about both the user creating
the signature and the document that is being signed. Digital signatures
are created using digital certificates to create a secure computer code
that can be used later to authenticate the signer. At the same time,
the certificate is used to create another computer code, usually
referred to as a hash, which can be used by a computer to verify that
the document has not been changed since it was originally signed; this
is a mechanism to ensure the integrity of the signed document. In both
cases, the codes are encrypted so the receiver knows that the codes
themselves have also not been altered, enabling the receiver to be
confident that the signature was applied by the authenticated
individual.
We note that the Digital Signatures Guide does not include
requirements for when a document must be signed and by whom. As
previously discussed, requirements with respect to who may deliver
health care and how it must be documented via signature vary greatly
and are developed by health plans and outlined in their provider
compliance manuals, trading partner agreements, and other contractual
requirements between health plans and health care providers. We do not
seek to regulate clinical best practices for documentation or interfere
with health plans' business needs. Therefore, we are not proposing to
specify when an electronic signature must be required, but, instead, we
defer to the industry to continue to establish those expectations. We
would also limit the scope of the required use of electronic signatures
to just health care attachments transactions. Accordingly, we are
proposing to require that, where a health care provider uses an
electronic signature in a health care attachments transaction, the
signature must conform to the implementation specifications in the
Digital Signatures Guide. Specifically, we propose to adopt, at Sec.
162.2002(f), the HL7 Implementation Guide for CDA Release 2: Digital
Signatures and Delegation of Rights, Release 1 for electronic
signatures for attachment information transmitted by a health care
provider in an electronic health care attachments transactions
[[Page 78451]]
specified in Sec. 162.2001(a). We also propose to incorporate the same
by reference in Sec. 162.920.
We solicit comments on the proposed definition of electronic
signature and the proposed HL7 Implementation Guide as the attachment
information electronic signatures standard.
D. Proposed Modification to a HIPAA Standard
1. Modifications to Standards
Section 1174 of the Act requires the Secretary to review the
adopted standards and adopt modifications to them as appropriate, but
not more than once every 12 months. Modifications must be completed in
a manner that minimizes disruption and cost of compliance. Per section
1175 of the Act, if the Secretary adopts a modification to a HIPAA
standard or implementation specification, the compliance date for the
modification may not be earlier than the 180th day following the date
of the adoption of the modification. The Secretary must consider the
time needed to comply due to the nature and extent of the modification
when determining compliance dates, and may extend the time for
compliance for small health plans if the Secretary deems it
appropriate.
Section 162.910 sets out the standards maintenance process and
defines the role of SSOs and Designated Standard Maintenance
Organizations (DSMOs). An SSO is an organization accredited by the ANSI
that develops and maintains standards for information transactions or
data elements. The two SSOs applicable to this proposed rule are the
Accredited Standards Committee X12 (X12) and Health Level Seven (HL7).
On August 17, 2000, the Secretary designated six organizations (see
Health Insurance Reform: Announcement of Designated Standard
Maintenance Organizations Notice (65 FR 50373)) to maintain the health
care transaction standards adopted by the Secretary, and to process
requests for modifying an adopted standard or for adopting a new
standard. The six organizations include X12, HL7, and NCPDP, along with
the National Uniform Billing Committee (NUBC), the National Uniform
Claim Committee (NUCC), and the Dental Content Committee (DCC) of the
American Dental Association.
Section 162.910 also sets forth the procedures for the maintenance
of existing standards and the adoption of modifications to existing
standards and new standards. Under Sec. 162.910(c), the Secretary
considers recommendations for proposed modifications to existing
standards or proposed new standards, only if the recommendations are
developed through a process that provides for all of the following:
<bullet> Open public access.
<bullet> Coordination with other DSMOs.
<bullet> An appeal process for the requestor of the proposal or the
DSMO that participated in the review and analysis if either were
dissatisfied with the decision on the request.
<bullet> An expedited process to address HIPAA content needs
identified within the industry.
<bullet> Submission of the recommendation to the NCVHS.
Any entity may submit change requests with a documented business
case to support the recommendation to the DSMO, which receives and
processes those change requests. The DSMO reviews the request and
notifies the SSO of the recommendation for approval or rejection.
Should the changes be recommended for approval, the DSMO also notifies
the NCVHS and suggests that a recommendation for adoption be made to
the Secretary of HHS. Information pertaining to the designation of a
DSMO and its responsibilities can be found in the Transactions Rule and
the Notice, which were both published on August 17, 2000 (65 FR 50365
and 50373).
The modification we are proposing in this rule was developed
through a process that conforms with Sec. 162.910. In February 2016,
the NCVHS held hearings to review the Version 6020 X12N 278
implementation specifications as a standard for health care attachments
transactions, which X12 recommended be adopted by HHS. Testimony from
that hearing indicated the need for HHS to adopt the 6020 version of
the X12N 278, which X12 testified resolves technical issues with
Version 5010 of the X12N 278.\21\ In its 2016 letter to the Secretary,
the NCVHS recommended the adoption of the X12N 278 for health care
attachments transactions, but did not recommend a specific version.
Rather, the NCVHS recommended that the Secretary consider adopting the
version expected to be in effect at the time the transactions standards
are mandated.\22\ Version 6020 of the X12N 278 is the most current
version of the referral certification and authorization transaction
standard.
---------------------------------------------------------------------------
\21\ <a href="https://ncvhs.hhs.gov/transcripts-minutes/transcript-of-the-february-16-2016-ncvhs-subcommittee-on-standards/">https://ncvhs.hhs.gov/transcripts-minutes/transcript-of-the-february-16-2016-ncvhs-subcommittee-on-standards/</a>.
\22\ <a href="https://ncvhs.hhs.gov/wp-content/uploads/2018/03/2016-Ltr-Attachments-July-1-Final-Chair-CLEAN-for-Submission-Publication.pdf">https://ncvhs.hhs.gov/wp-content/uploads/2018/03/2016-Ltr-Attachments-July-1-Final-Chair-CLEAN-for-Submission-Publication.pdf</a>.
---------------------------------------------------------------------------
2. Modification to Referral Certification and Authorization Transaction
Standard
As just discussed, the NCVHS recommended that HHS adopt the
referral certification and authorization transaction standard (ASC X12N
278) for non-claims-related attachment requests and responses. Although
the NCVHS did not recommend a specific version of the standard, we are
proposing to adopt Version 6020 of the X12N 278 because Version 6020
better harmonizes with the Additional Information to Support a Health
Care Services Review Version--X12N 275- (006020X316) standard we are
proposing to adopt for providers transmitting attachment information.
As we also discussed, while it may be possible to use different
versions of the standards for health plan requests for, and provider
transmissions of, attachment information, X12 advised against it,
recommending to the NCVHS \23\ that all parties to those transactions
use Version 6020 of the standards as they are most compatible with each
other.
---------------------------------------------------------------------------
\23\ Transcript of NCVHS Subcommittee on Standards Hearing on
Electronic Attachments Standards and Operating Rules, February 27,
2013: <a href="https://ncvhs.hhs.gov/transcripts-minutes/transcript-of-the-february-27-2013-ncvhs-subcommittee-on-standards-hearing/">https://ncvhs.hhs.gov/transcripts-minutes/transcript-of-the-february-27-2013-ncvhs-subcommittee-on-standards-hearing/</a>.
---------------------------------------------------------------------------
Adopting Version 6020 of the X12N 278 for referral certification
and authorization transactions standard to replace Version 5010 of the
X12N 278 would be a modification to a standard under HIPAA, similar to
the previous modifications we adopted when we moved from Version 4010
to Version 5010 for the X12 standards. Version 6020 of the X12N 278
includes several changes, some of which are maintenance changes, and
some of which represent more significant improvements over Version
5010. The two most significant changes each represent technical
improvements and structural changes to the standard:
<bullet> One important change will better support referral
certification and authorization transactions for dental services.
Currently, health care providers are able to accurately report tooth
status utilizing Version 5010 of the X12N 837 for health care claims,
but Version 5010 of the X12N 278 cannot support reporting tooth status
in health care referral certification and authorization transactions.
Version 6020 of the X12N 278 expands support for reporting the status
of individual teeth, which enables a health care provider to
specifically indicate a missing tooth, extracted tooth, tooth to be
extracted, or impacted tooth in a health care referral
[[Page 78452]]
certification and authorization transaction. We expect this improvement
in the X12N 278 to minimize or eliminate administrative delays
attributable to providers having to convey relevant individual tooth
information outside of the standard transactions process.
<bullet> Version 6020 revises and expands the drug authorization
segment, which includes fields necessary to, for example, identify a
drug, specify quantity of drug requested, specify drug dosage
requested, and accommodate related procedure codes. Because Version
5010 does not enable entities to supply this additional information,
health plans and providers must utilize cumbersome alternative methods
to communicate drug information. Therefore, we also expect this
improvement to minimize or eliminate administrative delays attributable
to providers having to convey relevant drug information outside of the
standard transactions process.
The referral certification and authorization transaction under
Sec. 162.1301 includes two transmission types from health care
providers to health plans: prior authorization requests and referral
certification requests. The X12N 278 standard is required for both
types of transmission. As discussed, we are proposing that health care
attachments transactions would apply to prior authorization
transactions; we are not proposing that they apply to referral
certification transactions. Although it would be technically feasible
for us to propose to adopt Version 6020 only for prior authorization
transmissions specified in Sec. 162.1301(a) and retain Version 5010
for referral certification transmissions specified in Sec.
162.1301(b), we are instead proposing Version 6020 for both
transmission types because it includes improvements over Version 5010
that better support both transmission types, and we believe it would be
more burdensome for covered entities to have to maintain both X12N 278
versions.
E. Proposed Compliance Dates
We are proposing to adopt new standards and a modification to a
standard in this proposed rule. Section 1104(c)(3) of the Affordable
Care Act, which requires the Secretary to adopt a transaction standard
for health claims attachments, prescribes a 2-year compliance date for
all covered entities and makes no special provision for small health
plans, unlike the original HIPAA. In this rule, we are proposing that
the same health care attachments standards would apply to both claims
and prior authorization attachments transmissions. As the transmission
standard for each type of attachment transaction transmission would be
the same, we believe the compliance date for both types should also be
the same. In addition, because we are proposing to treat the two
attachments process together as one transaction in new Subpart T,
adopting the same compliance timeframe for all covered entities would
avoid the complications a bifurcated compliance timeframe--one for
claims processes and another for prior authorization processes--would
raise.
When the Secretary adopts a modification to a HIPAA standard,
section 1175(b)(2) of the Act requires that the compliance date may not
be earlier than the 180th day following the date of adoption. The
Secretary must consider the time needed to comply due to the nature and
extent of the modification when determining a compliance date, and may
extend the time for small health plans to achieve compliance if the
Secretary deems it appropriate. The adoption date of a standard or a
modification is the effective date of the final rule in which the
adoption or modification is established. The effective date is the date
the rule amends the Code of Federal Regulations (CFR), which is
typically 60 days after the date of publication in the Federal
Register.
1. Proposed Compliance Date for Health Care Attachments and Electronic
Signatures Standards
We are proposing to adopt the following seven standards for health
care attachments transactions and electronic signatures:
<bullet> HL7 CDAR2: Attachment Implementation Guide: Exchange of C-
CDA Based Documents, Release 1--March 2017.
<bullet> HL7 Implementation Guide for CDA Release 2: Consolidated
CDA Templates for Clinical Notes (US Realm) Draft Standard for Trial
Use Release 2.1, Volume 1--Introductory Material, June 2019 with
Errata.
<bullet> HL7 Implementation Guide for CDA Release 2: Consolidated
CDA Templates for Clinical Notes (US Realm) Draft Standard for Trial
Use Release 2.1, Volume 2--Templates and Supporting Material, June 2019
with Errata.
<bullet> X12N 275 Additional Information to Support a Health Care
Services Review (06020X316).
<bullet> X12N 275 Additional Information to Support a Health Care
Claim or Encounter (06020X314).
<bullet> X12N 277--Health Care Claim Request for Additional
Information (006020X313).
<bullet> HL7 Implementation Guide for CDA Release 2: Digital
Signatures and Delegation of Rights, Release 1.
In accordance with section 1104(c)(3) of the Affordable Care Act,
which sets a 2-year compliance date, and which makes no provision for
an extended time for small health plans to achieve compliance, we are
proposing that the compliance date for these standards would be 24
months after the effective date of the final rule for all covered
entities. We would specify these compliance dates in Sec. 162.2002.
2. Proposed Compliance Date for Modification
Section 1175(b)(2) of the Act requires the Secretary to determine
an appropriate compliance date for the implementation of modified
standards, such as the modification of the X12N 278 standard from
Version 5010 to Version 6020, by taking into account the time needed to
comply due to the nature and extent of the modification. The Act also
requires that the compliance date be no earlier than the last day of
the 180-day period beginning on the date the modification is adopted
(the effective date of the final rule in which the modification is
adopted). As discussed previously, we are proposing Version 6020 of the
X12N 278 as the standard for referral certification and authorization
transactions to be used by a health plan in conjunction with Version
6020 of the X12N 275, which a health care provider would use to
electronically transmit attachment information to a health plan in
support of a prior authorization request. As the X12N 278 will feature
in the new health care attachments transaction, we believe it is
important to align the compliance dates for the proposed modification
to the X12N 278 standard and the health care attachments standards.
Accordingly, we are proposing that covered entities would need to
comply with Version 6020 of the standard 24 months after the effective
date of the final rule. We would reflect this compliance date in Sec.
162.1302 by: (1) revising paragraph (c) to specify only the standard
identified in paragraph (b)(2)(i); and (2) adding new paragraph (d) to
require covered entities to use, in paragraph (d)(1), Version 5010 X12N
278 for 24 months after the effective date of the final rule, and in
paragraph (d)(2), Version 6020 X12N 278 on and after 24 months after
the effective date of the final rule. We solicit comments on this
proposed approach.
F. Proposed Incorporation by Reference
This proposed rule proposes to incorporate by reference: (1) X12
275--
[[Page 78453]]
Additional Information to Support a Health Care Claim or Encounter
(006020X314); (2) X12N 275--Additional Information to Support a Health
Care Services Review (006020X316); (3) X12N 277--Health Care Claim
Request for Additional Information (006020X313); and (4) X12N 278--
Health Care Services Request for Review and Response Version
(006020X315) standard for the referral certification and authorization
transaction implementation guides.
The X12 275--Additional Information to Support a Health Care Claim
or Encounter implementation guide provides instructions to assist those
who send additional supporting information or who receive additional
supporting information to a health care claim or encounter. The
implementation guide for X12N 275--Additional Information to Support a
Health Care Services Review implementation guide contains the data
elements used to communicate individual patient information requests
and patient information (either solicited or unsolicited) between
separate health care entities in a variety of settings to be consistent
with confidentiality and use requirements. Instructions to collect
patient information consisting of demographic, clinical and other
supporting data are provided.
The X12N 277--Health Care Claim Request for Additional Information
implementation guide contains the format and establishes the data
contents of the Health Care Information Status Notification Transaction
Set for use within the context of an Electronic Data Interchange (EDI)
environment. This transaction set can be used by a health care payer or
authorized agent to notify a provider, recipient, or authorized agent
regarding the status of a health care claim or encounter or to request
additional information from the provider regarding a health care claim
or encounter, health care services review, or transactions related to
the provisions of health care.
X12N 278--Health Care Services Request for Review and Response
Version implementation guide contains the format. It establishes the
data contents of the Health Care Services Review Information
transaction set used within the context of an Electronic Data
Interchange (EDI) environment. This transaction set can be used to
transmit health care service information, such as subscriber, patient,
demographic, diagnosis, or treatment data for the purpose of request
for review, certification, notification, or reporting the outcome of a
health care services review. Expected users of this transaction set are
payors, plan sponsors, providers, utilization management, and other
entities involved in health care services review.
This proposed rule proposes to incorporate by reference: (1) HL7
CDA R2 Attachment Implementation Guide: Exchange of C-CDA Based
Documents, Release 1, March 2017; (2) HL7 Implementation Guide for CDA
Release 2: Consolidated CDA Templates for Clinical Notes (US Realm)
Draft Standard for Trial Use Release 2.1, Volume 1--Introductory
Material, June 2019 with Errata; and (3) HL7 Implementation Guide for
CDA Release 2: Consolidated CDA Templates for Clinical Notes (US Realm)
Draft Standard for Trial Use Release 2.1, Volume 2--Templates and
Supporting Material, June 2019 with Errata.
The HL7 CDA R2 Attachment Implementation Guide: Exchange of C-CDA
Based Documents, Release 1, March 2017, defines the requirements for
sending and receiving standards-based electronic attachments. It does
so by applying additional constraints onto standards in common use for
clinical documentation and by specifying requirements for sending and
receiving systems for attachment requests and response messages. It
defines the set of attachment documents as those that contain the
minimum standard metadata to support basic document management
functions, including identification of patients and providers, the type
of document, date of creation, encounter information, and a globally
unique document identifier.
HL7 Implementation Guide for CDA Release 2: Consolidated CDA
Templates for Clinical Notes (US Realm) Draft Standard for Trial Use
Release 2.1, Volume 1--Introductory Material, June 2019 with Errata and
HL7 Implementation Guide for CDA Release 2: Consolidated CDA Templates
for Clinical Notes (US Realm) Draft Standard for Trial Use Release 2.1,
Volume 2--Templates and Supporting Material, June 2019 with Errata
implementation guides contain a library of CDA templates, incorporating
and harmonizing previous efforts from HL7. It represents the
harmonization of the HL7 Health Story guides, HITSP C32, related
components of IHE Patient Care Coordination (IHE PCC), and Continuity
of Care (CCD). This R2.1 guide was developed and produced by the HL7
Structured Documents Workgroup. It updates the C-CDA R2 (2014) guide to
support ``on-the-wire'' compatibility with R1.1 systems C-CDA Release
2.1 implementation guide, in conjunction with the HL7 CDA Release 2
(CDA R2) standard, is to be used for implementing the following CDA
documents and header constraints for clinical notes.
The materials we propose to incorporate by reference are available
to interested parties and can be inspected at the CMS Information
Resource Center, 7500 Security Boulevard, Baltimore, MD 21244-1850. The
X12 implementation guides are available at GLASS, <a href="http://sso.x12.org">sso.x12.org</a>. The HL7
implementation guides are also available through the internet at
<a href="http://www.HL7.org">www.HL7.org</a>. A fee is charged for all implementation guides. Charging
for such publications is consistent with the policies of other
publishers of standards. If we wish to adopt any changes in this
edition of the Code, we would submit the revised document to notice and
comment rulemaking.
IV. Collection of Information Requirements
Under the Paperwork Reduction Act of 1995, we are required to
provide 60-day notice in the Federal Register and solicit public
comment before a collection of information requirement is submitted to
the Office of Management and Budget (OMB) for review and approval. In
order to fairly evaluate whether an information collection should be
approved by OMB, section 3506(c)(2)(A) of the Paperwork Reduction Act
of 1995 requires that we solicit comment on the following issues:
<bullet> The need for the information collection and its usefulness
in carrying out the proper functions of our agency.
<bullet> The accuracy of our estimate of the information collection
burden.
<bullet> The quality, utility, and clarity of the information to be
collected.
<bullet> Recommendations to minimize the information collection
burden on the affected public, including automated collection
techniques.
The burden associated with the information collection requirements
contained in Sec. 162.1302 of this document are subject to the PRA;
however, this one-time burden was previously approved and accounted for
in the information collection request under OMB control number 0938-
0866 and titled ``CMS-R-218: HIPAA Standards for Coding Electronic
Transactions.'' This information collection request will be revised and
reinstated to incorporate any proposed additional transaction standards
and proposed modifications to transaction standards not currently
captured in the PRA package associated with OMB approval number 0938-
0866.
In addition, the collection requirements associated with this
demonstration do not impose information collection and record
[[Page 78454]]
keeping requirements, because they meet the ``information'' definition
exception under 5 CFR 1320.3(h)(4) which states: ``Information'' does
not generally include items in the following categories: (4) Facts or
opinions submitted in response to general solicitations of comments
from the public, published in the Federal Register or other
publications, regardless of the form or format thereof, provided that
no person is required to supply specific information pertaining to the
commenter, other than that necessary for self-identification, as a
condition of the agency's full consideration of the comment.
If you comment on this information collection, that is, reporting,
recordkeeping or third-party disclosure requirements, please submit
your comments electronically as specified in the ADDRESSES section of
this proposed rule. Comments must be received on/by February 21, 2023.
V. Regulatory Impact Analysis
A. Statement of Need
This rule proposes to adopt and modify standards, pursuant to HIPAA
Administrative Simplification statutory provisions, for the electronic
transmission of health care attachments, inclusive of attachments
standards for both health care claims and prior authorizations. The
health care industry has made it clear via NCVHS testimony, WEDI
presentations, CAQH reports and direct inquiry that there is a clear
need for government action with regard to attachments standards in
order to bring consistency and reliable communications among the
partners involved in health care transactions that require attachments.
As a result of the absence of a federal attachments standard, health
plans, providers and vendors lack the direction needed to support broad
use of automation in the attachment workflow or for industry to
coalesce around the use of even a small number of electronic solutions.
In addition, lack of an attachments standards has deterred industry
stakeholders from investing in system implementations to automate the
attachments workflow, requiring a large manual administrative burden
for the exchange of medical documentation. Industry SSOs and
stakeholder alliances report this automation would yield substantial
labor cost savings and administrative burden reduction. We believe
standardizing electronic attachments transmissions would facilitate
prior authorization decisions and claims processing, which would result
in a decreased burden on providers and health plans, and quicker
delivery of services to patients.
B. Overall Impact
We have examined the impacts of this rule as required by Executive
Order 12866 on Regulatory Planning and Review (September 30, 1993),
Executive Order 13563 on Improving Regulation and Regulatory Review
(January 18, 2011), the Regulatory Flexibility Act (RFA) (September 19,
1980, Pub. L. 96-354), section 1102(b) of the Social Security Act,
section 202 of the Unfunded Mandates Reform Act of 1995 (March 22,
1995; Pub. L. 104-4), Executive Order 13132 on Federalism (August 4,
1999), and the Congressional Review Act (5 U.S.C. 804(2)).
Executive Orders 12866 and 13563 direct agencies to assess all
costs and benefits of available regulatory alternatives and, if
regulation is necessary, to select regulatory approaches that maximize
net benefits (including potential economic, environmental, public
health, and safety effects, distributive impacts, and equity). Section
3(f) of Executive Order 12866 defines a significant regulatory action
as an action that is likely to result in a rule: (1) having an annual
effect on the economy of $100 million or more in any 1 year, or
adversely and materially affecting a sector of the economy,
productivity, competition, jobs, the environment, public health or
safety, or state, local or tribal governments or communities (also
referred to as economically significant); (2) creating a serious
inconsistency or otherwise interfering with an action taken or planned
by another agency; (3) materially altering the budgetary impacts of
entitlement grants, user fees, or loan programs or the rights and
obligations of recipients thereof; or (4) raising novel legal or policy
issues arising out of legal mandates, the President's priorities, or
the principles set forth in the Executive Order.
A regulatory impact analysis (RIA) must be prepared for major rules
with economically significant effects ($100 million or more in any 1
year). Based on our estimates, OMB's Office of Information and
Regulatory Affairs has determined this rulemaking is ``economically
significant'' as measured by the $100 million threshold. We believe
that covered entities have already largely invested in the hardware,
software, and connectivity necessary to conduct the new and modified
standards proposed. We anticipate that the adoption of these changes
would result in costs that would be outweighed by the benefits.
Accordingly, we have prepared a Regulatory Impact Analysis that to the
best of our ability presents the costs and benefits of the proposed
rulemaking.
C. Regulatory Flexibility Analysis
Executive Order 13272 requires that HHS thoroughly review rules to
assess and take appropriate account of their potential impact on small
businesses, small governmental jurisdictions, and small organizations
(as mandated by the Regulatory Flexibility Act (RFA)). The RFA requires
agencies to analyze options for regulatory relief of small entities, if
a rule has a significant impact on a substantial number of small
entities. If a proposed rule may have a significant economic impact on
a substantial number of small entities, then the proposed rule must
discuss steps taken, including alternatives considered, to minimize the
burden on small entities. The RFA does not define the terms significant
economic impact or substantial number. The Small Business
Administration (SBA) advises that this absence of statutory specificity
allows what is significant or substantial to vary, depending on the
problem that is to be addressed in rulemaking, the rule's requirements,
and the preliminary assessment of the rule's impact. Nevertheless, HHS
typically considers a significant impact to be three to five percent or
more of the affected entities' costs or revenues.
The RFA generally defines a small entity as (1) a proprietary firm
meeting the SBA size standards, (2) a not-for-profit organization that
is not dominant in its field, or (3) a small government jurisdiction
with a population of less than 50,000. The North American Industry
Classification System (NAICS) is used in the U.S., Canada, and Mexico
to classify businesses by industry.\24\ While there is no distinction
between small and large businesses among the NAICS categories, the SBA
develops size standards for each NAICS category. The most recently
available update to the NAICS went into effect for the 2017 reference
year, and the most recent SBA small business size regulations and Small
Business Size Standards by NAICS Industry tables appear at 13 CFR
121.201. We have determined that the covered entities and their vendors
affected by this proposed rule likely fall primarily in the categories
listed in Table 1.
---------------------------------------------------------------------------
\24\ <a href="http://www.sba.gov/content/small-business-size-standards">http://www.sba.gov/content/small-business-size-standards</a>.
[[Page 78455]]
Table 1--SBA Size Standards for Applicable NAICS Industry Codes
------------------------------------------------------------------------
SBA standard ($
NAICS code NAICS description in million)
------------------------------------------------------------------------
446110.................. Pharmacies and drug stores.. 30.0
522320.................. Financial transaction 41.5
processing, reserve, and
clearinghouse activities.
524114.................. Direct health and medical 41.5
insurance carriers.
541511.................. Custom computer programming 30.0
services.
62111................... Offices of physicians....... 12.0
621210.................. Offices of dentists......... 8.0
621491.................. Health plans................ 35.0
6221.................... Hospitals................... 41.5
------------------------------------------------------------------------
Most hospitals and most other providers and suppliers are small
entities, either by nonprofit status or by having revenues of less than
$8.0 million to $41.5 million in any 1 year. Accordingly, it is our
normal practice to treat all health care providers as small entities.
For providers, the changes proposed by this rule may involve software
upgrades for practice management and EHR systems. Thus, we expect that
the vast majority of physicians and other health care provider
practices will need to make relatively small changes in their systems
and in their processes, but may incur additional service fees from
their system vendors for additional functionality. Some of the smallest
provider entities may elect to continue their current manual processes.
We include pharmacies in this analysis, and consider most of them to be
small businesses. While we believe few health plans meet the small
business size standard, many health plans are non-profit organizations
and would be considered small businesses; but we are unable to identify
data to help us distinguish the number of these entities and therefore
solicit industry feedback to complete this analysis for the final rule.
We address clearinghouses, but we do not believe that there are a
significant number of clearinghouses that would be considered small
entities because of the level of consolidation in the marketplace.
Because these proposals include initial standards for the exchange of
both administrative and clinical documentation, we also address
provider practice management system (PMS) and EHR vendors in our
discussion, but are unable to identify data that would help identify
the proportion of firms in these markets that meet the small business
size standards. State Medicaid agencies are excluded from this analysis
because states are not considered small entities in any RFA.
Table 8 in the impact analysis presents the estimated
implementation costs of these proposals on all entities we anticipate
would be affected by the rule. The data in that table are used in this
analysis to provide cost information.
1. Number of Small Entities
We used the latest available (2017) Census business data records
and other information to determine the number of affected entities, as
summarized in Table 2.
Table 2--Number of Affected Entities
------------------------------------------------------------------------
Number of entity
Type of entity firms or
establishments
------------------------------------------------------------------------
Hospitals............................................. 5,544
Physicians............................................ 171,722
Dentists.............................................. 125,329
Pharmacies............................................ 19.234
Private Health Plans.................................. 772
Government Health Plans............................... 3
Clearinghouses........................................ 162
Vendors............................................... 1,000
-----------------
Totals............................................ 323,766
------------------------------------------------------------------------
Based on the latest available (2017) Census business data records,
we estimate that 321,639 health care provider entities may be
considered small entities either because of their nonprofit status or
because of their revenues, as detailed in Table 3. Approximately two
percent (5,544) of these are hospitals, 57 percent (171,722) are
physician practices, and 41 percent (125,329) are dental practices. To
count hospitals, we are using data at the level of establishments, and
to count physicians and dentists we are using data at the level of
firms, as we did in the August 22, 2008 proposed rule titled ``Health
Insurance Reform; Modifications to the Health Insurance Portability and
Accountability Act (HIPAA) Electronic Transaction Standards'' (73 FR
497742, 49758). We believe health information technology (HIT) systems
are still more likely to differ at the level of the enterprise rather
than at the level of the firm in hospitals. We believe that this way of
counting may overstate the number of affected entities in these
segments, given the recent trends toward consolidation among and
between provider types and toward increasing integration of HIT systems
across collaborating organizations. However, this overestimation may
compensate for other types of affected health care providers
potentially not reflected in these particular NAICS categories. We note
that the number of 5,544 hospital establishments reflected in the 2017
Census business data roughly compares with more recent 2021 data from
the American Hospital Association \25\ indicating a total of 6,090 U.S.
hospitals, of which approximately 25 percent are for-profit. However,
we do not have more detail, including data on the size of the hospitals
in this 25 percent, in order to determine whether any should be
excluded from the count of small entities.
---------------------------------------------------------------------------
\25\ Fast Facts on U.S. Hospitals, 2021; accessed 5/24/2021 at:
<a href="https://www.aha.org/statistics/fast-facts-us-hospitals">https://www.aha.org/statistics/fast-facts-us-hospitals</a>.
---------------------------------------------------------------------------
The Census business data records indicate that in 2017 there were a
total of 19,234 pharmacy firms, and we estimate that most of these
qualify as small entities. Available data do not permit us to clearly
distinguish small pharmacy firms from firms that are parts of larger
parent organizations, but we use employee size as a proxy for the firm
size subject to the SBA size standard. For purposes of this analysis,
we assume the firms with more than 500 employees (190) represent chain
pharmacies and those with fewer than 500 employees (19,044) represent
independently-owned open- or closed-door pharmacies. The 19,044 firms
with fewer than 500 employees represented 20,901 establishments and
accounted for total annual receipts of $70.9 billion and average annual
receipts of $3.7 million--revenue that is well below the SBA standard
of $30 million. By contrast, the 190 firms with 500 or more employees
represented 27,123 establishments and accounted for over $211 billion
in annual receipts, and thus, average annual receipts of $1.1
[[Page 78456]]
billion. Therefore, we assume 19,044 pharmacy firms qualify as small
entities for this analysis.
For 2017, the Census Bureau counts 745 entities designated as
Direct Health and Medical Insurance Carriers and 27 as Health
Maintenance Organization (HMO) Medical Centers. We assume that these
772 firms represent health plans that would be subject to these
proposals. Of the 745 Carriers, those with fewer than 500 employees
(564) accounted for $35 billion in total and over $62 million in
average annual receipts, exceeding the SBA size standard of $41.5
million. Comparable data on the eight smaller HMO Medical Centers is
not available due to small cell size suppression. Although health plan
firms may not qualify as small entities under the SBA receipts size
standard, they may under non-profit status. However, we are not aware
of data that would help us understand the relationship between health
plan firm and ownership tax status to quantify the number of such
firms. Therefore, we are not including an analysis of the impact on
small health plans.
Clearinghouses provide transaction processing and data translation
services to both providers and health plans that would be critical to
implementing this proposed rule. The applicable NAICS category includes
many types of financial transaction processing firms other than those
affected by this rule, so the Census business data cannot be used to
identify small entities of interest. In previous rulemaking, we have
identified a largely consolidated market (74 FR 3312). More recently,
in 2020, the national clearinghouse association, Cooperative Exchange,
indicated its 23 member companies represent over 90 percent of the
clearinghouse industry and provide services to over 750,000 provider
organizations, through more than 7,000 payer connections and 1,000 HIT
vendors.\26\ While we do not have data on the size of these firms, or
on the other firms constituting the remaining less than 10 percent of
the market, we continue to believe the firms in this segment are either
quite large or are affiliated with other very large firms, and do not
include them in this small entity analysis. In the January 2009
Modification final rule, we identified the number of 162 clearinghouse
entities (74 FR 3318). We are not aware of whether there has been
further consolidation in this industry since 2009, so we continue to
estimate that 162 clearinghouses serve the health care market in
subsequent analyses.
---------------------------------------------------------------------------
\26\ From testimony submitted for the 8/25/2020 NCVHS
Subcommittee on Standards Hearing on Proposed CAQH CORE Operating
Rules;: <a href="https://ncvhs.hhs.gov/wp-content/uploads/2020/08/Comments-CAQH%20CORE%20Proposed%20Operating%20Rules%20for%20Federal%20Adoption%20508.pdf">https://ncvhs.hhs.gov/wp-content/uploads/2020/08/Comments-CAQH%20CORE%20Proposed%20Operating%20Rules%20for%20Federal%20Adoption%20508.pdf</a>.
---------------------------------------------------------------------------
Other vendors affected by this rule include provider PMS and EHR
technology system vendors. Counting the affected entities in these two
segments is complicated, in part because they are increasingly
integrated. A health care provider entity's PMS and EHR systems may be
bundled in one product offering, semi-integrated affiliated systems, or
entirely independent systems offered by separate vendors.\27\ We have
not identified publicly available data on the number, size, or market
share of these specific industry stakeholders. NAICS industry category
541511, Custom Computer Programming Services, seems to be the closest
category. In 2017, the category included over 62,000 firms with 99
percent of these having less than 500 employees and 1 percent having
500 or more employees. However, this total seems out of proportion to
other potential indicators of market size, leading us to believe it
significantly overstates the affected entities of interest to the
proposed rule. For instance, the aforementioned Cooperative Exchange
description of member firm scope cited connections with 1,000 HIT
vendors; 2019 market research estimates indicate there are over 500
vendors offering some type of EHR product; \28\ the 21st Century Cures
Act: Interoperability, Information Blocking, and the ONC Health IT
Certification Program final rule (85 FR 25642) estimated the number of
certified HIT developers with health IT products capable of recording
electronic health information certified in the 2015 Edition of health
IT certification criteria to be 458; and the Electronic Health Record
Association, a trade association of EHR companies addressing national
efforts to create interoperable EHRs in hospital and ambulatory care
settings, lists 29 companies as members.\29\ A web search for NAICS
codes associated with a sampling of these EHR Association member
companies yielded many different NAICS codes (including some with
541511), possibly reflecting widely varying scopes of other products
and services offered by firms in this market segment. Without more
definitive data on the firms specific to the health care provider PMS
and EHR business markets, we estimate that the number of affected firms
is around 1,000, with the bulk of market share served by a relatively
small number of large entities and the remainder of market share served
by many smaller entities. However, we are unable to determine how many
of these smaller entities may meet small business size standards and
are not subsidiaries of larger firms, so we do not include them in this
small entity analysis.
---------------------------------------------------------------------------
\27\ The true cost of switching EHRs. May 30, 2018. Mary Pratt.
Medical Economics Journal, June 10, 2018 edition, Volume 96, Issue
10. <a href="https://www.medicaleconomics.com/view/true-cost-switching-ehrs">https://www.medicaleconomics.com/view/true-cost-switching-ehrs</a>.
\28\ Who are the largest EHR vendors. Jeff Green. EHR in
Practice. October 18, 2019 <a href="https://www.ehrinpractice.com/largest-ehr-vendors.html">https://www.ehrinpractice.com/largest-ehr-vendors.html</a>.
\29\ <a href="https://www.ehra.org/membership/ehra-members">https://www.ehra.org/membership/ehra-members</a>.
---------------------------------------------------------------------------
2. Costs to Small Entities
To determine the impact on the health care providers considered
small entities for this analysis (identified in the previous section),
we used the 2017 Census business data to collect revenue estimates and
compared these to the high and low estimates for the range of costs
calculated for each industry segment later in this analysis, as
summarized in Table 8. We calculated the percentage of revenues
represented by the high and low estimates, and none exceeded the 3 to 5
percent of revenue threshold, as summarized in Table 3. Thus, for
purposes of the RFA analysis, we can conclude there is not a
significant impact on small entities.
Table 3--Analysis of Implementation Burden on Small Covered Entities
----------------------------------------------------------------------------------------------------------------
Implementation
Entity type Small entities Revenue ($ in cost range ($ in Cost/revenue
(#) billions) millions) range (%)
----------------------------------------------------------------------------------------------------------------
Pharmacies................................ 19,044 282 0-0 NA
Vendors................................... NA NA NA NA
Clearinghouses............................ NA NA NA NA
Health plans.............................. NA NA NA NA
[[Page 78457]]
Programmers............................... NA NA NA NA
Physicians................................ 171,722 485 218-345 0.04-0.09
Dentists.................................. 125,329 126 149-299 0.12-0.24
Hospitals................................. 5,544 994 466-932 0.05-0.09
---------------------------------------------------------------------
Subtotal.............................. 321,639 1,887 833-1,666 0.04-0.09
----------------------------------------------------------------------------------------------------------------
3. Alternatives Considered
This rule proposes to adopt standards for ``health care
attachments,'' which support both health care claims, as required by
section 1173(a) of the Act, and prior authorization transactions, as
recommended to the Secretary by NCVHS. It is our understanding that the
standards recommended to the Secretary by NCVHS, and that we are
proposing to adopt in this rule, are the only standards applicable to
health care attachments that are ready for full implementation across
the industry. Therefore, we considered the following regulatory
alternatives: (1) not adopt standards for health care attachments,
allowing for the industry's continued use of multiple processes, (2)
wait to adopt standards for health care attachments until alternate
standards, such as FHIR standards, are ready for full implementation
and recommended to the Secretary by the industry, and (3) adopt a
different version of the X12 implementation specifications than Version
6020, the version proposed to adopt in this rule. We chose to proceed
with the proposals in this rule after identifying significant
shortcomings with each of these alternatives.
We chose to propose to adopt attachments standards rather than
allow for continued use of multiple standards because of the well-
documented costs and administrative burdens associated with the many
manual or partially electronic processes currently in use. These
burdens were recently detailed in the 2020 CAQH Index. In response to
CAQH surveys, industry stakeholders reported that the lack of federal
standards and mandates has been a principal barrier to adoption of
fully electronic standardized health care transactions.\30\ Based on
these survey responses, should we not adopt standards for health care
attachments, most attachment transactions and many prior authorization
transactions would continue to be conducted through fully manual
processes. Not adopting standards for attachment transactions would
also mean forgoing the opportunity to reduce the unnecessary back-and-
forth between providers and health plans, accelerate claims
adjudication and patient service approval timeframes, and reduce
provider resources spent on manual follow-up activities. To the extent
that future payer policies continue to trend toward increased levels of
prior authorization or health care attachments requirements, these
burdens could also increase.
---------------------------------------------------------------------------
\30\ Last accessed 5/28/2021 at: <a href="https://www.caqh.org/explorations/caqh-index-report">https://www.caqh.org/explorations/caqh-index-report</a>.
---------------------------------------------------------------------------
Similarly, we chose not to hold off on proposing the adoption of
attachment standards until alternate standards, such as FHIR standards,
are available and recommended by the industry because we believe that
adoption and implementation of the specifications in this proposed rule
can immediately reduce the costs and burdens associated with the lack
of national standards. While we are aware of HL7's efforts to create
alternative implementation specifications to support health care
attachments transactions, we note that at the time of writing this
proposed rule, these FHIR implementation specifications have not been
finalized nor have they been tested. We also note that the HL7 CDA
standard we are proposing to adopt in this proposed rule is the only
currently available SSO-created, NCVHS-recommended standard with
published implementation specifications designed to support both claims
and prior authorization attachment transactions. We believe that the
industry's readiness for improvements to the manual or partially
electronic process currently in place, as outlined the CAQH stakeholder
surveys and supported by NCVHS's recommendation to adopt the
specifications proposed in this rule, support proposing the adoption of
attachments standards at this time. However, we invite comment on our
understanding of the readiness of possible implementation
specifications for health care attachments that support both claim and
prior authorization transactions and whether the industry supports
postponement of an adopted standard as it did for the previously
mentioned proposed rule in the 2005 Federal Register (70 FR 55990),
titled ``HIPAA Administrative Simplification: Standards for Electronic
Health Care Claims Attachments; Proposed Rule.''
Finally, we chose to propose adoption of Version 6020 of the X12
implementation specifications, rather than an alternate version, such
as Version 5010, because Version 5010 does not fully support
attachments transactions. Version 6020 resolves technical issues and
limitations in Version 5010 to enable attachments transactions that
support both health care claims and prior authorization transactions.
We also invite comment on any alternative implementation specifications
that were not considered but meet the criteria outlined in this
proposed rule.
4. Conclusion
As referenced earlier in this section, we use a baseline threshold
of 3 to 5 percent of revenues to determine if a rule would have a
significant economic impact on affected small entities. The small
health care entities do not come close to this threshold. Therefore,
the Secretary has certified that this proposed rule would not have a
significant economic impact on a substantial number of small entities.
However, because of the relative uncertainty in the data, the lack of
consistent industry data, and our general assumptions, we invite public
comments on the analysis and request any additional data that would
help us determine more accurately the impact on all categories of
entities affected by the proposed rule.
In addition, section 1102(b) of the Act requires us to prepare a
Regulatory Impact Analysis if a rule would have a significant impact on
the operations of a substantial number of small rural hospitals. This
analysis must conform to the provisions of section 603 of the RFA. For
purposes of section 1102(b) of the Act, we define a small rural
hospital as a hospital that is located outside of a metropolitan
statistical area and has
[[Page 78458]]
fewer than 100 beds. This proposed rule would not have a significant
effect on the operations of a substantial number of small rural
hospitals because these entities would rely on contracted health
information technology (HIT) vendors for the majority of implementation
investment and efforts such hospitals elect to implement. We note that
health care providers may choose not to conduct transactions
electronically. Therefore, they would be required to use these
standards only for transactions that they conduct electronically and
would be expected to do so only when the benefits clearly outweigh the
costs involved. Therefore, the Secretary has certified that this
proposed rule would not have a significant impact on the operations of
a substantial number of small rural hospitals.
Section 202 of the Unfunded Mandates Reform Act of 1995 (UMRA) also
requires that agencies assess anticipated costs and benefits before
issuing any rule whose mandates would require spending more in any one
year than threshold amounts in 1995 dollars, updated annually for
inflation. In 2022, this threshold is approximately $165 million. This
proposed rule would impose mandates that would result in the
expenditure by state, local, and tribal governments, in the aggregate,
or by the private sector, of more than $165 million in any one year.
The impact analysis in this proposed rule addresses those impacts both
qualitatively and quantitatively. In general, each state Medicaid
Agency and other government entity that is considered a covered entity
would be required to ensure that its contracted claim processors update
software and conduct testing and training to implement the adoption of
the new standards and modified versions of a previously adopted
standard. However, we have no reason to believe that ongoing
contractual payment arrangements for these services would necessarily
increase as a result of the proposed changes. UMRA does not address the
total cost of a rule. Rather, it focuses on certain categories of cost,
mainly federal mandate costs resulting from imposing enforceable duties
on state, local, or tribal governments, or on the private sector; or
increasing the stringency of conditions in, or decreasing the funding
of, state, local, or tribal governments under entitlement programs.
Executive Order 13132 establishes certain requirements that an
agency must meet when it promulgates a proposed rule (and subsequent
final rule) that imposes substantial direct requirement costs on state
and local governments, preempts state law, or otherwise has federalism
implications. This proposed rule would have a substantial direct effect
on state or local governments, could preempt state law, or otherwise
have a federalism implication because state Medicaid agencies or their
contractors would be implementing new standards and a modified version
of an existing standard for which there would be expenses for
implementation and wide-scale testing.
D. Anticipated Effects
The objective of this regulatory impact analysis is to summarize
the costs and benefits of the following proposals:
<bullet> Adopting new standards for the exchange of health care
attachment information consisting of--
++ A code set to be used for health care attachments transactions;
++ Proposed X12 standards for requesting and transmitting
attachment information and HL7 standards for clinical information
content; and
++ Proposed electronic signatures standards.
<bullet> Modifying the existing standard for referral certification
and authorization by updating from Version 5010 to Version 6020.
This portion of the analysis is informed by a review of an earlier
environmental scan produced for us in 2016 by the MITRE Corporation,
industry testimony to the NCVHS, whitepapers from the Workgroup for
Electronic Data Interchange (WEDI), and survey results produced by
industry consensus-based organizations, and updated web-based research
on specific topics.
Consistent with statutory and regulatory requirements, any
recommendations for the adoption of HIPAA standard updates are the
outcome of an extensive consensus-driven process that is open to all
interested stakeholders. The standards development process involves
direct participatory input from representatives of the industry
stakeholders required to utilize the transactions.
For purposes of this analysis, we use the segmentation of health
care industry stakeholders laid out in the 2009 Modifications final
rule with some additional detail on vendors supporting the integration
of the administrative and clinical data. As discussed in this proposed
rule, providers and payers continue to use manual processing for health
care attachments, therefore, these stakeholders are relevant for
purposes of this RIA because there is no adopted health care
attachments standard. As noted in the 2017 WEDI white paper, most
payers send hard copy letters to request additional information to
support a claim or prior authorization submitted by the provider.\31\
These segments consist of the following:
---------------------------------------------------------------------------
\31\ Guidance on Implementation of Standard Electronic
Attachments for Healthcare Transactions November 2017 Workgroup for
Electronic Data Interchange. <a href="https://www.wedi.org/2017/11/17/guidance-on-implementation-of-standard-electronic-attachments-for-healthcare-transactions/">https://www.wedi.org/2017/11/17/guidance-on-implementation-of-standard-electronic-attachments-for-healthcare-transactions/</a>.
<bullet> Providers
++ Hospitals
++ Physicians
++ Dentists
++ Pharmacies
<bullet> Health Plans
++ Private Health Plans and Issuers
++ Government Health Plans: Medicare, Medicaid, and Veterans
Administration
<bullet> Clearinghouses
<bullet> Vendors
++ PMS Vendors
++ EHR Vendors
In analyzing the effects of this proposed rule, we referenced the
2019 and 2020 CAQH Index Reports issued on January 21, 2020 and
February 3, 2021, respectively.\32\ The 2020 CAQH Index \33\ tracks
adoption of HIPAA-mandated and other electronic administrative
transactions and measures progress reducing the costs and burden
associated with administrative transactions exchanged across the
medical and dental industries. The CAQH Index includes estimates of the
number of annual transactions by submission mode (phone, fax, mail, or
email), electronic (HIPAA standard) or partially electronic (web
portals or interactive voice response), as well as estimates of the
associated labor cost and staff time. The reported costs and savings
account only for the labor time required to conduct transactions, not
the time and cost associated with gathering information or costs
associated with the use of clearinghouses or third-party vendors.
---------------------------------------------------------------------------
\32\ <a href="https://www.caqh.org/sites/default/files/explorations/index/report/2019-caqh-index.pdf">https://www.caqh.org/sites/default/files/explorations/index/report/2019-caqh-index.pdf</a>.
\33\ <a href="https://www.caqh.org/explorations/caqh-index-report">https://www.caqh.org/explorations/caqh-index-report</a>.
---------------------------------------------------------------------------
For two types of transactions directly addressed by this proposed
rule, attachments, and prior authorization, the 2020 CAQH Index
estimates the annual industry national savings opportunity of full
automation adoption of these transactions at $377 million and $417
million, respectively. These savings would accrue to both health plan
payers and providers, with the vast majority of estimated savings
accruing to providers. With respect to the category of providers, the
report does not provide a breakdown of the type of providers that
contributed to the survey
[[Page 78459]]
results, but does distinguish between medical and dental providers, and
does acknowledge partnering with both physician and hospital member
organizations. Thus, we believe the medical provider savings reported
include hospital-related responses.
In contrast to the data on labor cost savings, we are not aware of
any reports or other industry estimates on the level of additional
investments needed to fully implement these electronic processes for
requesting and submitting attachment information, or the proportion of
such costs that might be passed on to provider or health plan firms. By
reviewing testimony submitted to the NCVHS and conducting web searches,
such as for plan, clearinghouse, and vendor electronic data interchange
(EDI) instructions and services, we understand some stakeholder
segments have already largely built or acquired the capacity to
implement these proposals (albeit possibly in inconsistent and
proprietary ways in the absence of federal standards and operating
rules). Similarly, based on NCVHS testimony, others (particularly
health care providers and their vendors) have partially implemented the
standards.\34\ Thus, we conclude that implementation and readiness to
fully implement the proposed standards vary among and within covered
entity industry segments.
---------------------------------------------------------------------------
\34\ NCVHS Letter to the Secretary of HHS on Recommendations for
the Electronic Health Care Attachment Standard, July 5, 2016,
<a href="https://ncvhs.hhs.gov/wp-content/uploads/2018/03/2016-Ltr-Attachments-July-1-Final-Chair-CLEAN-for-Submission-Publication.pdf">https://ncvhs.hhs.gov/wp-content/uploads/2018/03/2016-Ltr-Attachments-July-1-Final-Chair-CLEAN-for-Submission-Publication.pdf</a>.
---------------------------------------------------------------------------
We also believe it is likely that firms directly involved in
deploying additional capacity, in particular in upgrading PMS or EHR
functionality, would not voluntarily share proprietary and competitive,
market-sensitive data on the level of additional investment needed or
on the effects on customer fees. Therefore, as further explained in the
discussion of cost calculations, we estimate the incremental costs
involved not through projected cost build-up, but rather as a function
of the level of impact of implementing the previous HIPAA-standard
modifications. We seek comment on this approach and on the
appropriateness of the aggregate level estimates; data reflecting
estimated changes to firm-specific costs and customer-specific fees
would preferably be presented in a manner that facilitates aggregation.
We do not have good information on the extent of adoption of the
proposed electronic standards for attachment information among industry
stakeholders because HHS has not adopted an electronic transaction
standard for health care attachments. However, we believe there is good
reason to expect the proposed regulatory requirements, combined with
the administrative cost savings opportunities identified by CAQH, would
incentivize broad adoption of these attachment standards and lead to a
significant uptake of the prior authorization standard. The remainder
of this section provides details supporting the cost-benefit analysis
for our proposals.
1. Affected Entities
As with previous standard updates, all HIPAA covered entities would
be affected by this proposed rule. Covered entities include all health
plans, all health care clearinghouses, and health care providers that
transmit health information in electronic form in connection with a
transaction for which the Secretary has adopted a standard. Therefore,
they would be required to use these standards only for transactions
that they conduct electronically. See the Transactions and Code Sets
rule for a discussion of affected entities (65 FR 50361).
In general, covered entities (or their vendors) would incur a
number of one-time costs to implement the new and modified transactions
in this proposed rule unless they have already implemented an adopted
HIPAA standard, such as for prior authorization transactions. These
costs would include analysis of business flow changes, software
procurement or customized software development, integration of new
software into existing provider/vendor systems, staff training, and
collection of new data, testing, and transition processes. For some
entities, new vendors may be needed for the creation and validation of
the clinical documentation to be embedded in the attachment
transactions. Systems implementation costs would account for most of
the costs, with system testing alone likely accounting for a majority
of costs for all covered entities. Ongoing operational costs would be
expected to initially grow, as the implementation of electronic
processes run in parallel with ongoing manual and partially automated
processes, but to decline as higher proportions of transactions are
automated. These HIT-related costs would be offset by significant
reductions in labor costs for what are today largely manual processes
to locate, collect, package, and mail clinical records needed to
support requests for additional documentation to support claims and
prior authorization requests. Other offsetting cost savings are
expected from lower postage and other mailing costs, reductions in
reprocessing volume due to higher clean claim acceptance rates, and
delay in receiving payment.<SUP>35 36</SUP>
---------------------------------------------------------------------------
\35\ NCVHS Letter to the Secretary of HHS on Recommendations for
the Electronic Health Care Attachment Standard, July 5, 2016,
<a href="https://ncvhs.hhs.gov/wp-content/uploads/2018/03/2016-Ltr-Attachments-July-1-Final-Chair-CLEAN-for-Submission-Publication.pdf">https://ncvhs.hhs.gov/wp-content/uploads/2018/03/2016-Ltr-Attachments-July-1-Final-Chair-CLEAN-for-Submission-Publication.pdf</a>.
\36\ In a regulatory impact analysis that, in accordance with
OMB Circular A-4, takes a society-wide perspective, changes in
timing of payments represent a transfer, rather than a net societal
cost savings.
---------------------------------------------------------------------------
It is likely that there are significant differences in readiness
among payer and provider claims and prior authorization HIT systems,
and we do not know the extent of incremental costs associated with HIT
development, enablement (upgrade or licensing fees paid by users), or
workflow adjustment and training to facilitate compliance with the
standards proposed in this rule. So, though we are aware that the net
benefits would likely vary among stakeholders, we lack the data to
estimate these differential effects. An important consideration
reflected in various industry testimonies submitted to the NCVHS is
that some stakeholders, particularly smaller providers, would continue
to have the option to leverage existing clearinghouses to provide these
information exchange services based on negotiated rates. This is a
standard practice today, where clearinghouses already manage 90 percent
of the conversion of paper-to-electronic formats, as well as
reformatting of non-compliant to compliant electronic claim
transactions for the industry. Given the high costs of manual and
partially electronic means for exchanging required information, we
believe the impact of this rule would be significant net savings to the
industry. However, the level and timing of uptake (as opposed to the
retention of manual processes and clearinghouse intermediation) by
provider entities are uncertain. We reflect this uncertainty with both
the phasing in of and the estimation of minimum and maximums for costs
and benefits. We solicit comments on this approach and our assumptions
throughout this analysis.
2. Explanation of Cost Calculations
Based on consultation with industry workgroups, such as WEDI, we
determined that the health care attachment standards in this proposed
rule are already in common use by entities engaged in other lines of
business, such as the workers' compensation and liability insurance
[[Page 78460]]
fields, that exchange medical records. Thus, there is clear evidence
that the standards are fit for their intended purpose and have been
successfully implemented in closely related business processes.
Although the attachments standards we are proposing to adopt are
initial standards, as described in section 1175 of the Act, health
plans surveyed by CAQH in 2020 reported electronic transaction
submission levels of 22 percent for attachments and 21 percent for
prior authorizations. Therefore, while the specification for
attachments requests by the health plan (X12 277) and the subsequent
response from the provider (X12 276) have not previously been adopted
under HIPAA Administrative Simplification, some payer and provider
systems are already exchanging HIPAA electronic prior authorization
transactions using the adopted standards. Moreover, the HL-7 C-CDA has
been widely adopted pursuant to the ONC 2014 and 2015 Editions of
Health Information Technology Certification Criteria specifying content
exchange standards and implementation specifications for exchanging
electronic health information. According to the latest available posted
data, as of 2017, nearly 4 in 5 (80 percent) office-based physicians
had adopted a certified EHR.\37\
---------------------------------------------------------------------------
\37\ ONC Health IT Dashboard. Office-based Physician Electronic
Health Record Adoption: <a href="https://dashboard.healthit.gov/quickstats/pages/physician-ehr-adoption-trends.php">https://dashboard.healthit.gov/quickstats/pages/physician-ehr-adoption-trends.php</a>.
---------------------------------------------------------------------------
Similarly, while the standards we are proposing to adopt for
electronic signatures are also initial standards, we believe they have
already been widely implemented by the industry. For example, in 2010
the Drug Enforcement Agency (DEA) finalized a rule requiring similar
standards for electronic prescribing of controlled substances.\38\ The
proposed electronic signature standard utilizes the same technology to
expand electronic signature capabilities to all clinical documentation,
rather than just electronic prescriptions. Therefore, we believe the
implementation of the proposed electronic signature standard would not
represent a significant incremental cost to providers.
---------------------------------------------------------------------------
\38\ Electronic Prescribing of Controlled Substances. Drug
Enforcement Administration, Department of Justice, Office of
Diversion Control website. <a href="http://www.deadiversion.usdoj.gov/ecomm/e_rx/">http://www.deadiversion.usdoj.gov/ecomm/e_rx/</a>.
---------------------------------------------------------------------------
Given much of the industry has already implemented some or all of
the implementation specifications we are proposing to adopt in this
proposed rule, or versions of the implementation specifications we are
proposing to adopt in this proposed rule, we believe the level of
effort involved in implementing the entire set of proposed
implementation specifications herein is more akin to implementing
standards modifications than to implementing transactions standards for
the first time. Therefore, we anchor our cost estimates on the final
cost estimates, updated for inflation,\39\ in the Modifications final
rule, and then make certain adjustments to address unique aspects of
certain industry segments. While the systems required for implementing
the specifications proposed for adoption in this proposed rule have
been continuously updated since the publication of the Modifications
final rule, the technologies within the proposed implementation
specifications in this proposed rule are of the same type as those
considered in the Modification rule and will be integrated into systems
that continue to utilize the similar business models.
---------------------------------------------------------------------------
\39\ Cost estimate ranges from the January 2009 Modifications
final rule were adjusted for inflation using the Bureau of Labor
Statistics Consumer Price Index Inflation Calculator, to reflect
amounts for January 2020 and round up to the nearest whole number to
match benefits estimates from the CAQH 2020 Index. <a href="https://www.bls.gov/data/inflation_calculator.htm">https://www.bls.gov/data/inflation_calculator.htm</a>.
---------------------------------------------------------------------------
The cost estimates in the Modifications final rule were based on an
estimate of the total costs to implement the initial HIPAA transaction
standards (Version 4010/4010A) and informed by industry interviews.\40\
To determine the costs for each provider sub-segment (that is,
hospitals, physicians, and dentists), we established an estimate for
what the total approximate Version 4010/4010A costs were for an
individual entity within that sub-segment (based on the interviews and
other data available through research) and then applied an estimated
range of 20 to 40 percent of those costs to come up with estimated
minimum and maximum costs for Version 5010. The range was accepted as a
realistic proxy by all providers and plans who participated in the
interviews. Through the course of the interviews, we identified more
granular cost categories and reviewed these with the participants to
help analyze and validate overall cost estimates by entity. The
estimated cost for each individual entity within a segment was then
multiplied by the number of entities to establish the estimated costs
for entire segment.
---------------------------------------------------------------------------
\40\ Version 5010 Regulatory Impact Analysis--Supplement.
September 2008. <a href="https://www.cms.gov/files/document/5010regulatoryimpactanalysissupplementpdf">https://www.cms.gov/files/document/5010regulatoryimpactanalysissupplementpdf</a>.
---------------------------------------------------------------------------
With respect to the level and timing of the uptake of these
standards, we assume that some portion of providers and their vendors
may take longer to move from manual to fully automated transactions.
For purposes of this analysis, we generally estimate that most
stakeholders would incur costs over a 4-year period at the rate of 50
percent in the first implementation year, 30 percent in the second
implementation year, and 10 percent each in the third and fourth years.
We note that, although many comments to the Modifications rule
suggested we underestimated the costs, no substantive data or
additional information was provided to counter our analysis at that
time. We're not aware of more recent public research relating to costs
of implementing modifications to HIPAA transaction standards. We invite
public comments on our understanding and request any additional data
that would help us determine more accurately the costs of implementing
modifications to HIPAA transaction standards.
3. Explanation of Benefits Calculations
To determine the benefits for each segment of the industry, we
primarily relied upon the 2020 CAQH Index. Based on survey responses,
CAQH estimates that spending on labor time conducting attachment
transactions accounts for about $590 million of spending on
administrative transactions across the medical industry, with health
care providers incurring about 88 percent of this spending at an
average cost of $5.10 for each manually processed attachment. In moving
from manual to electronic attachments transactions, CAQH estimates the
health care industry could save $4.09 on average per transaction and an
additional $377 million annually. These estimated savings would be
split between health care providers ($328 million) and health plans
($49 million) and would be generated by the avoidance of 8 minutes in
administrative labor time per attachment on average, as medical
providers reported taking an average of 11 minutes to submit an
attachment manually versus 3 minutes electronically. Comparable data on
spending and savings opportunities on attachment transactions for
dental providers were not available, although the survey reports that
only 16 percent of dental attachment transactions in 2020 were fully
electronic.
The 2019 CAQH Index reported that the use of the electronic
standard for prior authorizations has remained very low due to barriers
such as provider
[[Page 78461]]
awareness, vendor support, and inconsistent use of data content allowed
in the standard, and the lack of an attachment standard to support the
exchange of medical documentation. The 2020 CAQH Index reports that
fully electronic prior authorization continues to have the lowest
adoption rate of the medical transactions surveyed, although
utilization between 2019 and 2020 increased by 8 percentage points to
21 percent. Since this rule proposes to adopt federal attachment
standards, including those to address data content, we believe the
proposed changes in this rule would substantially address these
barriers and promote widespread adoption of electronic prior
authorization processes. As described in section I.F. of this proposed
rule, numerous organizations representing physician provider groups,
insurance payers, health technology vendors, health care financial
managers, and HIT standard advisory bodies have submitted
recommendations to the Secretary strongly supporting this view.
CAQH reports that prior authorization is the most costly and time-
consuming administrative transaction for providers, and administrative
spending increased to $767 million as the cost to conduct prior
authorizations rose for both plans and providers from the previous
year. Based on survey responses, the 2020 CAQH Index estimates that, on
average, providers spent about 20 minutes and $10.26 per transaction to
conduct a prior authorization manually, and about 13 minutes and $7.07
via a partially electronic web portal in 2020. These costs compare with
an average cost of $3.64 per fully electronic transaction. CAQH
estimates that, based on 2020 survey data, switching to fully
electronic transactions could yield an additional $417 million in
annual administrative cost savings. Those savings would be split
between health care providers ($322 million or 77 percent) and health
plans ($95 million or 23 percent). Comparable data were not reported on
prior authorization transactions for dental providers, suggesting this
transaction is not generally utilized by this segment.
We utilize the CAQH national annual savings estimates as the basis
for our benefits estimates. The CAQH national annual savings estimates
are calculated based on potential savings moving from the reported
state of 21 percent electronic processing for prior authorization
transactions and 22 percent electronic processing for attachments to
fully electronic processing. The total potential industry cost savings
opportunity is an amount that declines as industry adoption increases.
Although there was an apparent increase in electronic processing of
prior authorization and health care attachments transactions from 2019
to 2020, we do not trend the benefits estimates forward because
previously reported estimates of electronic processing adoption have
tended to remain stable over a longer period of time. The CAQH
estimation methodology only includes labor time savings, which it
assesses to be the most significant component of savings, by far. We do
not include estimates of other sources of savings, such as through
elimination of mailing costs, so our benefit estimates may have a
tendency toward understating actual industry savings.\41\ Because we
believe that some portion of providers and their vendors may take
longer to move from manual to fully automated transactions, we also
assume a phased-in realization of the level of annual benefits
projected by CAQH. For purposes of this analysis, we generally estimate
that most stakeholders would realize the benefits in labor savings over
a 3-year period at the rate of 50 percent in the first operational
year, 75 percent in the second operational year, and 100 percent in and
after the third year after the compliance date.
---------------------------------------------------------------------------
\41\ On the other hand, CAQH developed estimates from the
experience of entities that voluntarily automated, and extrapolation
from such voluntary experience to the regulatory context may
generate a tendency toward overestimation of savings, on a per-unit
basis and/or in the aggregate. We welcome comments that would
facilitate refinement of estimates.
---------------------------------------------------------------------------
4. Hospitals
As previously discussed, to determine the costs for each health
care provider sub-segment, we started with the minimum and maximum cost
estimates in the Modifications final rule for each type of entity. For
hospitals, those estimates were within a range of $1,423 million to
$2,848 million, adjusted for inflation (74 FR 3316). We further assume
that these costs would be incurred by hospital HIT developers, which
would both absorb some portion of the costs as a cost of doing business
incorporated in the current level of HIT service and maintenance
agreements and also pass some portion of the costs on to the hospital
in the form of higher fees for enabling new functionality. This seems
reasonable given our understanding that HIT vendors generally plan on,
and finance, a certain level of ongoing system development through
ongoing maintenance agreements, typically with annual increases, but
also must keep these at a level that remains competitive in their niche
market.\42\ In other words, not all possible systems upgrades would be
factored into current fees. We do not have any information on how this
allocation would be made and expect there would be many variations in
practice, but for purposes of this analysis, we assume a 60/40 split
between costs borne by the vendor and costs passed on to the hospital.
As summarized in Table 4, this results in the hospital share of costs
in the range of $569 million to $1,139 million, with the remainder in
the range of $854 million to $1,709 million borne by hospital HIT
vendors.
---------------------------------------------------------------------------
\42\ The true cost of switching EHRs. May 30, 2018. Mary Pratt.
Medical Economics Journal, June 10, 2018 edition, Volume 96, Issue
10. <a href="https://www.medicaleconomics.com/view/true-cost-switching-ehrs">https://www.medicaleconomics.com/view/true-cost-switching-ehrs</a>.
Table 4--Attachments Costs Borne by Providers Versus Vendors
[$ in millions]
----------------------------------------------------------------------------------------------------------------
Proposed rule Provider share Vendor share
Entity type cost range (40%) (60%)
----------------------------------------------------------------------------------------------------------------
Physicians............................................. 665-1,329 266-532 399-797
Dentists............................................... 456-913 182-365 274-548
Hospitals.............................................. 1,423-2,848 569-1,139 854-1,709
--------------------------------------------------------
Subtotals.......................................... 2,544-5,090 1,017-2,036 1,527-3,054
----------------------------------------------------------------------------------------------------------------
[[Page 78462]]
To determine the benefits for hospitals, we refer to the estimates
of savings for medical providers reported by CAQH, and assume that
hospitals would achieve 20 percent of these savings. We assume a rough
80/20 split between physicians and hospitals because we believe the
vast majority of transactions needed to support claims and prior
authorizations would come from clinician practices since plans and
hospitals generally have other processes for utilization management of
more expensive inpatient admissions and outpatient procedures. CAQH
estimated the total annual savings opportunity for medical providers
for fully automating attachments and prior authorization transactions
to be $328 million and $322 million, respectively. So, we estimate the
hospital share to be 20 percent of $650 million or $130 million. To
reflect the uncertainty around the ultimate level of uptake of these
standards, we estimate a range of 25 percent below this point estimate
between $98 million to $130 million in annual savings, as summarized in
Table 5.
Table 5--Attachments Benefits by Entity
[$ in millions]
------------------------------------------------------------------------
Estimated
annual
Entity type savings
range
(25%)
------------------------------------------------------------------------
Pharmacies................................................. 0-0
Vendors.................................................... 0-0
Clearinghouses............................................. 0-0
Private Health Plans....................................... 108-144
Government Health Plans.................................... 179-238
Physicians................................................. 390-520
Dentists................................................... 86-115
Hospitals.................................................. 98-130
------------
Total.................................................... 860-1,147
------------------------------------------------------------------------
With respect to timing of costs and benefits, we assume hospitals
would have both the capital and business interest to move promptly to
achieve the return on investment; would incur all costs during the 2-
year implementation period; and would realize the full level of annual
savings in and after the first operational year following the proposed
compliance date, as summarized in Tables 8 and 9.
5. Physicians
We followed a similar methodology for estimating physician costs
and benefits. For physicians, the Modifications final rule cost
estimates were within a range of $665 million to $1,329 million,
adjusted for inflation (74 FR 3317). We assume a comparable level of
effort to implement the proposed attachments standards. We further
assume that these costs would be incurred by physician practice PMS and
EHR vendors, who would both absorb some portion of the costs as a cost
of doing business incorporated in the current level of HIT service and
maintenance agreements and also pass some portion of the costs on to
the practices in the form of higher fees for enabling new
functionality. We again assume a 60/40 split between costs borne by the
vendor and costs passed on to the customer. As summarized in Table 4,
this results in a physician share of costs in the range of $266 million
to $532 million, with the remainder in the range of $399 million to
$797 million to be borne by physician PMS and EHR vendors. We further
assume that some physician entities and their vendors may take more
time to implement the standards while continuing to use manual
processes in the meantime. Therefore, we estimate physician costs would
be incurred over a 4-year period at the rate of 50 percent in the first
implementation year, 30 percent in the second implementation year, and
10 percent each in the third and fourth years, as summarized in Table
8.
To determine the benefits for physicians, we again referred to the
estimates of savings for medical providers reported by CAQH and
calculated the remaining 80 percent of these savings. CAQH estimated
the total annual savings opportunity for medical providers for fully
automating attachments and prior authorization transactions to be $328
million and $322 million, respectively, or $650 million in total. So,
we estimate the physician share to be 80 percent of $650 million, or
$520 million. To reflect the uncertainty around the ultimate level of
uptake of these standards, we estimate a range of 25 percent below this
point estimate, or between $390 million to $520 million in annual
savings, as summarized in Table 5. We further estimate that these
benefits in labor savings would phase in over a 3-year period at the
rate of 50 percent in the first operational year, 75 percent in the
second operational year, and 100 percent in and after the third year
after the compliance date, as summarized in Table 9.
6. Dentists
For dentists, we follow the same methodology for costs as we do for
physicians. The Modifications final rule cost estimates for dentists
were within a range of $456 million to $913 million, adjusted for
inflation (74 FR 3317). We assume a comparable level of effort to
implement the proposed attachments standards. We further assume that
these costs would be incurred by dental practice PMS and EHR vendors,
who would both absorb some portion of the costs as a cost of doing
business incorporated in the current level of HIT service and
maintenance agreements and also pass some portion of the costs on to
the dental practices in the form of higher fees for enabling new
functionality. We again assume a 60/40 split between costs borne by the
vendor and costs passed on the customer. As summarized in Table 4, this
results in the dentist share of costs in the range of $182 million to
$365 million, with the remainder in the range of $274 million to $548
million borne by dental practice PMS and EHR vendors. As with
physicians, we further assume that some dental practices and their
vendors may take more time to implement the standards, while continuing
to use manual processes in the meantime. Therefore, we estimate
dentists' costs would be incurred over a 4-year period at the rate of
50 percent in the first implementation year, 30 percent in the second
implementation year, and 10 percent each in the third and fourth years,
as summarized in Table 8.
Given that the 2020 CAQH Index did not report on the potential
savings opportunity for dental providers for full automation of
attachments transactions, we take a different approach to benefits
estimation. Comments included in testimony submitted to the NCVHS in
2016 on the Attachment Standard \43\ (2016 NCVHS Hearing) indicated
that dentists supported the proposal to make the X12N 275 transaction
the standard vehicle for transporting attachment content to dental
claims, but made no mention of the prior authorization transaction.
These comments also indicated that many dental PMS vendor technologies
may lack the capability to generate HL7 documents, requiring dentists
to either upgrade existing systems or find alternative methods, such as
using a clearinghouse or payer portals. Thus, we conclude that some
dentists and their PMS vendors would incur costs associated with
submitting attachment information to support claims, and others may
maintain current manual or clearinghouse-mediated processes. Therefore,
we assume that the savings opportunity for full automation of claims
attachments for
[[Page 78463]]
dentists would be a portion of the savings opportunity for medical
providers. Since the total number of dental entities (125,329) is about
70 percent of the number of other provider entities (177,266, or 5,544
hospital establishments and 171,722 physician firms), we estimate their
savings opportunity would be no greater than 70 percent of the annual
$328 million medical provider savings opportunity for attachments
estimated by CAQH. In addition, we assume that, given the relatively
smaller size of dental practices, a greater proportion of dentists than
physicians may choose to retain manual processes. So, as summarized in
Table 5, we estimate that the annual dentist savings opportunity is 50
percent of 70 percent of the medical provider opportunity, or $115
million (328 x 0.70 x 0.50). To reflect the uncertainty around the
ultimate level of uptake of these standards, we estimate a range of 25
percent below this point estimate, or between $86 million to $115
million in annual savings. As with the physician estimates, we further
estimate that these benefits in labor savings would phase in over a 3-
year period at the rate of 50 percent in the first operational year, 75
percent in the second operational year, and 100 percent in and after
the third year after the compliance date, as summarized in Table 9.
---------------------------------------------------------------------------
\43\ NCVHS Subcommittee on Standards. Agenda of the February 16,
2016 NCVHS Subcommittee on Standards Hearing <a href="https://ncvhs.hhs.gov/meetings/agenda-of-the-february-16-2016-ncvhs-subcommittee-on-standards-hearing/">https://ncvhs.hhs.gov/meetings/agenda-of-the-february-16-2016-ncvhs-subcommittee-on-standards-hearing/</a>.
---------------------------------------------------------------------------
7. PMS and EHR Vendors
In testimony to the 2016 NCVHS Hearing, WEDI noted that the
functionality that would be new to providers in implementing the
attachment standards would consist of automating EHR systems to
exchange data with the PMS and digital signatures. Consistent with this
assessment, the 2016 MITRE environmental scan found that many EHR
vendors had the capability of sending X12N 275 and X12N 278 EDI
transactions, but that substantial work remained to routinely and
reliably extract structured clinical data for C-CDA attachments. Since
that time there has been both growth and consolidation in these
industry segments. A health care provider entity's PMS and EHR systems
may be bundled in one product offering, semi-integrated affiliated
systems, or entirely independent systems offered by separate
vendors.\44\ So, readiness would vary widely for provider entities
based on their HIT contractors.
---------------------------------------------------------------------------
\44\ The true cost of switching EHRs. May 30, 2018. Mary Pratt.
Medical Economics Journal, June 10, 2018 edition, Volume 96, Issue
[…truncated; see source link]Indexed from Federal Register on December 21, 2022.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.