Megan Crosson, national director of the claims audit practices for PricewaterhouseCoopers, said the trend on the medical side has been to focus on reducing the administrative component. That's been difficult to achieve because each insurer requires its own version of what are usually similar forms. Insurers sometimes ask for different information, and that generally leads down the path of confusion. HIPAA came up with standardized transaction sets, after which providers breathed a sigh of relief, even if it meant more work for the carriers they did business with.

Standardizing health claims had been tried before, but never with much success. HIPAA, though, had something other attempts did not: the stamp of the federal government. The fear that Congress or the Department of Health and Human Services would be the ones to define standards and mandate forms was enough to make everyone in the healthcare field a little nervous.

All Roads Lead to EDI

Estimates of EDI's current impact on the claims process vary. Crosson said somewhere between 25 and 50 percent of today's claims are being filed electronically, even higher when prescriptions are factored in.
Making it work using the current software hasn't been easy. Crosson believes that in health insurance the words "software" and "customization" go together like "prescription" and "drugs."

"Most software-if it's not homegrown-is home customized," Crosson said. "The vendors might not even recognize it as their own."

Greg Walton, chairman of the Healthcare Information and Management Systems Society, said the claims process is extraordinarily complex; implementation of the HIPAA regulations has "stirred the pot," for both payers and providers. "A lot of companies are scrambling to get their boats built so they can float when the deadline arrives," Walton said.

He likens the HIPAA deadlines to those of Y2K, in which some companies made the grade with no sweat while others struggled. Walton estimates that only half the health insurers in the country are prepared for the HIPAA deadline. Most will use EDI to meet compliance. But what's the cheaper alternative?

According to Walton, nothing in the insurance industry is as complex as health coverage. "There are tremendous variances in practices," he said. "Medicine is the sum of science and art." Making it understandable for payers, providers, and users is difficult. There have been attempts in the past, but they have failed. "HIPAA is the fourth or fifth wave of changes in my 30 years in the industry," he said. "A lot of people are looking over their shoulders."

There have been several failed attempts to bring some standardization to the claims process in health insurance, but most observers believe that HIPAA will be successful. The Bush administration made it clear that HIPAA issues such as patient privacy will be strictly supervised. The clock is ticking toward October 2002, but unlike the late, great Y2K deadline, the world won't come to an end if your system is not completely HIPAA compliant.

What We Have Here Is a Failure to Communicate

There are two sides to doing EDI effectively. Carriers and providers need to work together.

While the health insurance world may be running to EDI to solve its claims problems, there's at least one voice in the wilderness that wonders if the payers and providers of the healthcare world are pulling the EDI wagon or being dragged along.

Ray Kobs, CEO of Data Method, (www.datamethod.com) developers of claims processing software, compares the health insurance field to automobile manufacturing: "EDI is like the trucks that delivers the mufflers to the car builder," he said. "They stack up all the mufflers for you, but there is more to the car than a muffler. EDI is a better truck to deliver the mufflers, but I've never seen it as a panacea."

Communication is the biggest problem between the payers and the providers. "This is a marriage, but the two sides don't talk," Kobs said. "Some people are figuring out how to manage the relationship. When they do, everybody will win." He said there are important questions both sides let go unanswered: "Why are there so many [duplicate forms]? Why are my claims being turned down?" Kobs said he's baffled by the absence of better communication.

One of the reasons that the communication issues have not been settled, according to Kobs, is because insurance is not an adventuresome industry. "Carriers are not going to go out and purchase a new claims system. They have to move slowly."

Carriers are doing their best to solve their claims problems. "I think there is good underwriting being done on the health side," Kobs said. But health insurance is different than property and casualty coverage. "The insurable risks are not growing on the P&C side like they are on the health side. New treatments are being discovered all the time. Does the P&C side face all of this? I'm going to take a stab and say no."

Establishing standards for health insurance is as important as it is for other lines, given the number of claims they have to deal with. "A small plan will still get 5,000 a week going through the claims process," Kobs said. Prioritizing those relationships is an important step. "Whom do I have a relationship with?" he asked. The answer to that question can make the entire process run likes it's on some new wonder drug.

Take Three

We talked to three companies that are doing EDI for the healthcare industry. Not surprisingly, they have different views on what's driving the changes, what obstacles are in the way, and who-carriers or providers-will lead the charge.

NDC Health: The Race Is On
www.ndchealth.com

According to Tom Johnson, senior director of product management for NDC Health, the standardization issue has been going strong for a decade. HIPAA didn't change things as much as speeded them up. "I think the government is going to be tough with this," he said. "It isn't going to let the momentum stop. There are proposals out there to delay or stop it, but [Health and Human Services Secretary] Tommy Thompson is a real force behind this."

As Johnson put it, it's a tossup as to who is in the lead in the race to compliance; he meets with both sides regularly. "The providers are buying upgrades to get the job done," he said. "The payers have more internal work with their systems that needs to be done."

Many providers have turned to compliance officers to get their systems in shape. "This is a much larger ordeal for them (than Y2K compliance)," according to Johnson. "But that was good practice for them."

HIPAA will be able to bring both sides together to establish standards for their data fields, he believes. "That's been our job (as an EDI provider), to understand their data elements. That's the job we play in this," Johnson said.

An agreement on standards between payers and providers is important and Johnson believes it is forthcoming. As he put it, "It's to both sides' advantage."

SSI Group: It's About Security and Standards
www.ssigroup.com

SSI Group is one of the major EDI firms in health insurance. Debbie Short, the company's the company's vice president of client services, said that many of the companies SSI works with are "poised and ready" for the first HIPAA deadline. She said there are some small HMOs still using paper, but most payers are using some type of electronic form.

While working with legacy systems, Short said, payers have to get new data fields in place to collect the claims data. "Content is the thing everyone needs to get over," she said. While security and privacy issues will be addressed by HIPAA after the administrative function deadline is passed, security is an integral part of claims.

She said that content on the claims forms is what makes health insurance unique. "The interpretation of what goes in the data fields is important. Not everything in the electronic standard is in the paper standard."
Short doesn't believe either side in the payer-provider relationship is ahead of the other in terms of compliance, but, like others, she is amazed that the government didn't include all aspects of the transaction process at one time. "How can you talk about transactions when you don't have the security issues in place," she said. The popular view, though, is that the standards must come first. "Most people believe things will fall in place then," Short said. "Binding them all together (administration, security, and privacy) would slow the whole process."

WebMD: HIPAA Means Handling More Robust Data
www.webmd.com

WebMD also provides EDI connections between payers and providers. Steve Simpson, vice president of sales and product management, describes his company's service as a clearinghouse. (WebMD purchased EDI firm Envoy a year ago.) Simpson said that the HIPAA regulations will make the data being exchanged "more robust," and both sides have to give and receive more data in order to fill the data fields.

Older legacy systems have been one of the problems that insurance carriers have had to deal with in accepting claims files. Many of those systems weren't designed with today's more-extensive data in mind. "They are going to have to take much larger data fields, so they will need some type of translator in front of the legacy system," Simpson said.

The key for companies to become HIPAA compliant, according to Simpson, will be finding an EDI that will receive non-compliant data, translate it, and then submit it. He believes the insurance side is ahead of the provider side in terms of reaching the compliance level. "There are some different issues for the provider that have to be solved, such as security and privacy," Simpson said. "The providers are going to have to formulate an audit trail to see who has been in and out of the data."

Insurers, on the other hand, should already be ready to handle such issues. "Most have practice management systems that can accommodate the privacy and security issues," Simpson said. -RRH

Wave After Wave

The Federal Department of Health and Human Services (HHS) is implementing HIPAA in several stages or, as the department calls them, "waves."

The first wave, which covers transaction and code sets, gives health care providers-and thus the insurance companies that work with them-until Wednesday, October 16, 2002 to comply. (That also happens to be National Boss Day.) The second set of standards covers privacy; it gives providers and carriers until Wednesday, February 26, 2003 to meet them.

After that, HHS plans on seven more waves of HIPAA regulations, each with a two-year compliance deadline attached. Oh, joy.