Like sand through an hourglass, time is trickling down to the HIPAA 5010 deadline. CMS recently granted the industry a grace period for transitioning to HIPAA 5010, but those grains of sand are dwindling ever faster, and there’s no time to lose for payers and providers still working toward compliance.
Even with the “enforcement-free” period, payers and providers who miss the original January 1, 2012 deadline aren’t off the hook. CMS plans to continue holding them responsible and will require them to provide evidence of their good-faith efforts to meet the federal mandate during the 90-day window.
This isn’t our first time running up against a HIPAA deadline. During the transition to HIPAA 4010, we saw many organizations develop contingency plans to operate beyond the deadline without achieving compliance. Unfortunately, many are still operating from contingency plans more than six years later. No deadlines were enforced back then, and as we approach the HIPAA 5010 deadline, CMS is working to counter the same attitude — as well as the same problem.
The big picture here is that HIPAA is crucial to administrative simplification, and continuing to accept long-running contingency plans as the status quo defeats the whole purpose and eliminates the value. The 90-day grace period for HIPAA 5010 shouldn’t be viewed as the latest example of an “always-provide-a-contingency-plan” mindset. Rather, with this extension, CMS has signaled it is in tune with the industry (more so now than with HIPAA 4010) and understands its current state of readiness to comply. As such, all of us should understand that CMS expects full HIPAA 5010 compliance by March 2012.
All of this implies that there’s a lot to accomplish in a short period of time for many payers and providers. Given the unimpressive number of HIPAA 5010 submitters, the meager volume of transactions currently taking place, and other testing data that reflects the industry’s underwhelming efforts to date, it will be an uphill climb for some organizations. Many are still waiting on software upgrades — stuck in limbo and unable to progress toward the finish line. Whatever the holdup, compliance will require full cooperation between trading partners. Both internally and externally, it’s now an all-hands-on-deck effort to accomplish this task on time.
The following tips should help your organization make the most of the time that’s left:
1. Expand Your Use of Automation
Organizations that haven’t started internal testing should consider how best to automate both internal and external testing processes. By doing so, they will ensure consistent coverage across both types of testing and complete them in a shorter time span. Keep in mind, not every scenario can be tested, even with automation. Given time constraints, it’s vitally important to triage scenarios and prioritize those that will cause the greatest pain if not done correctly in production.
2. Conduct Concurrent Internal and External Testing
In an ideal world, it would be nice to complete internal testing prior to going outside the organization, but given time constraints, it’s no longer practical. Payers and providers should work together to allow internal and external testing to happen at the same time. The key to success is ongoing communication among teams during concurrent testing. Organizations will need to understand the root cause of each failure and identify whether the point of failure was due to internal or external issues.
3. Prioritize External Testing Based on Complexity
External testing is critical, but it can also be labor-intensive if you haven’t laid the right groundwork with internal testing. If you don’t have the luxury of completing internal testing before starting testing with trading partners, it’s a good idea to start with those who have simpler edits and easier issue resolution processes. That way, you can level-load your resources. While you’re still ironing out internal kinks, you can conduct external testing without overburdening your staff. If possible, wait to begin testing more complex trading partner relationships only once the majority of internal testing is complete. As time goes on, testing should become more of a “lather, rinse, repeat” model, rather than time-consuming efforts to troubleshoot and research appropriate issue resolution.
4. Establish a Business Readiness Plan and Triage Team
Very few healthcare organizations have unlimited time and resources available for HIPAA 5010 testing. Given those constraints, it’s reasonable to assume some issues will crop up in production, and organizations need to be prepared to handle them. Payers and providers should dedicate resources to handle these issues and have resolution processes in place prior to going live with 5010. The pain of mapping out the process after a problem rears its ugly head is immense, so take the time to figure it out beforehand. Part of the plan should also include a vendor warranty and support for a set period, so production problems aren’t treated with fast fixes that won’t resolve the underlying issue. Otherwise, the problems never go away, and they always cause more ongoing work for office staff.
5. Start Testing – Even if Things Aren’t Perfect
Testing is often an iterative process. That means even getting started in one area can yield benefits. For example, if a provider is still waiting for its practice management vendor to update their software, it could work with trading partners to get test response files; e.g., 835, 276, or 271. The team can evaluate the changes manually to identify issues and address them with the trading partner ahead of time. Time is of the essence here — and there is none to lose. Any testing that can be done now, should be done now, even if scenarios are not perfect and complete.
As the clock ticks closer to the 11th hour, it’s critical that the industry make a concentrated, collective effort toward successful HIPAA 5010 testing and transition. Even with a 90-day grace period, the entire industry — CMS, providers and payers — needs to collectively acknowledge that by dragging this process out any longer, we will continue to plod along in ruts of our own making. And we’ll continue to suffer from increasingly unbearable administrative burdens, making the concept of regulatory migration worthless.
HIPAA upgrades will not end with 5010. It’s in the best interests of both payers and providers to get all hands on deck and seize what’s left of the HIPAA 5010 transition timeline. After all, the transition to 6020 is just around the corner!