Summary (Overview)
The Adoption of Standards for Health Care Attachments Transactions and Electronic Signatures, and Modification to Referral Certification and Authorization Transaction Standard (CMS-0053-P), if finalized, would adopt standards for “health care attachments” transactions, which would support health care claims and prior authorization transactions; adopt standards for electronic signatures to be used in conjunction with health care attachments transactions; and adopt a modification to the standard for the referral certification and authorization transaction.
Background
Congress initially addressed the need for a consistent framework for electronic transactions and other administrative simplification issues in HIPAA (Public Law 104–191, August 21, 1996). Through subtitle F of title II of HIPAA, Congress added to title XI of the Social Security Act (the Act) a new Part C, titled ‘‘Administrative Simplification,” which required the Secretary of HHS to adopt several sets of standards for electronic transactions, code sets and unique identifiers.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Patient Protection and Affordable Care Act, as amended by the Health Care and Education Reconciliation Act of 2010, enacted on March 30, 2010—collectively, the Affordable Care Act—requires the Secretary of the Department of Health & Human Services (HHS) to adopt a health care claim attachment standard.
In the September 23, 2005 Federal Register (70 FR 55989), a proposed rule was published, but it was never finalized due to a lack of stakeholder consensus on a suitable use of the technology available at the time. Standards for electronic signatures were included in the August 12, 1998 proposed rule titled “Security and Electronic Signature Standards” (63 FR 43242), but, again, standards for electronic signatures ultimately were not adopted because stakeholder feedback indicated that electronic signature technology was not yet mature.
In 2010, the HIPAA Administrative Simplification requirements were reinforced in Section 1104 of the ACA, which requires the Secretary to adopt and regularly update electronic transaction standards, code set standards, unique identifiers as well as operating rules for the electronic exchange and use of health information for health insurance administration.
Section 1104(c)(3) of the ACA requires that the adopted standard for health claims attachments be “consistent with the X12 Version 5010 transaction standards”. It is important to note the provision makes no allowance for an extended time for small health plans to achieve compliance.
Health Care Attachments
Every health plan has requirements with which a health care provider must comply for the plan to authorize and pay the provider for health care services. Health plans frequently require a health care provider to submit additional information beyond the administrative data contained in a HIPAA transaction. Such information may, for example, include medical documentation to support health care claims or referral authorizations. Typically, this additional information is needed so a health plan may make an administrative decision about payment for a covered service, or a coverage decision about a service the provider intends to render. Providers are often forced to utilize manual processes such as physical mail, fax, or internet web portals when they respond to these requests from health plans.
The proposed health care attachments standards cover three general use cases, illustrated below, whereby a provider would submit electronic documentation to a health plan:
Prior Authorization: In this case, a provider must obtain a health plan’s approval for a service before it is rendered to the patient. The provider will send a request for approval along with supporting information to the health plan. The plan will then review the information, decide whether this service would be covered, and return a response to the provider indicating the coverage decision. Although there is currently an adopted HIPAA transaction for the prior authorization request and response, there is no way for a provider to submit documentation to support a prior authorization electronically using HIPAA standards.
Solicited Documents: In this use case, a provider has submitted a claim for a rendered service and the health plan decides that more information is required to make a payment determination. The health plan requests more information from the provider and the provider responds.
Unsolicited Documents:
In this use case, a health care provider submits a claims attachment along with their initial submission of a health care claim transaction for a service they have rendered. This usually occurs when a provider is in a full claims review program with the health plan or the health plan’s payment policies require documents with each claim submission for service.
Electronic and Digital Signatures
A signature is often the only indicator available to health plans and health care providers that attachment information has been reviewed and approved by the service provider or other clinician with the appropriate authority to supervise care. Health care entities recognize numerous legal and compliance standards and best practices for clinician attestation of medical record documentation consistent with applicable federal and state laws, accreditation standards, payer requirements, and documentation requirements for clinical services offered.
Therefore, the proposed rule would define the term “electronic signature” as broadly as possible to ensure that it meets health care providers’ and health plans’ needs now and can also encompass future electronic signature technologies. By proposing to define electronic signatures in this way, the scope would be limited to attachment information transmitted electronically in electronic health care attachments transactions.
We are proposing to adopt an implementation guide called the HL7 Implementation Guide for CDA® Release 2: Digital Signatures and Delegation of Rights, Release 1 (Digital Signatures Guide). This guide ensures the implementation of the three necessary features by utilizing digital signature technology to implement identity management using digital certificates, encryption requirements to support message integrity, and multiple signed elements to support non-repudiation.
A digital signature is an electronic stamp that contains information about both the user creating the signature and the document that is being signed. Digital signatures are created using digital certificates to create a secure computer code that can be used later to authenticate the signer. At the same time, the certificate is used to create another computer code, usually referred to as a hash, which can be used by a computer to verify that the document has not been changed since it was originally signed; this is a mechanism to ensure the integrity of the signed document. In both cases, the codes are encrypted so the receiver knows that the codes themselves have also not been altered, enabling the receiver to be confident that the signature was applied by the authenticated individual. This is the same technology used by the federal government when documents are signed using the security certificates included in personal identity validation (PIV) cards.
Health Care Savings
Based on industry research performed by the Council for Affordable Quality Healthcare (CAQH), significant savings could result from the adoption of automated electronic processing of attachments. The 2019 CAQH report indicates that a fully electronic system for prior authorization with health care attachments could result in as much as $454 million in annual savings to the health care industry.[1] Similar savings can be expected for the industry with a switch to health care attachments for claims. The 2019 CAQH report further estimates the industry could expect as much as $374 million in savings per year with the full adoption of health care attachments for claims. This results in a total expected industry savings, for prior authorization and claims, of $828 million per year.
The proposed rule is available to review today at: https://www.federalregister.gov/public-inspection/2022-27437/administrative-simplificati[…]of-standards-for-health-care-attachments-transactions-and. The comment period will close on March 21, 2023.
For more information on the HHS proposed rule, please visit: https://www.cms.gov/regulations-and-guidance/administrative-simplification/hipaa-aca/eventsandlatestnews
###
[1] 2019 CAQH Index® Conducting Electronic Business Transactions: Why Greater Harmonization Across the Industry is Needed, https://www.caqh.org/sites/default/files/explorations/index/report/2019-caqh-index.pdf