Comments to NCVHS on HIPAA Electronic Claims Attachments

January 26, 2004

Simon Cohn, MD, MPH, FACP
Chairman, NCVHS Subcommittee on Standards and Security, and
National Director for Health Information Policy
Kaiser Permanente Medical Care Program
One Kaiser Plaza
Oakland, California 94612

Re: HIPAA Attachment Standards

Dear Dr. Cohn:

The purpose of this letter is to offer comment from the American Health Information Management Association (AHIMA) to the National Committee on Vital and Health Statistics (NCVHS) Subcommittee on Standards and Security regarding its current review of potential standards for electronic claims attachments as required under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). It is our understanding that the subcommittee, and potentially the full NCVHS, will be considering recommendations to the Department of Health and Human Services (HHS) Secretary on this issue as you meet in Washington, DC this week .

As the subcommittee knows from our previous testimonies, AHIMA is a professional association of over 46,000 health information managers (HIM), who work in a variety of capacities and functions related to health information, including healthcare providers, plan, and payers. As such, many of our HIM professionals are often called upon to submit or receive health information passed between providers and health plans or payers in the form of “claims attachments.”

AHIMA has been involved in the HIPAA legislative and regulatory development for over 10 years. We have also been very active in the development of HL-7 standards related to health record content exchange. Currently, AHIMA professional staff members are leading several of the workgroups associated with the electronic health record (EHR) standard development.

Standards and Guidelines for Transactions

Generally, claims attachments either accompany an initial claim from a provider to a health plan, or are submitted as a response to a request for additional information from a plan or payer that has received some sort of claim on behalf of a patient. While we do not have an accurate count on the amount of time responses to such a requests take, or how often such a requests are made, but we are acutely aware, anecdotally, that the volume is so high that many healthcare providers currently must outsource a significant amount of the effort because it cannot be handled with normal numbers of HIM department staff. Both the issues of copying, to respond to such requests, along with concerns regarding the minimum necessary factor of responding to such requests remains a high priority issue with many of our members across the country.

One of the issues raised, in your December 2003 hearing on claims attachments, was how such standards would be used by the healthcare industry and what would be contained in such standards. Comments from the American Medical Association (AMA) and the American Hospital Association (AHA) point out a number of concerns (which we would echo) that use or request of attachments is often considered by providers as a ploy on the part of health plans or payers to delay payment or other decisions.

We have no proof that this is the principal reason for such requests, but the number of requests would indicate that there is a problem with obtaining data in the process of eligibility inquiry and claims submission that needs to be addressed, and that using electronic mechanisms to replace the current process of sending paper attachments is not necessarily the answer. If the role of HIPAA is to achieve administrative simplification, then it should fall on either HHS or the NCVHS to examine the cause of so many requests for attachments, before determining an electronic standard that could possibly encourage more requests and thus more costs to the entire healthcare administrative process.

Given the current state of HIPAA implementation, standards and guidelines for use of HIPAA transaction standards, and lack of a modern classification system for diagnoses and inpatient procedures, and standard outpatient procedures, we hesitate to suggest moving forward at the current time with an NPRM for attachments for the following reasons:

  • HIPAA Transactions – while the NCVHS has focused on implementation of the first eight HIPAA transaction standards, most of the attention has been directed to the X12-837 claims transaction and not the other seven HIPAA transactions. These transactions were originally viewed as a set, such that data would be exchanged from the beginning of an individual becoming eligible for coverage (with information related to preexisting conditions and so forth), through eligibility, authorization, and certification requirements, and the claim itself. Before one can begin to judge the merits of an attachment to supply missing information, it would seem appropriate to determine if the necessary information is already in the system, or if there is a breakdown in the industry's ability to get the right data to the right place with the use of the first eight standard HIPAA transactions. Our experience would suggest that this has not been done.
  • Claim versus Attachments and Uniform Attachments – one of the concerns, raised by the testimony and comments given so far, is what information is standard and necessary to the point that it should be required at the initiation of services and accommodated in the claim, as opposed to dealing with an attachment after the fact. This leads to the question, should we be looking at the business transactions for efficiency, or do we just make everything electronic, and though inefficient, call it a victory?

    As Jean Narcisi pointed out in her testimony, such an approach does not provide the industry any of the benefits of uniform transactions and does not simplify administration. If the NCVHS does not want to take on such a role with the plan and provider communities, then perhaps the National Uniform Claims Committee (NUCC) or the National Uniform Billing Committee (NUBC) should do so. The problem that we have with such a recommendation, however, is that some of our members work in healthcare systems and provide information management and response on services that can be rendered in either a facility or a practice. To have to respond one way under one delivery mechanism and a different way under another, does not provide uniformity and continues the potential for error in a data base that should be kept uniform. If there is going to be a standard attachment for some legitimate purpose, it should be capable of being used uniformly across all sites of service and use standard classifications, and other terminology and data definitions to maintain the integrity of the health record. There is a need, therefore, to first decide if certain information should be contained (even as situational) in the claim or if, because the need is infrequent, the attachment becomes the most efficient and effective mechanism to use.

  • Use of modern classification systems – during the course of the Subcommittee's hearings on ICD-9-CM, it was noted several times that use of ICD-10-CM and, for inpatient procedures ICD-10-PCS, would provide significant detail and eliminate the need for many attachments. This has been confirmed by several of the plans we have talked to, who, for efficiency, indicate that they would prefer not having to have to review attachments or establish automated attachment review mechanisms. Therefore, while we are not suggesting these classifications systems would substitute for all necessary attachments, we do believe that mandatory use of any standard attachments should occur after the final implementation date set for ICD-10-CM and ICD-10-PCS so the industry could maximize the benefits of those systems.
  • Duplicate coding and similar problems – in the Subcommittee's February 6, 2002 hearings, there were a number of comments raised concerning the duplication of codes for outpatient/practice reporting and claims. It was also raised that different plans were requiring different codes or a manipulation of medical codes for their claims. This is a practice that continues to occur in the claims cycle creating inaccurate databases and the need for follow-up attachments or other similar correspondence when an “incorrect” code is used. This, and similar practices, that occur in spite of HIPAA, cost the industry a considerable amount of time, effort, and money. In addition, the AMA has suggested that uniform classification guidelines should exist, as called for in HIPAA, so that all parties can use a single standard and insure its acceptability by all receivers of the medical code. We would suggest this same practice should apply to any code set used as part of the HIPAA standards. The Subcommittee should consider this as it makes further recommendations on any HIPAA transaction, including the claims attachments, or future electronic health information transactions.

Where There Is No Standard Attachment

The Subcommittee has received testimony regarding some recommendations on how information could be sent – again generally from a healthcare provider to a health plan – when there is no specific attachment standard. This raises both concerns regarding HIPAA intended improvements and efficiencies, as well as concerns regarding obligations under the HIPAA privacy requirements.

  • Health Level-Seven (HL-7) has made some recommendations for the transfer of data where there is not an attachment standard. Such a process does provide an electronic solution, however, it does not necessarily improve the process of sharing such data in a uniform way; rather it takes us from the current practice of “copy and mail” to one of “scan (or paste) and transmit.” As I noted above, there are a significant amount of resources currently dedicated to copying all or parts of health records for the purpose of claims adjudication. To provide an alternative means of transmission does not address or eliminate the process of finding the record, or appropriate part of the record, and then copying or scanning. While implementing such a recommendation might speed up the time of transmission, it does not address why such a process is necessary in the first place. If we are to achieve efficiencies, this should be addressed.
  • Healthcare providers have an obligation to provide the minimum necessary data for requests for protected health information (PHI) under HIPAA. While HIPAA regulations also indicate that the application of minimum necessary, where PHI is being shared by two covered entities, resides in the requestor, they also indicate that the holder does have some responsibility not to disclose more than necessary. This continues to present conflicts in the industry. Some of the testimony and comments previously submitted to the subcommittee suggest that solutions such as XML, would work because the provider could essentially “just send the whole record” and the requestor could then scan the record for the information they are seeking. We believe that while the current HIPAA regulation permits such a solution under the exception noted; such a process is essentially in violation of the trust patients put in healthcare providers. It is our shared responsibility to continue to develop a healthcare system, practices, and standards that will ensure the trust of our patients and consumers. Without such a trust, we will never build an effective infrastructure. We should also avoid sending the message to the public that the easiest way to respond to a request for personal heath information is to send everything.

Attachment Standards and the Electronic Health Record (EHR)

As members of the Subcommittee are aware, AHIMA and many others (including some NCVHS members) are currently involved in the establishment of HL-7 standards for the EHR. This project comes at the request of the Secretary and follows significant IOM recommendations. It appears that the draft standards for the EHR could potentially impact decisions on attachment standards, since essentially most clinically based requests for attachments could be responded to by transmission of parts of an EHR.

Given the Secretary's request and the desire for uniformity, we would suggest that any final review ensure that the HIPAA attachment standard and the HL-7 EHR standards are comparative and not duplicative. As we have expressed elsewhere in this letter, all information and data must uniformly represent the patient's encounter with healthcare providers and the services they render. Since the ballot for the HL-7 is scheduled for later this winter, any decision the Subcommittee makes should be reflective of this project as it is crucial to HHS and the building of a national health information infrastructure. We furthermore believe the Subcommittee may be in an excellent position to determine if there are any inconsistencies among the various projects currently underway, including the HL-7 EHR standard, the CHI recommendations, and the potential HIPAA attachment standards, and should provide comment on this.

Projects and Demonstrations

The Subcommittee had a good discussion in December on the potential for projects and demonstrations concerning attachments. Others have pointed out that for attachments to work there must be consistency with what is included in any attachment request across health plans, payers, or any other group that would request such an attachment (we hope short of the entire health record). For the information in such an attachment to be effective, healthcare providers and others that may supply such an attachment must also be able to respond to a request with the certainty that the standard attachment will fulfill the request. Certainly, one way to test this is a project or demonstration, and we believe this needs to occur before a NPRM is issued.

As the Subcommittee is aware, an NPRM will have to spell out the standard, the guidelines for its uses, costs involved and more. To do this will require some demonstration that includes a variety of health plans and providers. While a demonstration with one or two health plans can indicate the usability of a transaction, for the industry to accept the transaction as a standard, it must hold up under usual circumstances in many health plans and circumstances or the administrative simplification goals of the standard will not be achieved and the existing problems will not be resolved.

We agree with the sense raised in the Subcommittee's December 2003 meeting, that projects and demonstrations, as early as possible, with as wide a representation as possible, will do more than anything to speed up acceptance of the attachment standards. Such acceptance will not only ensure a positive response to the NPRM, but also of the standards themselves and the EHR. As the Subcommittee is aware there are a number of potential public and private demonstrations being considered. Therefore, the attachment standards might easily fit into one of the new demonstrations or some of the demonstrations already underway. Such demonstration might also show whether it would be better to implement one attachment standard at a time versus all of them to ensure uniform acceptance, especially in the health plan community.

Since most of the members of the Subcommittee also have involvement with the NCVHS' NHII subcommittee, consideration might also be given to what “attachments” could be used for purposes other than the claim, and vice versa. Requests for data, similar to that contained in some of the attachments might also serve purposes for public health monitoring and other applications. The more that a single “attachment” standard could do, the more efficient our healthcare industry becomes, and the more consistent and reliable healthcare data and information will be – for all purposes.

Further Discussion

We appreciate your attention to this letter and our concerns. We do not want to be viewed as opposing the concept of grouping certain data from the health record to respond to appropriate needs for information in the healthcare industry, whether it is for a necessary claims attachment, or another purpose. As a profession whose role it is to seek and supply such information our interest is in making the process as simple and effective as possible while providing the safety, security, and confidentiality our patients expect. We look forward to working with the NCVHS and other organizations as we move to the infrastructure, EHR, and other visions provided by HIPAA, the NCVHS, and the industry.

Please let me know of any questions you might have or in any other way that AHIMA might be able to make this vision happen. I can be reached at the address and phone below or by way of e-mail at Again, my thanks for your attention and for all the work you and the Subcommittee are doing to move our industry forward in the 21st century.


Dan Rode, MBA, FHFMA
Vice President, Policy and Government Relations

1730 M Street, Northwest, Suite 409
Washington, DC 20036
Phone (202) 659-9440
fax (202) 659-9422