Ten years after HIPAA became a U.S. federal law, health insurers
are scrambling to make changes to their IT systems in order to
comply with one of its last major requirements: the ability to
process claims and other electronic transactions using standardized
ID numbers for doctors and hospitals.
But insurers' efforts to ready their systems are being hampered
by the sluggish pace at which many health care providers are
adopting the new numbers, IT executives at more than a half-dozen
Blue Cross and Blue Shield health plans said last week.
The Health Insurance Portability and Accountability Act, which
was approved in August 1996, mandates that all health care
providers covered under the legislation obtain a 10-digit National
Provider Identifier number to use in certain transactions. Large
insurers -- most of which now use multiple internal ID numbers to
track providers -- must begin processing documents with the NPIs by
May 23, 2007. Smaller health plans have another 12 months to
comply.
Blue Cross and Blue Shield of North Carolina plans to make the
required changes to its IT systems and business processes by
September. However, the Durham-based company estimates that only 20
percent of the doctors and hospitals it works with have applied to
the federal government and received their new ID numbers, according
to Harry Reynolds, the insurer's vice president of information
systems planning.
That is making it difficult for Blue Cross and Blue Shield to
ensure that it's effectively altering its systems so they can
accept the new numbers, Reynolds added.
"Until we see some of the large institutions taking their
numbers, whether we have everything covered ... will have to be
determined," he said. "No one can declare victory, because the
other part of the equation is sitting out there in a bit of an
unknown. We don't think we will get shocked, but we could still get
surprised."
Reynolds wouldn't disclose the expected cost of the NPI project,
saying only that it affects about 35 percent of the applications at
Blue Cross and Blue Shield and 50 percent of its business
processes. The insurer will maintain its internal legacy ID numbers
and match them to the NPIs, a strategy commonly called
crosswalking.
Ideally, Reynolds said, all health care providers will obtain
their NPI numbers by January, which would give the insurer five
months to test its work before the May compliance deadline.
End is in sight
BlueCross BlueShield of Tennessee Inc. last week began to review
designs for the second phase of its NPI project, which calls for
crosswalking the 11 internal systems that will need to accept NPIs.
The new phase will take about 10,000 man-hours and is set to be
completed at the beginning of October, said Wayne Wilson, director
of government systems at the Chattanooga-based company. After that,
the insurer will begin working on the final phase: preparing
systems to reject transactions that don't include an NPI. That part
of the project is expected to take until next May to complete.
BlueCross BlueShield of Tennessee, which does business in 47
states, has distributed newsletters and held workshops in an effort
to get health care providers to apply for NPIs so it can load the
new data into its systems, Wilson said. However, it still
anticipates that many providers will wait until the last minute to
obtain their numbers. "We have no leverage" over them, said Wilson,
who wouldn't disclose cost data for the NPI project.
Premera Blue Cross in Mountainlake Terrace, Wash., has only
about 20 percent of the NPIs it will need by next May, said CIO
Alan Smit. His staff is also concerned that the federal government
has yet to announce whether and when it will provide a bulk file of
NPIs to insurers. In addition, Premera's database team can't
prepare for the process of validating incoming NPIs because it
doesn't know how the government plans to provide verification
capabilities, he said.
Premera, which operates in Washington and Alaska, doesn't have
to deal with the crosswalking issue because it uses the tax ID
numbers of health care providers, which are matched to names and
addresses for verification. Instead of having to heavily modify its
systems to process a new number attached to every reference to an
individual provider, Premera will only have to add another data
field to them, Smit said. However, Smit noted that NPI compliance
is "a significant effort" that will affect 80 percent of the
insurer's systems. He said Premera spent about 10,000 man-hours on
the project last year and expects to devote another 30,000 this
year as it works to become capable of processing the new IDs by the
end of December.
"Like Y2k, I have to go in and add a data element every place
where we want to identify a provider," Smit said. In addition to
changing the systems used to process claims, Premera has to add a
new field to its customer service systems so that when physicians
call in to ask about the status of claims, workers can use their
NPIs to locate the proper filings.
Katy Henrickson, an analyst at Forrester Research Inc., said
that although most insurers have sufficient plans in place to
comply by the deadline, unanticipated issues such as how they can
collect the NPIs have left many "feeling unprepared." Forrester
surveyed eight insurers on NPI compliance issues for a report that
the consulting firm issued in May.
Peggy Wiley, senior project manager in the enterprise portfolio
management office at The Regence Group, said NPI compliance work is
expected to cost the Portland, Ore.-based company a total of $6
million over 30 months. The insurer is made up of Blue Cross and
Blue Shield plans that operate in Idaho, Oregon, Utah and parts of
Washington.
But the work is yielding some benefits, Wiley noted. For
example, because Regence has to look at all of its provider files,
the project is an impetus for the company to continue a
data-cleansing project that it began about 18 months ago, she
said.
icon.
