2015 is going to be yet another busy year for health plans with the ICD-10 cutover scheduled for October and Operating Rules penalties (still in the rulemaking process) kicking in on Jan. 1, 2016.
The lack of opinions, white papers and blogs on Operating Rules compares palely with other more marketed reform initiatives (that's right, Operating Rules are also part of the ACA). Almost all of the information that's available on the Internet is on the CAQH CORE website (no surprise there given that CORE is the Committee on Operating Rules for Information Exchange and the author of Operating Rules).
My point is, Operating Rules don't get a lot of visibility. But why exactly are Operating Rules important?
For starters, just the first two phases of the rules (focused on eligibility verification and claim status inquiry) are estimated to save providers up to $9.5 billion and health plans up to $5.8 billion over 10 years (according to CAQH and HHS), by driving the use of electronic transactions and corresponding reduction in claim denials. Phase three encourages the usage of electronic remittance advices and EFTs for claim payments. The fourth phase will streamline a number of other transactions like claims, prior authorization and enrollment/disenrollment, premium payments and claim attachments.
Penalties for non-compliance are also a concern: $1 per member, per covered life for health plans, up to a maximum of $20 per member per year for HIPAA and Operating Rules non-compliance. That is a lot of penalty dollars, even if you aren't fully convinced about the benefits of reduced phone calls from provider to verify insurance coverage and eligibility of a patient, get status of a claim, determine why the remittance advice has conflicting information about how a claim was paid, and find out the claims that an EFT is related to.
All these add up to the estimated savings for the industry.
Challenges
With the deadline on the horizon, I'd like to discuss implementation challenges based on my two years' experience with Operating Rules implementations at multiple health plans and state Medicaid agencies.
Some of the requirements are technical, and need technical/EDI specialists for implementation.
Operating Rules involve transport protocols (computer engineers--remember that network layer from the OSI model?) and authentication of connections in that layer. Experience has proven that implementing and stabilizing this layer is a significant challenge for health plans. Firewalls, transmission protocol, authentication and message envelop related issues are bound to be encountered when testing with an external entity. And these issues take a considerable amount of time to resolve.
Next is a list of techno-functional requirements that require working with trading partners to review the impact on existing transaction workflows. Take for instance asynchronous processes such as batch eligibility verification--the rules intend to create a closed loop workflow where every communication is acknowledged using a CORE envelop level message (OK/Error), 999 acknowledgements for every functional group and business errors in the AAA segment of the response.
Although the business-centric requirements are not that many compared to the number of technical and techno-functional requirements, the work that is necessary to implement those requirements impacts both business and technology. For example, the requirement to provide member responsibility information to the provider during an eligibility verification transaction requires business teams to resolve ambiguities in the mapping of benefits to service types so accurate financial information can be returned to the provider. At the same time, these additional database lookups are likely to slow down the eligibility responses from the health plan possibly impacting the service levels set by Operating Rules.
So, it's not going to be easy and smooth, but the pain can be reduced with planning and an early start.
Compliance and Testing
The compliance deadlines for implementation of the Operating Rules were January 2013 for eligibility verification and claim status transactions, and January 2014 for claim remittances and EFTs. So if you haven't done anything about Operating Rules phases one, two and three at this point, it is possible that you're non-compliant (except if your systems were somehow built to be Operating Rules compliant as part of the HIPAA implementations). There's still a window of opportunity for you to implement Operating Rules related changes and demonstrate compliance by late 2015.
If you have implemented Operating Rules phases one, two and three, then you are ready to take the next step. Now you just need to demonstrate compliance by either completing certification testing with a CORE authorized testing vendor or by testing with anywhere from 3-25 trading partners that represent 30 percent of your transaction volume (known as the HIPAA Credential option, currently in the rulemaking process). One of these two options are required to reach completion by the end of 2015, so you can avoid the penalties in 2016 (currently in the rulemaking process). There are pros and cons of each approach, and you will need to decide if one approach is better than the other for your unique situation.
Both options for certification require time, planning and resources. Once your organization has signed the pledge to certify using a CORE authorized testing vendor, you'll have six months to complete testing. In the case of HIPAA credential, you'll also need an executive or an authorized representative to attest compliance on behalf of the health plan. Providing the executive with enough evidence of compliance so he/she feels comfortable attesting should also be a key part of your planning.
Certification testing doesn't preclude the need for extended production-level testing, however.
Extended production level testing gives you the confidence that you're compliant with the Operating Rules under different load conditions, at different times of the day, different days of the month and so on. As your production environment keeps changing to accommodate new mandates and business driven requirements, it makes sense to keep track of the service levels. Keep in mind that HHS may assess penalties and require a health plan to recertify if there are validated complaints of non-conformance.
Vijay Bhuttar is the director of product management and compliance management at Edifecs.