Ten years after HIPAA became a U.S. federal law, health insurersare scrambling to make changes to their IT systems in order tocomply with one of its last major requirements: the ability toprocess claims and other electronic transactions using standardizedID numbers for doctors and hospitals.
But insurers’ efforts to ready their systems are being hamperedby the sluggish pace at which many health care providers areadopting the new numbers, IT executives at more than a half-dozenBlue Cross and Blue Shield health plans said last week.
The Health Insurance Portability and Accountability Act, whichwas approved in August 1996, mandates that all health careproviders covered under the legislation obtain a 10-digit NationalProvider Identifier number to use in certain transactions. Largeinsurers — most of which now use multiple internal ID numbers totrack providers — must begin processing documents with the NPIs byMay 23, 2007. Smaller health plans have another 12 months tocomply.
Blue Cross and Blue Shield of North Carolina plans to make therequired changes to its IT systems and business processes bySeptember. However, the Durham-based company estimates that only 20percent of the doctors and hospitals it works with have applied tothe federal government and received their new ID numbers, accordingto Harry Reynolds, the insurer’s vice president of informationsystems planning.
That is making it difficult for Blue Cross and Blue Shield toensure that it’s effectively altering its systems so they canaccept the new numbers, Reynolds added.
“Until we see some of the large institutions taking theirnumbers, whether we have everything covered … will have to bedetermined,” he said. “No one can declare victory, because theother part of the equation is sitting out there in a bit of anunknown. We don’t think we will get shocked, but we could still getsurprised.”
Reynolds wouldn’t disclose the expected cost of the NPI project,saying only that it affects about 35 percent of the applications atBlue Cross and Blue Shield and 50 percent of its businessprocesses. The insurer will maintain its internal legacy ID numbersand match them to the NPIs, a strategy commonly calledcrosswalking.
Ideally, Reynolds said, all health care providers will obtaintheir NPI numbers by January, which would give the insurer fivemonths to test its work before the May compliance deadline.
End is in sight
BlueCross BlueShield of Tennessee Inc. last week began to reviewdesigns for the second phase of its NPI project, which calls forcrosswalking the 11 internal systems that will need to accept NPIs.The new phase will take about 10,000 man-hours and is set to becompleted at the beginning of October, said Wayne Wilson, directorof government systems at the Chattanooga-based company. After that,the insurer will begin working on the final phase: preparingsystems to reject transactions that don’t include an NPI. That partof the project is expected to take until next May to complete.
BlueCross BlueShield of Tennessee, which does business in 47states, has distributed newsletters and held workshops in an effortto get health care providers to apply for NPIs so it can load thenew data into its systems, Wilson said. However, it stillanticipates that many providers will wait until the last minute toobtain their numbers. “We have no leverage” over them, said Wilson,who wouldn’t disclose cost data for the NPI project.
Premera Blue Cross in Mountainlake Terrace, Wash., has onlyabout 20 percent of the NPIs it will need by next May, said CIOAlan Smit. His staff is also concerned that the federal governmenthas yet to announce whether and when it will provide a bulk file ofNPIs to insurers. In addition, Premera’s database team can’tprepare for the process of validating incoming NPIs because itdoesn’t know how the government plans to provide verificationcapabilities, he said.
Premera, which operates in Washington and Alaska, doesn’t haveto deal with the crosswalking issue because it uses the tax IDnumbers of health care providers, which are matched to names andaddresses for verification. Instead of having to heavily modify itssystems to process a new number attached to every reference to anindividual provider, Premera will only have to add another datafield to them, Smit said. However, Smit noted that NPI complianceis “a significant effort” that will affect 80 percent of theinsurer’s systems. He said Premera spent about 10,000 man-hours onthe project last year and expects to devote another 30,000 thisyear as it works to become capable of processing the new IDs by theend of December.
“Like Y2k, I have to go in and add a data element every placewhere we want to identify a provider,” Smit said. In addition tochanging the systems used to process claims, Premera has to add anew field to its customer service systems so that when physicianscall in to ask about the status of claims, workers can use theirNPIs to locate the proper filings.
Katy Henrickson, an analyst at Forrester Research Inc., saidthat although most insurers have sufficient plans in place tocomply by the deadline, unanticipated issues such as how they cancollect the NPIs have left many “feeling unprepared.” Forrestersurveyed eight insurers on NPI compliance issues for a report thatthe consulting firm issued in May.
Peggy Wiley, senior project manager in the enterprise portfoliomanagement office at The Regence Group, said NPI compliance work isexpected to cost the Portland, Ore.-based company a total of $6million over 30 months. The insurer is made up of Blue Cross andBlue Shield plans that operate in Idaho, Oregon, Utah and parts ofWashington.
But the work is yielding some benefits, Wiley noted. Forexample, because Regence has to look at all of its provider files,the project is an impetus for the company to continue adata-cleansing project that it began about 18 months ago, shesaid.