Trend | Privacy and HIPAA

CAQH CORE Compliance: The “Voluntary Mandate” That Isn’t

Trend | Privacy and HIPAA

CAQH CORE Compliance: The “Voluntary Mandate” That Isn’t

To comply with HIPAA’s mandate regarding security of information transferred electronically, many organizations have adopted solutions that are not compatible with those of other organizations, making the transfer process cumbersome.

Among its many requirements, HIPAA includes a stipulation that protected health information (PHI) be secured when transmitted electronically. Because HIPAA does not specify exactly how PHI is to be secured, many health plans have implemented compliance solutions that may not be compatible with those of other health plans. The result is an array of dissimilar technical approaches that complicate the electronic exchange of PHI between health plans and healthcare providers.

Since HIPAA was introduced, the healthcare industry has been working to unify electronic communications, with the first major step being the implementation of ASC X12 5010 standards for secure transactions. A key player in these initiatives is the Council for Affordable Quality Health (CAQH), a not-for-profit alliance of health plans and trade associations that was created to address healthcare industry initiatives. In 2005, CAQH established the Committee on Operating Rules for Information Exchange (CORE). Currently comprising more than 140 providers, health plans, vendors, government agencies, and standard-setting bodies, CAQH CORE establishes operating -rule standards for healthcare data exchange and bears responsibility for developing specifications to streamline and unify such exchanges. CORE-certified health plans electronically exchange PHI in a uniform manner.

In a separate but coinciding move to foster broader uniformity in the transmission of electronic transactions, Section 1104 of the Affordable Care Act (ACA) requires health plans to make it easier to handle PHI transactions related to patients. In a January 2014 proposed rule, the U.S. Department of Health & Human Services (HHS) recommended CAQH CORE as the administrator for HHS-required certification of health plans. a

The byproduct of the certification process has been the establishment of a “voluntary mandate.” b Although attaining CORE certification is currently voluntary for health plans, the ACA has in effect made it necessary, given that CORE certification validates compliance with ACA Section 1104.

As of July 31, 2017, only 74 health plans in the United States, including some of the country’s largest plans, were CORE certified. c For health plans that have not become certified but have fully implemented ASC X12 5010 transactions, the good news is that they are well on their way to CORE certification. It’s now time for these health plans to take the final steps to achieve CORE certification and finalize compliance with all ACA Section 1004 mandates.

A Case for Certification

With enforcement now in place for ACA Section 1104, health plans are subject to audits and potential fines for noncompliance. d The potential for fines may be minimized by achieving CORE certification, and the benefits of CORE certification go well beyond this objective.

Health plans that have obtained the CAQH CORE seal for the first three phases are certified as having the capacity for more streamlined, electronic exchange of information in their target transaction types. Those phases include:
  • Phase I: Eligibility (transaction types 270/271)
  • Phase II: Eligibility (transaction types 270/271) and Claim Status (transaction types 276/277)
  • Phase III: Electronic Funds Transfer and Electronic Remittance Advice (transaction type 835)

In business dealings with fully certified health plans, providers can determine claim and eligibility status almost immediately without engaging in a phone call or fax exchange or having to access a health plan-specific web portal.

CORE-certified health plans also offer online enrollment for electronic funds transfer (EFT) and electronic remittance advice (ERA). With ERAs that correlate to the EFTs, providers can receive payments more quickly: ACA Section 1104 states that, to be compliant, EFTs and ERAs from health plans must be transmitted within 72 hours of each other.

CORE certification further ensures that the health plan has implemented operating-rule standardization for the four most common CORE-defined claim adjustment/denial business scenarios, which include:
  • Additional information required—missing/invalid/incomplete documentation
  • Additional information required—missing/invalid/incomplete data from submitted claim
  • Billed service not covered by health plan
  • Benefit for billed service not separately payable

By standardizing these operating rules, CAQH CORE is helping to eliminate the inherent complexity that hinders providers that receive separate and dissimilar claim adjustment reason code (CARC)/remittance advice remark code (RARC) combinations from the multiple health plans that process their claims—even though the various CARC/RARC combinations reference the same adjustment.

Steps to Completion

Many health plans that already have fulfilled some of the requirements to become CORE certified still must complete a few more steps. These health plans could be lagging because they have tasked their IT resources with implementing only the standards relating to electronic transactions. To satisfy the requirements for the above-mentioned phases, plans must work with those same IT resources to assess all requirements of the CORE operating rules and ensure the health plan is compliant with all mandates. For plans that have implemented the electronic transactions, the remaining tasks typically include the following.

Producing reports for turnaround times. CAQH CORE requires at least 90 percent of 270/271 and 276/277 transactions per month to be turned around in 20 seconds or less.

Producing a CAQH CORE-formatted companion guide. Given that publishing guidelines isn’t a mainstream IT activity, it’s not terribly surprising that this CORE certification requirement often goes unaddressed. However, producing this companion guide serves a meaningful purpose beyond achieving CORE certification. It tells providers specifically what they must supply if they would like to pursue 270/271 and 276/277 transactions with a CORE certified health plan.

Becoming fully compliant with CARC and RARC codes for the four most common claim adjustment/denial business scenarios. This task isn’t specifically identified in ACA Section 1104 but is a requirement in the adopted operating rules for CAQH CORE certification that promotes standardization in a key business communication.

Providers receive the benefits of a health plan’s CORE certification with very little effort because the health plan is responsible for its certification. CARC/RARC standardization is one of the few areas of CAQH CORE in which providers have an obligation, and the requirements are relatively simple. Providers may need to make minor changes to their procedures and systems to accommodate the new CARC and RARC standards. As a benefit, these changes will ultimately minimize the need to maintain cross references for varying CARC/RARC combinations received from the health plans.

“Voluntary” Compliance

Because ACA Section 1104 mandates simplification of the electronic exchange of PHI, and the recognized certification for that simplification resides at CAQH CORE, which is a nongovernment entity, a slight disconnect exists in much of the health plan community regarding the requirements.

Health plans that have completed the transactional portion of HIPAA compliance have essentially satisfied the ACA Section 1104 mandate because the operating-rule requirements are based on the ability to exchange PHI securely. However, without completing the remaining tasks noted above, health plans cannot display CAQH CORE seals corresponding with the phase they have most recently completed that indicate they are enabled for highly streamlined electronic transactions.

Once the health plans are fully aligned and have made the necessary changes to support a consolidated set of CARC/RARC combinations, the healthcare industry will have taken an important step toward transactional simplification, speed, and accuracy through standardized electronic data interchange.


Buster Elrod is a senior manager for Change Healthcare Consulting, Nashville, Tenn.

Footnotes

a. Department of Health and Human Services, Federal Register, Jan. 2, 2014.

b. CAQH, “ACA Federal Mandate for Healthcare Operating Rules.”

c. CAQH, “Core-Certified Organizations/Products.”

d. CAQH, “ACA Section 1104 Mandate for Federal Operating Rules.”

About the Authors

Buster Elrod

Advertisements

Related Articles | Privacy and HIPAA

Article | Healthcare Legal

Addressing unclaimed property challenges

Healthcare providers increasingly are being audited for unclaimed property.

How To | Compliance

5 steps to becoming HIPAA compliant

Healthcare organizations that qualify as HIPAA covered entities should take five steps when developing a compliance program designed to meet their obligation under HIPAA to safeguard patients’ protected health information.

How To | Compliance

How to avoid the devastating consequences of HIPAA noncompliance

The potential costs of being found noncompliant with HIPAA are too great for a healthcare provider organization not to have in place a compliance program designed to help safeguard patients’ protected health information.

Q&A | Privacy and HIPAA

Ask the Experts: HIPAA compliance

What are the HIPAA implications of accessing existing subscriber information in our records for patients who don’t have their insurance information?