Title II of the Health Insurance Portability and Accountability Act (HIPAA) provides a statutory framework for the establishment of a
comprehensive set of standards for the electronic transmission of health information. Pursuant to this Title, the Department of Health and Human Services published proposed regulations concerning electronic transactions and code sets (May, 1998), national standard health care provider identifier (May, 1998), national standard employer
identifier (June, 1998), security and electronic signature standards (August, 1998), and standards for privacy of individually identifiable health information (November, 1999).
Currently, there are numerous electronic codes available in the market.
Without government action, a common standard might eventually emerge as the result of technological or market dominance. However, the uneven distribution of costs and benefits may have hindered the development of a voluntary industry-wide standard.
Congress concluded that the current market is deadlocked and that the health care industry would benefit in the long run if government action were taken now to establish an industry standard. This approach, however, does entail some risks. For example,
whenever the government chooses a standard, even one that is the best available at any point in time, the incentives to develop a better standard may be diminished because there is virtually no market competition and government-led standards often take longer to develop than those developed as the result of market pressures. The approach taken in this regulation is designed to encourage and capitalize on market forces to update standards as needs and technology change and have the government respond as quickly and efficiently as possible to them.
As discussed in the proposals, the regulations will provide a consistent and efficient set of rules for the handling and protection of health information. The framework established by these administrative simplification regulations is sufficiently flexible to adapt to a health system that is
becoming increasingly complex through mergers, contractual relationships, and technical and telecommunication changes. Moreover, the promulgation of a final privacy standard will enhance public confidence that highly personal and sensitive information is being properly protected, and therefore, it will enhance the public acceptance of increased use of electronic systems.
Collectively, the standards that will be promulgated under Title II can be expected to accelerate the growth of electronic transactions and information exchange in health care.
The final Impact Analysis provides estimates based on more current information and more refined assumptions than the original NPRM analysis. Since the original estimates were made, some of the voluntary development and investment in technology that was anticipated at the time of the proposal was diverted or delayed because of Y2K concerns; the
investment is still expected but the timing of it has been delayed. The analysis utilizes more current data and reflects refinements in underlying assumptions based on the public comments and other information that has been collected on market changes.
In addition, this analysis extended the time period for measuring costs and savings from five years to ten years.
Given that the HIPAA provisions require initial expenses but
subsequently produce a steady stream of savings, a ten year analysis more accurately measures the impact of the regulations.
This final rule has been classified as a major rule subject to Congressional review. The effective date is October 16, 2000. If, however, at the conclusion of the Congressional review process the effective date has been changed, we will publish a document in the Federal Register to establish the actual effective date or to issue a notice of termination of the final rule action.
Therefore, the following analysis includes the expected costs and benefits of the administration simplification regulations related to electronic systems for ten years. Although only the
electronic transactions standards are being promulgated in this regulation, the Department expects affected parties to make systems compliance
investments collectively because the regulations are so integrated. Moreover, the data available to us are also based on the collective requirements of the regulations; it is not feasible to identify the incremental technological and computer costs for each regulation based on currently available data. The Department acknowledges that the aggregate impact analysis does not provide the information necessary to assess the choice of specific standards.
The costs of implementing the standards specified in the statute are primarily one-time or short-term costs related to conversion. These costs include system conversion/upgrade costs, start-up costs of automation, training costs, and costs associated with implementation problems. These costs will be incurred during the first three years of implementation. Although there may be some ongoing maintenance costs associated with these changes, vendors are likely to include these costs as part of the purchase price. Plans and providers may choose to upgrade their systems beyond the initial upgrade required by the rule as technology improves over time. Since the rule only requires an initial systems upgrade, the costs of future upgrades are not
included in the cost estimate of the rule.
The benefits of EDI include reduction in
manual data entry, elimination of postal service delays, elimination of the costs associated with the use of paper forms, and the enhanced ability of participants in the market to interact with each other.
In this analysis, the Department has used conservative assumptions and it has taken into account the effects of the trend in recent years toward electronic health care transactions. Based on this analysis, the Department has
determined that the benefits attributable to the implementation of administrative simplification regulations will accrue almost immediately but will not exceed costs incurred by health care providers and health plans until after the second year of implementation. After the second year, however, the benefits will continue to accrue for an extended period of time. The total net savings for the period 2002–2011 will be $29.9 billion (a net savings of $13.1 billion for health plans, and a net savings of $16.7 billion for health care providers). The single year net savings for the year 2011 will be $5.6 billion ($2.5 billion for health plans and $3.1 billion for health care providers). The discounted present value of these savings is $19.1 billion over the ten years. These estimates do not include the sizeable secondary benefits that are likely to occur through expanded e-commerce resulting from standardized systems.
In accordance with the provisions of Executive Order 12866, this rule was reviewed by the Office of Management and Budget.
B. Guiding Principles for Standard Selection
The implementation teams charged with designating standards under the statute have defined, with significant input from the health care industry, a set of common criteria for evaluating potential standards. These criteria are based on direct specifications in the HIPAA, the purpose of the law, and principles that support the regulatory philosophy set forth in Executive Order 12866 of September 30, 1993, and the Paperwork Reduction Act of 1995. In order to be designated as a standard, a proposed standard should:
• Improve the efficiency and effectiveness of the health care system by leading to cost reductions for or improvements in benefits from electronic HIPAA health care
transactions. This principle supports the regulatory goals of cost-effectiveness and avoidance of burden.
• Meet the needs of the health data standards user community, particularly health care providers, health plans, and health care clearinghouses. This
principle supports the regulatory goal of cost-effectiveness.
• Be consistent and uniform with the other HIPAA standards (that is, their data element definitions and codes and their privacy and security requirements) and with other private and public sector health data standards to the extent possible. This principle supports the regulatory goals of consistency and avoidance of incompatibility, and it establishes a performance objective for the standard.
• Have low additional development and implementation costs relative to the benefits of using the standard. This principle supports the regulatory goals of cost-effectiveness and avoidance of burden.
• Be supported by an
ANSI-accredited standard setting organization or other private or public organization that will ensure continuity and efficient updating of the standard over time. This principle supports the regulatory goal of predictability.
• Have timely development, testing, implementation, and updating procedures to achieve administrative simplification benefits faster. This principle establishes a performance objective for the standard.
• Be technologically independent of the computer platforms and
transmission protocols used in HIPAA health transactions, except when they are explicitly part of the standard. This principle establishes a performance objective for the standard and supports the regulatory goal of flexibility.
• Be precise and unambiguous but as simple as possible. This principle supports the regulatory goals of predictability and simplicity.
• Keep data collection and paperwork burdens on users as low as is feasible.
This principle supports the regulatory goals of cost-effectiveness and avoidance of duplication and burden.
• Incorporate flexibility to adapt more easily to changes in the health care infrastructure (such as new services, organizations, and health care provider types) and information technology. This principle supports the regulatory goals of flexibility and encouragement of innovation.
C. Introduction
The Department assessed several strategies for determining the impact of the various standards that the Secretary will designate under the statute. The costs and savings of each individual standard could be analyzed
independently, or the Department could analyze the costs and savings of all the standards in the aggregate. The decision was made to base the analysis on the
aggregate impact of all the standards.
Given that all the standards are likely to be made final within a reasonable period of one another, it is likely that organizations will seek to make changes to comply with all the regulations at the same time, at least for those components of the regulations that require computer and technology changes. This will be the most efficient investment for most affected organizations, and the estimates the Department has obtained from industry sources are based on this assumption.
The statute gives health care providers and health plans 24 months (36 months for small health plans) to implement each standard after the effective date of the final rule. This provides the industry flexibility in determining the most cost-effective means of implementing the standards.
Dictated by their own business needs, health plans and health care providers may decide to implement more than one standard at a time or to combine
implementation of a standard with other system changes. As a result, overall estimates will be more accurate than individual estimates.
Assessing the benefits of implementing each standard
independently could also be inaccurate.
While each individual standard is beneficial, the standards as a whole have a synergistic effect on savings. For example, the combination of the standard health plan identifier and the standard claim format will improve the coordination of benefits process to a much greater extent than use of either standard individually.
It is difficult to assess the costs and benefits of such a sweeping change because no-one has historical experience with this unique area.
Moreover, the standardization of electronic transactions will spur
secondary innovations, particularly in e-commerce, that may be described generally but are too new to assess quantitatively. Consequently, the analysis of these secondary benefits will be qualitative.
D. Overall Cost/Benefit Analysis To assess the impact of the HIPAA administrative simplification
provisions, it is important to understand current industry practices. A 1993 study by Lewin-VHI estimated that
administrative costs comprised 17 percent of total health expenditures.
Paperwork inefficiencies are a component of those costs, as are the inefficiencies caused by the more than 400 different data transmission formats currently in use. Industry groups such as ANSI ASC X12N have developed
standards for EDI transactions which are used by some health plans and health care providers. However, migration to these recognized standards has been hampered by the inability to develop a concerted approach. For example, even
‘‘standard’’ formats such as the Uniform Bill (UB–92), the standard Medicare hospital claim form (which is used by most hospitals, skilled nursing facilities, and home health agencies for inpatient and outpatient claims) are customized by health plans and health care providers.
Several reports have made estimates of the costs and/or benefits of
implementing EDI standards. In assessing the impact of the HIPAA administrative simplification provisions, the Congressional Budget Office reported that:
‘‘The direct cost of the mandates in Title II of the bill would be negligible. Health plans (and those health care providers who choose to submit claims electronically) would be required to modify their computer software to incorporate new standards as they are adopted or modified...Uniform standards would generate offsetting savings for health plans and health care providers by simplifying the claims process and
coordination of benefits.’’ (Page 4 of the Estimate of Costs of Private Sector Mandates in the Congressional Budget Office report)
The most extensive industry analysis of the effects of EDI standards was developed by WEDI in 1993, which built upon a similar 1992 report. The WEDI report used an extensive amount of information and analysis to develop its estimates, including data from a number of EDI pilot projects. The report included a number of electronic transactions that are not covered by HIPAA, such as materials management.
The WEDI report projected
implementation costs ranging between
$5.3 billion and $17.3 billion (3, p. 9–
4) and annual savings for the
transactions covered by HIPAA ranging from $8.9 billion and $20.5 billion (3, pp. 9–5 and 9–6). Lewin estimated that the data standards proposed in the Healthcare Simplification and
Uniformity Act of 1993 would save from 2.0 to 3.9 percent in administrative costs annually ($2.6 to $5.2 billion based on 1991 costs) (1, p.12). A 1995 study commissioned by the New Jersey Legislature estimated yearly savings of
$760 million related to EDI claims processing, reducing claims rejection, performing eligibility checks, decreasing accounts receivable, and other potential EDI applications in New Jersey alone (4, p.316).
We have drawn on the 1993 WEDI report for many of our estimates because it is the most comprehensive available.
However, our conclusions differ, especially in the area of savings, for a number of reasons. The WEDI report was intended to assess the savings in an EDI environment that is much broader than is covered by HIPAA. Furthermore, EDI continued to grow through the 1990’s (see Faulkner & Gray, 2000), and it is reasonable to assume that EDI would continue to grow for the
foreseeable future even without HIPAA.
The Department’s objective in this analysis is to assess the effect of the legislation and these regulations on the health care sector; only a portion of the benefits of EDI identified by WEDI would be attributable to HIPAA.
E. Implementation Costs The costs of implementing the standards specified in the statute are primarily one-time or short-term costs related to conversion. They can be characterized as follows:
1. System Conversion/Upgrade—
Health care providers and health plans will incur costs to convert existing software to utilize the standards. Health plans and large health care providers generally have their own information systems, which they maintain with in-house or contract support. Small health care providers are more likely to use off-the-shelf software developed and maintained by a vendor. Examples of software changes include the ability to generate and accept transactions using the standard (for example, claims, remittance advices) and converting or cross walking medical code sets to chosen standards. However, health care providers have considerable flexibility in determining how and when to accomplish these changes. One alternative to a complete system redesign would be to purchase a translator that reformats existing system outputs into standard transaction formats. A health plan or health care provider could also decide to implement two or more related standards at once or to implement one or more standards during a software upgrade. Each health care provider’s and health plan’s situation will differ, and each will select a cost-effective implementation scheme. Many health care providers use billing associates or health care clearinghouses to facilitate EDI. (Although we discuss billing associates and health care
clearinghouses as separate entities in this impact analysis, billing associates are considered to be the same as health care clearinghouses for purposes of administrative simplification if they meet the definition of a health care clearinghouse). Those entities would
also have to reprogram to accommodate standards.
2. Start-up Cost of Automation—The statute does not require health care providers to conduct transactions electronically. To benefit from EDI, health care providers who choose to conduct electronic transactions but do not currently have electronic
capabilities would have to purchase and install computer hardware and software as well as train their staffs to use the technology. However, this conversion is likely to be less costly once standards are in place because there will be more vendors providing support services.
Furthermore, providers without
electronic capabilities are more likely to conclude that the benefits of conducting transactions electronically justify a capital investment in EDI technology.
3. Training—Health care provider and health plan personnel will require training on the use of the various standard identifiers, formats, and code sets. For the most part, training will be directed toward administrative
personnel, though clinical staff will also need training on the new code sets.
With standardization, however, vendors are more likely to offer assistance in training as a means of increasing sales, thereby reducing the per unit cost of training.
4. Implementation Problems—The implementation of any industry-wide standards will inevitably create additional complexity in regard to how health plans and health care providers conduct business. Health plans and health care providers will need to work on re-establishing communication with their trading partners, and process transactions using the new formats, identifiers, and code sets. This is likely to result in a temporary increase in rejected transactions, manual exception processing, payment delays, and requests for additional information.
While the majority of costs are one-time costs related to implementation, there are also on-going costs associated with administrative simplification, such as subscribing to or purchasing
documentation and implementation specifications related to code sets and standard formats and obtaining current health plan and health care provider identifier directories or data files.
Because covered entities are already incurring most of these costs, the costs under HIPAA will be marginal. These small ongoing costs are included in the estimate of the system conversion and upgrade costs.
In addition, EDI could affect cash flow throughout the health insurance
industry. Electronic claims reach the health plan faster and can be processed
faster. This has the potential to improve health care providers’ cash flow situations while decreasing health plans’ earnings on cash reserves.
However, improved cash flow is generally considered a benefit, particularly for small businesses.
F. Benefits of Increased Use of EDI for Health Care Transactions
Some of the benefits attributable to increased EDI can be readily quantified, while others are more intangible. For example, it is easy to compute the savings in postage from EDI claims, but attributing a dollar value to processing
Some of the benefits attributable to increased EDI can be readily quantified, while others are more intangible. For example, it is easy to compute the savings in postage from EDI claims, but attributing a dollar value to processing