HIPAA Compliance – 5010 and ICD-10

HIPAA and the CDC have developed an updated set of standards for the documenting and the electronic exchange of healthcare information.  These standards direct what data is to be retained, what document is utilized to communicate a specified task or event, what information is mandatory vs. optional for a particular document, and the rules for the structure of the document.  These standards are independent of, and do not regulate, the translation tools, communication protocols, transmission methods, message routing, software applications, and internal data format that a particular institution may use.

Because of the possible diversities at each institution, no two 4010-5010 conversions can be executed in an identical manner.  The approached though should remain the same.  The basic steps for implementing a 4010-5010 conversion are: Educate, Analyze, Plan, Design, Develop, Communicate with Trading partners, Test Internally, Validate, Trading Partner Testing, Implement, and Close.  If care is taken to adhere to these steps and continual, open communications are fostered with project stakeholders and team members, success will be guaranteed.

Basic Steps for Implementation

1. Educate
Begin with insuring stakeholders at all levels of the institution have a clear understanding of HIPAA 4010-5010 transactions and the ICD9-ICD10 changes.  This knowledge will facilitate the understanding of the impact and breadth of the changes.  Document the processes, procedures, and tools that are currently used to comply with the current standards.  Understand what is unique to this institution.

2. Analyze Changes
Outline each required modification.  Describe the impact to business processes and software, billing procedures, as well as the EDI processes.  These changes not only affect the EDI documents, but they affect business and regulatory processes, clinical data needs, and data retention.  These effects need to be understood at all levels of the institution.

3. Plan
Develop the project plan and obtain commitment and signoff by stakeholders.

• Timeline
• Tasks
• Mileposts
• Resource Requirements
• Risks
• Internal and External Test Plan
• Costs

4. Design Solution
Include changes to all business, software, and transaction entities that were identified during the analysis phase.  This may include, but are not limited to, changes to EDI transactions, database structures, message flow, business processes, and data collection/retention.  Obtain approval of the design from the stakeholders.  Gather resources required to develop the designed and approved solution.

HIPAA Compliance - 4010A1 to 5010

5. Develop Solution
Monitor the development of the approved design to insure compliance with timeline and track risks.

6. Communicate with Trading Partners
Very critical.  Even if an institution is prepared, the trading partners may not be.  All of the trading partners' timetables must be considered.  A non-compliant trading partner or one that is not available for testing can be trouble. Notify all trading partners of the changes that will be made, the testing procedures, and the testing schedule at least 6 months in advance.

7. Test Internally
Set up a full test environment and test, test, and then test again. This is truly the longest, from a time perpective, to complete.  Can take up to 1 year for large enterprises.

8. Validation
Utilize the TraceIT validation tool to confirm that all transactions are compliant with implementation guidelines.

9. Trading Partner Testing
Targeted testing of all transactions followed by a full cycle testing with each and every trading partner.

10. Implement
Move to Production and Monitor

11. Close Project
Complete and submit a project summary report
Clean up test and development systems
Obtain project completion signoff from stakeholders