Medicare to Plug NPI Hole with HIPAA Violation
I'm afraid to go back to Baltimore. I've enjoyed a long and fairly collegial relationship with the folks inside CMS, both on the regulatory and the Medicare side of the department. Sure, I've challenged them on occasion, and we sometimes have agreed to disagree, but we tend to agree that we are, after all, pulling in the same direction in our own particular way. They as the regulatory body that oversees an entire sector of the industry and the largest health plan known to humankind; I as a humble IT analyst and blogger from Tulsa, OK.
Everything was fine until Medicare NPI. We understood each other.
A Cyclops Has No Depth Perception
But recently I had to go out and poke them in the eye. I'm not sure if they noticed, but it seems they blinked, one way or the other. And the blink is worse than the little National Provider Identifier mote I was trying to dislodge in the first place. See, it seems that they got around the not-everybody-has-an-NPI-so-how-can-you-insist-billers-provide-one problem by simply requiring that providers who want to get paid will reprogram their systems to violate the X12 standard and CMS's own regulations.
In a Clamshell?
I won't rehash the entire Medicare to Penalize Billers for Referrers' NPI Deficiency post I did before, but in a nutshell:
- HIPAA requires "Covered Entity" providers to obtain an NPI. Providers who do not conduct electronic transactions are not Covered Entities.
- Medicare further requires "its own"providers to obtain an NPI as a condition of enrollment.
- Medicare providers will often perform procedures received from non-Medicare providers.* Some of those providers do not have NPIs and will never get them, unless forced to do so at gunpoint (I could introduce you to one of them if you'd like.)
- Nonetheless, Medicare designed their claims system to require an NPI of all providers, even those who are not required to obtain one.
Where Does It Say That, Again?
Medicare explained that the NPI Final Rule requires an NPI be sent for all providers on a claim. It doesn't, but apparently they overlooked that detail in their own regulation text, the X12 implementation guides and my little blog that pointed it out to them.
A Million Little Dutchboys, A Million Little Fingers
But apparently somebody explained something to them, because, according to their new Medlearn Matters article, they came up with a workaround. If billers try and try again, and still can't get an NPI out of the referrer, they can put their own NPI in there instead:
If, after several unsuccessful attempts to obtain the NPI from the ordering, referring, attending, operating, other, service facility provider, or purchased service provider; CR 5890, from which this article is taken, requires that (effective May 23, 2008) the provider or supplier who is furnishing the services or items report their own name and NPI in the claim’s ordering/referring/attending/operating/other/service facility provider/purchased service provider fields. MLN Matters Number MM5890
The rationale is pretty straightforward: Why fix your own flawed system when you can simply have nine hundred thousand providers apply a kluge? It's not like they aren't already accustomed to pasting on one Medicare bandaid over another, month after month.
Ignorance of Your Own Law Is No Excuse
There is that small matter of the law. See, the HIPAA Transaction and Code Sets Final Rule says that a Covered Entity cannot "change the definition, data condition, or use of a data element or segment in a standard." (§ 162.915(a), Federal Register / Vol. 65, No. 160, p. 50368). The standard says that the Referring Provider segment is for the Referring Provider; it doesn't allow an exception to send in the biller's own name and NPI when the recipient can't handle the truth that the referrer has no NPI.
Small Change, Big Consequences, Bigger Principles
So is plugging in one number for another, one name for another, really a big deal? I mean, how many claims could we be talking about, 1%? Half a percent? Let's put it this way -- Medicare's most recent statistics list 871,865 participating physicians and 6,177 participating hospitals (see the CMS Data Compendium and start digging). Medicare processed 177,062,821 Part A (i.e. Hospital) 876,527,057 Part B (physician, lab) claims in 2005 -- and that's just the electronic claims. Half a percent of a billion claims is 5 million claims. (see Electronic Data Interchange (EDI) Performance Statistics)
But the bigger deal is that Medicare is abdicating even the pretense of observing the standard that was supposed to simplify things for everybody, reduce (though certainly not eliminate) costly, make-work payer requirements, and allow us to spend more of our healthcare dollar on healthcare. The standard that its own agency adopted and set into law.
AdminSimp Sun Sets
The publication of this notice serves as a tiny little bureaucratic declaration of surrender of the principle of Administrative Simplification. That's bad for providers, that's bad for healthcare, and that's bad for all of us.
* Most dentists are not enrolled in Medicare, and many don't do electronic billing, so they're not Covered Entities -- they do not have to get an NPI by law or due to participating in Medicare. But a recent report showed that routine dental care is a major factor in early prevention and diagnosis of medical problems. Why? When a dentist opens your mouth and sees something scary, he sends you to an MD or a lab. When the lab processes the test, they have to explain who ordered it: The dentist.
Comments