myarea_crdetail

Change Request Detail

<-BACK

No.

800

Date

3/31/2003

Submitter

Laurie.Valentine@kp.org

Type of Request

Pertaining to more than one, or not sure

Status

DSMO Process Completed

Business Reason

Final Privacy Rule Requires the 837 4010 Implementation Guides to Change
ISSUE: HIPAA Revised Privacy Rule Impacted HIPAA Transaction Standards

In HIPAA privacy rule issued in the Federal Register dated December 28, 2000, Section 164.506 required that a covered health care provider ‘must’ obtain the individual’s consent prior to using or disclosing protected health information to carry out treatment, payment, or health care operations. . .

In the HIPAA revised (or final) privacy rule issued in the Federal Register dated August 14, 2002, Section 164.506 relaxed the requirement in stating that a covered entity ‘may’ obtain consent of the individual to use or disclose protected health information to carry out treatment, payment, or health care operations.

The revised privacy rule change impacted two data segments in the transaction sets for 837 Health Care Claim: Institutional (837I), 837 Professional (837P) and 837 Dental (837D) and one data segment in the 278 Health Care Services Review – Request for Review and Response. The data segments in the 837 are CLM for Claim Information and OI for Other Insurance Coverage Information. Within this CLM data segment, there are two data elements: CLM09 for Release of Information Code, CLM10 for Patient Signature Source Code. Within the OI Other Insurance Coverage Information there are two data segments: OI06 for Release of Information Code and OI04 for Patient Signature Source Code. In the 278 Implementation Guide the impacted segment is UM Health Care Services Review Information and the data element is UM09.

The Release of Information Code CLM09 is a required data segment in 837I, 837P, 837D and UM09 is required in the 278. This indicates permission by the patient to release his/her medical data to other organizations.

The code selections for CLM09 and UM09 requiring the release of information conflicts with the revised final privacy rule stating that consent is not required for treatment, payment, or health care operations. In the current Version 4010, the change cannot be revised from the ‘required’ status until the next version goes through the appropriate process in making the changes.

Suggestion

For industry consistency and so that a health care claim does not violate the privacy rule; information should be disseminated to the public for testing and implementation of the current 4010 version.

A DSMO request #716 was filed and approved. As a solution, the X12 American National Standard Institute, Office of Civil Rights, Office of General Counsel, and Centers for Medicare and Medicaid Services agreed that the revised privacy rule does not require a signature for release of protected health information for treatment, payment, and health care operations. Their recommendations for CLM09 were: Use "I" if you have no signature; use "Y" if a signature was obtained; Do NOT use A, M N, or O.

OI06 is a crosswalk from CLM09. CLM10, OI06, OI04, UM09 have not been thoroughly reviewed or commented on by the DSMO's.

DSMO Category

Category Legend

Recommendation

Not a change request but the DSMO recommendation is as follows: The DSMO recommends that an "I" should be used in the OI06 and CLM09 segments for 4010A until the data element regarding the signature for release of information is removed. This data element is no longer required due to the revised privacy rule. Furthermore, HHS should include this DSMO recommendation in the Frequently Asked Question section of their HIPAA web site.

Appeal Recommendation