On December 21, 2022, the Department of Health and Human Services (HHS) issued a proposed rule that would regulate standards for health care attachment transactions. These include medical charts, x-rays, provider notes for office or telehealth visits, referrals, and documentation for prior authorizations or medical claims. The rule also includes recommended standards for electronic signatures used with health care attachment transactions. CMS states that the purpose of this proposed rule is to provide standards that decrease the time and resource-consuming manual processes such as mail or fax often used today to transmit this patient health information.  

Titled the “Administrative Simplification: Adoption of Standards for Health Care Attachments Transactions and Electronic Signatures, and Modification to Referral Certification and Authorization Transaction Standard” the new proposed rule, its timing somewhat confusing, calls for the use of attachments vs. the more advanced codified, structured data architecture and exchange being advanced through machine-readable and API standards, like that which is proposed through a proposed rule released near same time as this proposal.   

HIPAA After 27 Years  

The Health Insurance Portability and Accountability Act (HIPAA) was passed into law in 1996—the same year that the DVD, or Digital Versatile Disk, was launched as the most advanced method for storing and viewing digital data. Chances are, you once owned many DVDs, but now view movies in a different format. Similarly, the technology exists to fully automate health information data exchange, but regulations have been slow to incentivize the use of applicable standards to make this an industry-wide reality.  

HIPAA originally called for health care attachment standards with the addition of a new Part C to the Social Security Act titled “Administrative Simplification.” This required the Secretary of HHS to adopt sets of standards for electronic transactions.  

The HIPAA Administrative Simplification requirements called for in 1996 were reinforced by the 2010 ACA which requires the Secretary to adopt and regularly update electronic transaction standards, unique identifiers, and operating rules for the electronic exchange and use of health information for health insurance administration. 

For the past 13 years, the ACA has required that the adopted standard for health claims attachments be “consistent with the X12 Version 5010 transaction standards,” and allowed no extensions to provide smaller health plans with more time for compliance. The new proposed rule pushes these standards forward by proposing the use of standards that support information exchange with machine-readable files that enable automation. 

Defining Health Care Attachments 

Health care providers must submit specific types of patient health information to the patient’s health care coverage plan in order for care to be authorized and paid. This information includes administrative data in a HIPAA transaction and additional information such as medical documentation to support a claim or referral authorization.  

Most providers use manual processes such as mail, fax, or internet web portals to send and receive this patient health information. The information must then be manually entered into the provider’s EHR and/or the payer’s claims processing system.  

The proposed rule specifies new standards for three general rule cases: 

Prior Authorization – Building on the current HIPAA adopted transaction standard for prior authorization, the new standards provide the ability to electronically submit documentation  

• PA Request:  X12 278 v. 6020 
• Attachment: X12 275 v. 6020, HL7 CCDA, HL7 Digital Signatures 
• PA Response X12 278 v. 6020 

Solicited Documents - Attachments sent by a provider when they have submitted a claim and the health plan requests additional information to make a payment determination 

• Claim: X12 837 v. 5010 
• Health Plan Request: X12 277 v. 6020 
• Attachment: X12 275 v. 6020, HL7 CCDA, HL7 Digital Signatures 

Unsolicited Documents – Attachments sent by a provider when initially submitting a health care claim transaction for a serve they have rendered 

• Claim: X12 837 v. 5010 
• Attachment: X12 275 v. 6020, HL7 CCDA, HL7 Digital Signatures  

Defining Electronic and Digital Signatures  

CMS believes that the electronic signature is an important indicator that the information contained within the attachment has (1) been approved by the patient to share and (2) been reviewed by the provider or clinician with the authority to coordinate the patient’s care. CMS defines a digital signature as an electronic stamp containing information about the signer and the document. Digital signatures create secure computer codes that can be used to authenticate the signer.  

The Administrative Simplification proposed rule requires use of the HL7 Implementation Guide for CDA® Release 2: Digital Signatures and Delegation of Rights, Release 1 (Digital Signatures Guide). While this Implementation Guide (IG) does ensure encryption requirements protect message integrity and authentication, many industry stakeholders dispute the need for electronic signatures between two entities who have established and verified Business Agreements (BAs) and/or Standard Operating Procedures (SOPs). Requiring or incentivizing a standard that the industry does not believe is necessary or beneficial may lead to delays in this proposed rule becoming a final rule. 

You can read the complete proposed rule here. Or, read the comment letter submitted by POCP here. The deadline to submit comments is March 22, 2023.  

If you missed our  Health IT Policy webinar on February 28, you can still listen to the recording or peruse the slide deck by requesting them to be emailed to you here. In the webinar, our expert panel provided overviews of some of the most recent NPRMs prior followed by a moderated panel discussion fueled by questions submitted by registrants. You can also register for the April 6th webinar, that will provide an overview and analysis of the comments submitted by the industry in response to recent proposed rules.

POCP can help you understand and plan for the changes this proposed rule would bring to your organization and business partners. Our team includes subject matter experts in information exchange standards who are currently providing leadership at the program and use case level to the HL7 Da Vinci Project, FHIR at Scale Taskforce (FAST), Gravity and CodeX. POCP is also the program management organization for the Gravity Project focused on identifying and harmonizing social risk factor data for interoperable electronic health information exchange. We can help your organization understand the current landscape and prioritize projects to support compliance with the flurry of recent proposed rulemaking. Reach out to me at kim.boyd@pocp.com with any questions or to schedule time to chat.