What to do if your vendors are late with HIPAA 5010, ICD-10 updates
Published: 2010-07-19 18:20:02By: Tom Sullivan | Healthcare IT News | April 23, 2010
Some software vendors have not yet issued HIPAA 5010 enhancements, let alone those for ICD-10. What's more, providers and payers should already be gearing up for internal testing of HIPAA 5010 and at least beginning the ICD-10 implementation phase. So without the upgrades, what are providers and payers to do?
“We are very disappointed with the apparent delays from our software vendors. Some are indicating ICD-10 upgrades at very late dates. All are indicating late dates for 5010 upgrades,” says a project manager at a major provider who requested anonymity.
In all fairness to vendors, they are neither the only ones running late nor should they shoulder all the blame. “Since technology changes are secondary to procedural changes, I would argue if we are gauging the industry we could just as easily argue providers won't be ready on time,” says Tori Sullivan, a manager in Capgemini's healthcare division who also chairs HIMSS ICD-10 Task Force.
Glued to each other
As is so often the case for software, ICD-10 vendors and their customers have a co-dependent style of relationship. Sharon Perkins, director of IT and HIPAA security officer at El Paso Health Plan explains how that works. “We need a partner in our software vendor to take us to the next level of where we need to be for compliance because not only are we looking at 5010 and ICD-10 but there’s a national healthcare initiative that’s rolling out at this time, too, and that has an impact. So we look for partners with our software vendors to be in tune with the ongoings of the industry.”
The National Committee on Vital and Health Statistics (NCVHS), an advisory committee to HHS, determined through interviews that many experts are questioning whether practice management or healthcare vendors will even be ready to support the HIPAA standards.
Based on the schedules recommended by CMS, WEDI, and others, companies should now be preparing for Level 1 Compliance for HIPAA 5010 by January 1, 2011, so that they can spend next year testing. That would make 2011 “a transition period,” explains George Vancore, an IT systems integrator within Blue Cross and Blue Shield Florida's regulatory mandates and compliance program office. “You need to transition from 4010 to 5010.”
Such transitions, for both 5010 and ICD-10, will be arduous and complex indeed. Payers, for instance, have hundreds of vendors, many of whom have something to do with HIPAA 5010 or ICD-10 codes, and they have to manage all of them, individually. That same goes for providers.
In the meantime
Whether vendors deliver the updates on time or not, the ultimate responsibility resides with providers and payers. “We are at the mercy of the vendors for timing, and these are not small vendors,” said the anonymous project manager. “We're the ones who get the penalty for a non-compliant claim”
There are options, though unfortunately most are in the realms of longshot or desperate. Providers or payers facing a vendor who is not going to make the deadline can take the dramatic approach of switching to another vendor who will meet the deadline, start a letter-writing campaign aiming to convince CMS to delay the compliance date yet again, become active in the vendor user groups, or essentially isolate the system until the vendor releases a patch.