From The Editor | May 25, 2010

ICD-10 & HIPAA 5010 Compliance In The Cloud

Vicki's NL headshots and images

By Ken Congdon, editor in chief, Health IT Outcomes

While much of the national news coverage has focused on EHR (electronic health record) adoption/meaningful use and healthcare reform, perhaps the most significant IT challenge for healthcare providers over the next few years will be HIPAA (The Health Insurance Portability and Accountability Act) 5010 and ICD-10 (International Classification of Diseases, 10th edition) compliance. HIPAA 5010 is a new set of standards that regulate the electronic transmission of specific healthcare transactions including eligibility, claim status, referrals, claims, and remittances. Version 5010 carries at least 1331 modifications spanning all 9 standard electronic transactions and includes improvements in structural, technical, and data content (including improved eligibility responses and better search options). It also is more specific in requiring the data that is needed, collected, and transmitted in a transaction (such as tightened and clear situational rules).

ICD-10, on the other hand, is a coding of diseases, symptoms, abnormal findings, social circumstances, and causes of injury as classified by the World Health Organization. ICD-10 calls for a complete replacement of the ICD-9 code sets used to report medical diagnoses and procedures. ICD-10 does more than just replace the old ICD-9 code set, it also adds five times as many codes to the classification structure.

Both HIPAA 5010 and ICD-10 affect all segments of the healthcare industry including providers, clearinghouses, health plans, and government agencies. However, providers are ultimately responsible for compliancy and, in most cases, this compliancy will require significant upgrades to a healthcare facility’s IT systems. Because of the IT investment necessary and the short compliance time windows (U.S. healthcare organizations must comply with HIPAA 5010 by January 1, 2012 and ICD-10 by October 1, 2013), many providers are beginning to consider cloud computing or SaaS (Software-as-a-Service) offerings as a viable option to achieve compliance with these mandates quickly and cost-effectively.

SaaS SECURITY CONCERNS GIVE WAY TO COMPLIANCE PROMISE
While cloud computing has caught on in other facets of healthcare IT (see related story Cloud Storage Solves The Medical Imaging Data Problem,) SaaS offerings haven’t historically been embraced for HIPAA and patient coding applications due to the privacy and security concerns that have surrounded the platform. In other words, SaaS applications often carried the stigma of being "risky" because patient data is stored in an off-site facility maintained by a third party rather than controlled internally via an on-premises system. However, as more healthcare facilities have documented successes using SaaS for numerous applications ? from workforce optimization to EHR archiving and management ? these security concerns have begun to wane.

With security issues becoming less of a sticking point for SaaS adoption in healthcare, IT departments are beginning to realize the significant impact cloud applications can have on HIPAA 5010 and ICD-10 compliance. For example, since SaaS offerings aren’t installed internally, they require little to no IT support. When you subscribe to a SaaS service, you don't have to dedicate your in-house IT staff to implement the solution or hire a systems integrator to install and integrate the product with your existing applications. This enables a SaaS application to be deployed quickly. In fact, depending on how tightly the SaaS application needs to integrate with existing systems, a cloud application can be implemented and operational in a matter of days or minutes as opposed to weeks or months. Furthermore, all upgrades to the software are handled by the third party provider. This can be extremely attractive in the case of ICD-10 compliance. For example, the U.S. healthcare system is more than a decade behind the rest of the world when it comes to adopting ICD-10 and the alpha version of ICD-11 is already set to be released later this year. With ICD-11 looming, many healthcare providers aren’t too keen on overhauling systems to comply with ICD mandates twice over the period of just a few years. With SaaS, healthcare providers can let the third party provider worry about the system upgrades future ICD iterations will require.

Vendors are already beginning to tap into the demand for SaaS offerings for HIPAA 5010 and ICD-10 compliance. For example, in mid-March, 3M Health Information Systems and Trizetto Group announced that 3M’s ICD-10 Code Translation Tool will be embedded into TriZetto Advantage 10 Services SaaS application. Precyse Solutions has also announced plans to make its line of coding tools and NLP (natural language processing) technologies available via SaaS. As the deadlines for HIPAA 5010 and ICD-10 compliance approach, you can likely expect many more cloud-based compliance offerings for both providers and payers to emerge in the coming months.

Ken Congdon is Editor In Chief of Health IT Outcomes. He can be reached at ken.congdon@jamesonpublishing.com.