Frequently Asked HIPAA Questions
Cigna Behavioral Health Provider Communication
In accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Cigna Behavioral Health is committed to compliance with all HIPAA regulations. Privacy rules require compliance by April 14, 2003. Transaction and Code Set rules require compliance by October 16, 2003.
For a review of the most frequently asked questions and answers, click on the links.
If your additional questions pertain to the readiness of your own practice or facility, Cigna Behavioral Health recommends you contact your legal counsel, local professional association, or clearinghouse administrator.
It is the Health Insurance Portability and Accountability Act of 1996. It consists of several parts, including a section called "Administrative Simplification" that was designed to reduce administrative costs by standardizing electronic transactions and code sets. "Administrative Simplification" also contains requirements to protect the privacy and security of Protected Health Information (PHI). The regulation defines PHI as any information relating to the health of an individual, the healthcare provided to an individual, or payment for the health care provided to that individual.
Health plans, healthcare clearinghouses and healthcare providers who engage in electronic transactions must comply, these are known as "covered entities". To a lesser degree, employers and business associates of covered entities are also affected.
No. CBH is not a healthcare provider, a health plan, or a healthcare clearinghouse. CBH operates as a Third Party Administer (TPA) an/or Utilization Review (UR) Agent for employer sponsored and insured health plans. Through these TPA and/or UR arrangements with our health plan customers, CBH is delegated to perform certain health plan functions. For this reason, CBH is a Business Associate of those plans and insurers, which are the covered entities.
No. Our network providers do not delegate any responsibilities to CBH through a vendor contract, nor does CBH delegate any of our TPA or UR responsibilities to our providers (i.e., CBH does not delegate benefit coverage determinations to our providers, and providers do not delegate treatment decisions to CBH). Therefore, we are not business associates of our providers, and they are not business associates of CBH. CBH will not execute business associate or qualified service agreements with any providers.
There is essentially no change to TPO activities. The same types of interfaces will continue today as they have in the past.
Except for changes in the transactions and codes sets used for benefit authorization and claims submission and payment, communications between CBH and providers have not changed. Most of our interfaces are related to treatment, payment, and health plan operations (TPO), which are allowable under HIPAA's privacy regulations. However, when calling CBH using our IVR/VRU self-service functions, you will be asked to identify yourself by verifying your Tax ID number (TIN). Also, when calling to speak with a Personal Advocate or Customer Service Representative, providers will be required to provide their TIN, the participant's name and date of birth, and the subscriber's ID number (usually the subscriber SSN), before CBH may either disclose or confirm PHI.
CBH is fully compliant with the HIPAA privacy regulations, effective April 14, 2003, and is fully compliant with the HIPAA Transactions and Code Sets extended deadline of October 16, 2003. CBH will be in compliance with the HIPAA Security regulation by the 2005 deadline.
If you are planning to submit transactions electronically, providers and vendors should contact their current trading partners/clearinghouses for information and instructions. Your professional association and/or legal representative can advise you on steps you may need to take to become compliant with HIPAA Privacy and Security requirements.
CBH cannot give legal advice to our providers. Please consult your current trading partners or clearinghouse representative, practice management software vendor, professional association and/or your legal counsel regarding what you need to do to become HIPAA compliant.
Your clearinghouse and/or practice management software vendor can advise you as to what you need to do to become complaint with HIPAA's Transaction and Code Sets requirements. Your professional association and/or legal representative can advise you on steps you may need to take to become compliant with HIPAA Privacy and Security requirements. Remember, the goal of these regulations is "simplification"!
CBH filed for the allowed Transaction and Code Set extension to enable adequate testing time for all of the required EDI transactions, as well as to enable some of the software vendors with whom we work to complete their HIPAA upgrades.
Through Cigna HealthCare, we tested claims-related transactions with clearinghouses including MedUnite, Web MD, Electronic Network Services (ENS), McKesson HBOC, NDCHealth, Per Se Techonologies, ProxyMed and SSI Group. We also conducted non-claims-related (e.g. referrals, pre-auth requests, eligibility and coverage inquiries) transaction testing with MedUnite and Web MD.
No. Our testing was conducted through clearinghouses, not with individual providers, hospitals or clinics. As has been our practice in the past, providers are encouraged to work through any one of the clearinghouse arrangements we have in place in order to electronically submit claims.
The regulation requires all covered entities and TPAs to adapt their systems and processes to accept and respond to standard industry-wide EDI transactions and coding for common provider interfaces. For medical code sets, including behavioral code sets, providers will need to insure they are billing with compliant codes and eliminate the use of any non-compliant codes.
No. There are no HIPAA requirements for SSN's. However, there are a number of states that are considering or have legislation that will stop the use of SSN's as an individual's identifier. Cigna Behavioral Health is compliant with all applicable state regulations.
The HIPAA Transaction & Code Set regulations establish national standards for a variety of electronic transactions, including the submission of claims by providers or their designated clearinghouse to payers. Any provider submitting EDI claims to Cigna Behavioral Health after October 16, 2003 must do so through their clearinghouse in the HIPAA compliant format with the required data content. Electronic claims submitted through EDI that don't comply with the HIPAA format and data content standards will no longer be accepted. CBH providers can already submit paper claims and web claims to CBH using the new Transactions & Codes Sets. CBH providers may submit claims directly to CBH via our web page, at cignabehavioral.com.
Providers who request to receive their EOB electronically will receive it via their clearinghouse in the 835 HIPAA format that will contain the applicable HIPAA compliant medical/behavioral code sets. There will be no impact for providers who do not request an electronic EOB.
Post-October 16, 2003, providers are able to perform electronic claim status inquiries through either MedUnite, or one of CBH's clearinghouse arrangements. These inquiry channels have been modified slightly in order to comply with HIPAA standards but should not have any material impact on providers.
The HIPAA regulations fully apply to covered entities operating within Puerto Rico.
The HIPAA regulations do not require certification for either Transactions & Codes Sets or Privacy. Neither CBH nor CHC plan to seek certification at this time.
CBH and CHC implemented all of the applicable HIPAA required Transactions & Codes Sets by October 16, 2003.
No. We encourage providers to contact their Clearinghouse regarding the Companion Guide.
Covered entities (which includes health care providers) must be aware of state laws that are more stringent than the HIPAA provisions, and must meet the higher standards in every instance.
|Home||About Us||Newsroom||Contact Us|