QUESTION: We are a TPA that administers claims for self-insured group health plans. If a health care provider asks us, acting on a health plan client’s behalf, to reimburse the provider for health care services using HIPAA’s electronic transaction standards, are we obligated to honor the request?
ANSWER: If a health care provider requests that a health plan conduct a transaction subject to HIPAA’s electronic transaction standards as a standard transaction, then the health plan must do so. According to CMS (the agency responsible for enforcing the electronic transaction provisions of HIPAA administrative simplification), HIPAA regulations do not contain any exceptions to the requirement that health plans comply with a provider’s request to use the adopted standards to make claims payments, regardless of whether the provider is in the plan’s network or otherwise affiliated with the plan (see our Checkpoint article). Health plans may not require providers to make changes or additions to the standard claim.
Moreover, if a health plan uses a business associate (such as a TPA) to conduct all or part of a HIPAA transaction on its behalf and directs providers to work with the business associate to receive payments from the plan, then the health plan must require its business associate to comply with all applicable requirements. A health plan is not excused from liability for noncompliance merely because it has contracted with a business associate to conduct the transactions. Accordingly, your agreements with your health plan clients on whose behalf you make claim payments should obligate you to comply with a provider’s request to use the adopted standards. If you fail to follow the standards, then the health plan may be subject to HIPAA penalties assessed by CMS, and you may be contractually liable to the health plan for associated damages.
If a provider does not request that the health plan use the adopted standards or does not complete the health plan’s (or business associate’s) enrollment process after making a request, then the health plan (or business associate) may pay the provider via alternate methods. For example, rather than using the automated clearing house (ACH) network for electronic funds transfers, the health plan could use a payment card network.
For more information, see EBIA’s HIPAA Portability, Privacy & Security manual at Sections XXXII.A (“Introduction to HIPAA’s Electronic Transaction Requirements”) and XXXII.C (“What Do the EDI Standards Require?”).
Contributing Editors: EBIA Staff.