• Loading...

    HIPAA Logo

    External links to other sites are intended to be informational and do not have the endorsement of Texas Department of State Health Services. These sites may also not be accessible to people with disabilities.

Frequently Asked Questions Case Management

Loading...

The Texas Department of State Health Services (DSHS) cannot provide operational guidance or legal interpretations of HIPAA to other persons or entities that are required to comply with HIPAA. Each covered entity has a duty to ensure its own compliance with HIPAA, independent of its relationship with DSHS. The information below does not constitute legal advice.

  1. What does Electronic Data Interchange (EDI) mean?

  2. What changes will occur because of EDI requirements?

  3. As a case management provider what do I need to do?

  4. Where do I find more information about HIPAA as it relates to claims?

  5. How do Case Management providers get the privacy notice referenced?

  6. Does DSHS case management staff need to review my privacy notice for compliance with HIPAA?

  7. Who will document compliance with HIPAA?

  8. If DSHS isn't monitoring compliance nor providing the privacy notice to case management providers, why do providers have to use the revised HIPAA case management forms?

  9. In the past independent case management providers have done internal quality assurance (QA) for each other. How does the implementation of HIPAA privacy rules affect this practice?

    If a provider is going to do this, would that provider need to get a release of information from each client allowing the other agency access to records for the purpose of internal QA?

  10. What changes will be made to case management services because of the HIPAA security requirements?

1. What does Electronic Data Interchange (EDI) mean?

ELECTRONIC DATA INTERCHANGE (EDI) For HIPAA, EDI relates to transaction code set standards. These require a standardized method for exchanging information electronically. The primary focus for case management is in relationship to claims filing.

Top

What changes will occur because of EDI requirements?

Medicaid must standardize the way electronic claims are submitted. Currently case management is using local procedure codes and modifiers to file claims to Medicaid. EDI requires the use of national procedure codes and modifiers on claims. TDH has worked closely with HHSC (Health and Human Services Commission) and NHIC to determine which national codes to use for MCM and PWI services. These decisions have been made and have been published in the Texas Medicaid 2003 HIPAA Special Bulletin. This bulletin was mailed to providers at the end of April and is available in .pdf format on-line. Documentation had been available at NHIC website. Effective January 1st the Texas Medicaid and Healthcare Partnership (TMHP) will assume Medicaid Claims Administrator duties for the state of Texas. Their web site can be found at:
www.tmhp.com. http://www.eds-nhic.com/downloads/HCPCS_Special_171.pdf

3. As a case management provider what do I need to do?

Review the changes to codes in the special bulletin or the chart on this website to become familiar with the changes. Attend the provider workshop nearest you. Ensure that the vendor used for claims payment is aware of the coming changes so that their system can be adjusted to allow for the changes. (TDHConnect is being updated. The update and should be ready for distribution to providers prior to October 2003.) All claims will be date of service driven. File claims with local codes for services provided prior to October 16, 2003. Begin using the national codes and modifiers for all services provided on or after October 16, 2003.

4. Where do I find more information about HIPAA as it relates to claims?

More information can be found on this website:
HIPAA EDI, General HIPAA information for providers,
or on the CMS (Centers for Medicaid and Medicare Services) website:
https://www.cms.gov/hipaageninfo/

5. How do Case Management providers get the privacy notice referenced?

PRIVACY : Each case management provider must provide a copy of its agency's privacy notice to each client. Agencies may view the HIPAA privacy notices posted as a guide.
HHS Office of Civil Rights web site also has information to assist in developing HIPAA compliant privacy notices, policy and procedure: http://www.hhs.gov/ocr/privacy/

6. Does DSHS case management staff need to review my privacy notice for compliance with HIPAA?

No. Case management staff are not reviewing privacy notices to ensure they meet HIPAA compliance. It is each provider's responsibility to ensure that the notice they provide to their client's includes all required information.

7. Who will document compliance with HIPAA?

Compliance monitoring is the responsibility of federal Office of Civil Rights and the federal Health and Human Services.

Top

8. If DSHS isn't monitoring compliance nor providing the privacy notice to case management providers, why do providers have to use the revised HIPAA case management forms?

HIPAA regulations established specific guidelines for releases of information. Prior to revision, the consents on the service plan, service plan addendum and authorization to release information did not meet those requirements.

Top

9. In the past independent case management providers have done internal quality assurance (QA) for each other. How does the implementation of HIPAA privacy rules affect this practice?

If a provider is going to do this, would that provider need to get a release of information from each client allowing the other agency access to records for the purpose of internal QA?

In the past the providers would have needed to sign a confidentiality agreement that assured that what they reviewed during internal QA or peer review would not be shared with any other parties. With the implementation of HIPAA, the providers that are providing internal QA for each other will need to get a Business Associates Agreement signed. The following link has frequently asked questions and answers regarding business associates http://www.hhs.gov/ocr/privacy/
The following link has sample business associate agreements http://www.hhs.gov/ocr/privacy/ When DSHS staff perform QA functions they are performing the functions as part of the administration of the program, therefore this agreement is not necessary between DSHS and providers.

10. What changes will be made to case management services because of the HIPAA security requirements?

SECURITY The impact of HIPAA security rules on case management is not yet known. There will be more information on HIPAA security in coming months.


Please submit additional questions regarding case management services to:

  • via Email to:  
  • via Regular Mail to :

    Department of State Health Services
    1100 West 49th Street
    Austin TX 78756
    ATTN: HIPAA Case Management

 

  • Loading...
Last updated April 19, 2012