HIPAA Administrative Simplification: Standards for Electronic Health Care Claims Attachments CMS-0050-P

January 20, 2006

Honorable Michael O. Leavitt
Department of Health and Human Services
Hubert H. Humphrey Building
Room 445-G
200 Independence Avenue, SW
Washington, DC 20201

Re: HIPAA Administrative Simplification: Standards for Electronic Health Care Claims Attachments CMS-0050-P

Dear Secretary Leavitt:

This letter is to offer comments and recommendations on behalf of the members of the American Health Information Management Association (AHIMA) to the Department of Health and Human Services' (HHS or Department) proposed rule, published on September 23, 2005, establishing an additional Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification standard for electronic healthcare claims attachment.

AHIMA's 50,000 members are professionals educated, trained, and certified in various aspects of health information management (HIM). A sizeable number of these professionals work in hospitals, health systems, large clinics, and health plans, and are directly affected by the requests and responses that take the form of the "attachment" information, which is the focus of the September notice of proposed rule making (NPRM). HIM professionals are also deeply involved in activities already underway to achieve a standard electronic health record (EHR) and other projects to achieve electronic interoperability and harmonization in all healthcare standards and data. To this end AHIMA members and staff play an active part in the Health Level Seven (HL7) standard data organization and its work, including work toward securing appropriate attachment standards. Additionally, HIM professionals have also been involved in the security and confidentiality of health records since the 1920s including the process known as "release of information." All of these HIM functions and experiences are touched in the proposed rule.

EHR, NHIN, and Interoperability v Timing and Implementation of this Proposal

As AHIMA reviewed the proposed rules, the process raised overarching concerns that need to be addressed. This NPRM, pending for almost a decade, comes at a time when the industry is actively addressing various aspects of obtaining, storing, exchanging, and reporting complete, relevant, standard clinical healthcare data. Emphasis in the last three years on the development and adoption of a standard EHR and an interoperative nationwide health information exchange (NHIN) are at the top of the Department's agenda and our profession's as well. Current activity and priorities raise concern that some aspects of this proposed HIPAA standard, based on information collected in, and from, the environment of the 1990s, does not fit in today's environment and priorities. Any action taken on implementing this standard and adopting a final rule must consider the environment of 2006 as our industry addresses a variety of aspects related to how clinical information should be provided by the health record in a standardized process.

The attachment process is important, and there is a place for the work of the Accredited Standards Committee X12 (X12) and HL7 that will result in a transaction standard with which to report standardized clinical data necessary for claims adjudication. But, these transaction standards must be flexible and must be built on the basis of the definitions and data sets of the standard EHR now under development and not a record from an era when clinical information was non-uniform, paper-based, and used mainly for reimbursement purposes. To proceed with adoption of the standards proposed and not recognize the need for flexibility, uniformity or consistency, and interoperability will hinder the goals that have now been raised by the President and the healthcare industry. Likewise, adoption and implementation of these standards must be done in light of the goals, objectives, resources and timetables of today's healthcare environment and not that of standards regulations initiated 10 years ago.

Attachments are a Secondary Use of the EHR

If the transactions represented by these proposed rules, strictly related to administrative data associated with electronic claims, there might be less concern. Unfortunately, the data is transferred in these attachments comes from the health record and thus becomes part of the clinical data and other factors under consideration in the adoption of the EHR, or in other words, attachment data and data sets must be viewed as a secondary use of the EHR more than an extension of the claim. AHIMA, therefore, questions adopting final regulations until further adoption of the EHR standards necessary to ensure a means of uniform consistent information that can be used not only for clinical care, but also for the secondary uses of the record, including claims attachments.

Given the fact that attachments are one form of a secondary use of the EHR, AHIMA must also note that while the LOINC® code set is identified in the proposed standard, it is without reference to supporting or related terminologies and code sets and their relationship. Clinical content contained within a claims attachment must be based on a robust clinical vocabulary - which LOINC is not. Knowing how well LOINC relates to SNOMED and maps to other pertinent code sets and vocabularies is crucial as the nation moves into the adoption of a standard EHR.

Contemporary Classifications and Standards Could Lessen the Need for Attachments

While the development and adoption of the EHR is extremely important, AHIMA does not deny the need to respond to requests for information in a form often defined as an "attachment." Generally, it is AHIMA members who manage health information management departments that respond to such requests (sent via the institutions billing or claims department). It is important to note, however, that both the development of EHR standards as well as work done in the past by HHS on classification systems could alleviate the need for many of these attachments if allowed to progress. AHIMA has testified on several occasions, as has the Centers for Medicare and Medicaid Services (CMS), the American Hospital Association (AHA), and others, that if HHS would proceed with the adoption and implementation of ICD-10-CM and ICD-10-PCS, classifications (developed by CMS) to replace the 30-year-old ICD-9-CM classification, there would be less need to request additional information since much more detail is integrated into these contemporary classification systems.

In advocating for adoption of these HHS-developed classifications, AHIMA and others have also discovered barriers created by HIPAA, the NPRM rules, and the implementation process itself, that now produce a situation where any change could take up to four or five years to complete - an intolerable situation in the early 21st century. If the ICD classifications were adopted in 2006, and the problems with the HIPAA transactions processes ignored, it could take another five or six years before the actual use of these classification or standards could occur. In addition, the proposed transaction relies on several data sets that could likewise meet the same fate because of the inflexibility of the current HIPAA law and regulation, leaving the healthcare industry mired in bureaucracy and short-sited rules. This situation must be changed.

Process for Standards Adoption, Upgrading, and Implementation - HIPAA versus Current Environment

Before HHS proceeds any further with modification or implementation of the proposed standard for electronic healthcare claims attachments, please consider the impact of such on the projects and goals mentioned above and the processes and user implementation that must occur. If this standard is considered without also considering of the existing environment, the need for a standard EHR, and recognition of the primary and secondary uses of data from a standard EHR, then users could be placed in a dilemma of what agenda and adoption activities must be addressed first with limited resources. Should the attachment be completed before the record from which it takes its information? While AHIMA supports a process to provide "attachment" data the context in which this NPRM is proposed presents a challenge and possibly a barrier to the goals of interoperability and flexibility also underway at this time. In the next few years, the healthcare industry will address many secondary uses for EHR data including quality measurement, injury prevention, biosurveillance, chronic disease management, research and so on. We recommend that the secondary use for claims attachments should be considered in this context as well and integrated.

As noted, the process of adopting and modifying HIPAA standards must also be reviewed. This NPRM identifies the problems created by the numerous delays built into the current HIPAA approval system that prevent modifications to standards on a timely basis. While implementation can be as short as 180 days, the standard development organization (SDO) and regulation procedures expand the entire process by years. This cannot be tolerated in 2006 and must be addressed by HHS and possibly Congress. This NRPM also has not addressed how the e-attachment standard, that includes significant clinical data, will be addressed by the Health Information Technology Standards Panel (HITSP) and the Commission on Certification of Health Information Technology (CCHIT) recently created by the Office of the National Coordinator for Health Information Technology (ONC). The data included in the NRPM e-attachment standard must be reviewed by these bodies to ensure harmonization and coordination with new HIT products. Therefore, HHS must address how standards and data sets, including those covered by HIPAA, will be coordinated with these process in the future so as to not negatively impact the data content and standards enveloped in the standard EHR, and other NHIN transactions and processes.

Implementation of the e-Attachment Standard

The changes in the healthcare industry environment also affect healthcare providers' approach to this possible HIPAA standard. The push for implementation of EHRs, certified by CCHIT has not entertained how such a certification would apply to attachment software and may create confusion as providers consider purchasing systems. While AHIMA welcomes the approach to phasing in the attachment standard, we anticipate that given all the changes in the environment, many providers and we suspect health plans will maintain manual systems, or at a minimum the human variant proposed. Such reluctance might be appropriate, but it will impact on any potential savings initially perceived in the advent of this regulation

Implementation Guides

The discussion of implementation guides (70FR55993) raises two concerns:

  • The text addresses guides developed by the Accredited Standard Committee X12 (ASC X12 or X12) and HL7, and it references use of certain guides under the NPRM. However, as noted above the proposed rule appears to ignore the need to have standards and the guides that are up-to-date. For instance, it is noted that the X12 4050 version will be used in the standard, yet we know that version X12 5010 version is scheduled to be finished in 2006 and would be more current by the potential compliance date of 2008. In fact a good standard should have an even more current version if implementation is some two or more years off. AHIMA recommends that HHS work with the SDOs, other appropriate bodies, such as the National Committee on Vital and Health Statistics (NCVHS), ONC and its contractors, and the industry to target X12 or HL7 versions that would be current at the time of compliance and provide users with the knowledge of how to work with these organizations during the interim for a guide that represents actual needs and expectations.
  • In testimony to the NCVHS in January of 2005, the Workgroup for EDI (WEDI) noted that there were now well over 1,000 supplemental guides to the X12-837, providing additional instruction from health plans to covered providers. Multiple supplemental guides or this type are not appropriate in AHIMA's understanding of the intent of HIPAA or in the interest of administrative simplification. AHIMA suggests that this e-attachment rule should place limits on the variance or supplemental requirements for a transaction that can be develop and required by health plans. The final rule should also address who will be responsible for the guidelines covering the standards related to e-attachment and their harmonization.


AHIMA recommends that any definitions determined in the final rule be compatible with those throughout the healthcare industry and should be in the rule itself or identify the section where such a standard definition exists and adhered to in the industry. To this end we note that several services listed under "rehabilitation services" (70FR55994) are used in other segments of the industry and are not exclusive to this area.


Given the current environment discussed above, AHIMA believe the implementation time specified, stand-alone, is adequate, however, AHIMA again suggests that HHS consider the effective dates in this rule, in recognition of other HHS and industry requirements and the impact of such requirements on each other and all affected entities.

Overview of Clinical Document Architecture

In line with AHIMA's concerns (noted at the beginning of this letter), we must point out that in the discussion on page 70FR55995, work being done by the HL7 on the Clinical Document Architecture (CDA) toward a second release is described. The NPRM notes that CDA Release 2.0 may be completed before any compliance date for e-attachment rules. It is also noted, however, that HHS will not consider using a more up-to-date release until some time after compliance (2008?). This potentially means that Release 2.0, completed in 2006, could not be implemented until 2010. To make the standards functional for the industry, AHIMA recommends that the final rule either require use of the CDA release 2.0, or the most current balloted HL7 CDA standard, and urges HHS work with the Congress, the SDOs, HITSP, and the industry to reexamine the process for approved standards modifications and upgrades so the healthcare industry can move forward in its use of all healthcare transaction standards, similar to other industries' abilities to use electronic standards.

Transactions for Transmitting Electronic Attachments

The comments regarding the transaction standards, considered on page 70FR55996, identify using the standard version X12 4010 but also reference the X12 4050 version. The discussion ignores the fact that by the time compliance is required for a final rule, the versioning of the X12 then current will likely be at a higher version than either standard. Such a decision does not reflect the "current" needs of the healthcare industry. AHIMA recommends that the processes associated with HIPAA, be revised to allow the industry to use current versions of approved standards, accordingly HHS, or if necessary Congress, should revise HIPAA law or regulation to permit the use of contemporary transaction standards or data sets.


The introduction on page 70FR55996 discusses a demonstration on attachments for Medicare claims that began in July of 2004. A report on this demonstration was published in late December of 2005, and it appears that the demonstration fell short in the testing of all aspects of the proposed transactions and data sets, and was limited to only one health plan. While AHIMA welcomes CMS' work toward testing these standards, we are concerned that the pilot and its results do not provide crucial information needed to evaluate the proposed rule as to the structure, elements, and outcomes especially related to the use of the LOINC® codes and other computerized data not commonly used today. We also must note that Medicare claims processing is significantly different than the myriad processes used by other health plans.

On page 70FR55997, you request information as to whether the six proposed attachment types are still the most frequently requested by health plans. AHIMA has encouraged its members to participate in a survey conducted by the American Hospital Association and the National Uniform Billing Committee, and looks forward to seeing these results of this study. Nevertheless, as noted above, claims attachment information is only a secondary use of the health record. HHS must consider the need for attachments - what it takes for a provider to produce the data for such an attachment, and the relationship of this secondary data to the standard EHR - before finalizing this regulation. AHIMA also recommends that HHS consider the impact of implementing an update to the ICD-9-CM classification system as a means to provide additional information on the claim itself, thus negating the need for an attachment.

In recent months, the NUBC has recommend that HHS consider requiring health plans and payers accept all applicable and relevant ICD-9-CM (or in the future ICD-10-CM and ICD-10-PCS) and CPT® codes that can be transmitted with an electronic claim (X12-837), so that a full picture of the diagnoses and procedures related to the patient and episode of care can be had by the health plan or provider. This additional information should eliminate the need for many attachments and can also provide considerable information for health plan programs such as quality measurement.

Further comments on page 70FR55997 suggest that in the future, as other attachment standards could be developed by SDOs, providers and health plans and could be used on a voluntary basis (not as HIPAA standards). Such an idea has merit, but we must point out:

  • The industry could then find itself in a versioning dilemma, since newer standards would most likely be in a higher version than those approved under HIPAA;
  • That different health plans could the request different versions and have different guidelines which would discourage moving to such a practice; and
  • Vendors have indicated to us that they will not begin to spend resources to incorporate standards into their products until the standard has a "force of law" or significant industry demand.
HIM professionals agree that all standards' users should be involved in the development of new standards and modifications and other changes to existing standards. It is not clear, however, how this will occur with proprietary standards such as the LONIC codes. Will there be a public process for LONIC, as is required for other HIPAA transaction and code set standards? What will the process be? AHIMA recommends that the final rule address these questions to maximize public participation in this SDO.

AHIMA is concerned that the rule, as proposed, is vague as to which provider setting is covered for which attachment types. Is the rule meant for all provider organizations or just hospitals and clinics as implied? Although the claims attachment types specified could apply to a variety of provider settings, the discussion of additional new attachments for DME and home care call the question of whether these settings are to be using the proposed attachments or if they should wait for specific attachments unique to their setting?

AHIMA is also concerned that there appears to be a lumping of skilled nursing services under rehabilitation services. Although some skilled nursing services are rehabilitation, others are not. The intent of HHS should be more specified for provider compliance.


The NPRM notes that many healthcare providers are not fully automated. AHIMA agrees and also notes that at the present time a standard EHR or harmonization of standards - ventures that HHS-ONC and the industry have recently undertaken, are but in their infancy. It is important to point out that most health plans have also not upgraded their legacy systems to permit the auto-adjudication as suggested in this section. At this point in time, therefore, any transmission, no matter what variant, cannot be handled automatically by most health plans. Before health plans are forced to accept either the second "human decision variant" or the "computer decision variant" there are other changes that could be made in the healthcare data system that could provide much richer data for adjudication without the need for some attachments. Such changes would include the adoption and implementation of ICD-10-CM and ICD-10-PCS that have significant detail that provide some of the information commonly asked by health plans.

Human Decision Variant - 1

This variant alternative (first described on 70FR55997) essentially changes the attachment process of healthcare providers from copying and mailing claims attachments to electronic scanning and electronic transmission of these same documents. Since the majority of healthcare providers are not using a standard medical record, this means that a significant human intervention - to copy or scan the appropriate parts of the record in response to the request - remains. Standardizing what data must be in a standard attachment will assist the process over time, especially as the provider also migrates to an EHR, but the amount of human intervention will essentially be the same once the attachment request is received for quite some time. At this time, until the standard EHR is adopted and implemented, it is our judgment that most providers will continue to use this variant, which then in turn might keep health plans from investing in auto-adjudication processes.

Human Decision Variant - 2

This alternative provides a means to reply to questions with text and LOINC codes. It appears that it would work well for solicited situations where the amount of information could be less than the maximum data set. It must be noted however, that HIM departments can only report on information that is in the health record. If not questions must be transmitted to the healthcare provider/clinician. Variant 2 also is a new process that will need significant training and testing. Since there are limited guidelines in the use of the LONIC codes, additional steps will need to be taken by HHS to ensure proper and consistent use and understanding of the LONIC code set.

Computer Decision Variant

The computer decision variant alternative provides for an electronically extracted response to the request, with the computer reading the request and responding to the answer. It also suggests that the response will then be read by a health plan computer that will perform computer-based adjudication. AHIMA agrees that this is an optimum solution. However, we question if this solution is not a bit premature until the industry formally adopts a standard EHR, otherwise, providers will have to have systems that convert current electronic information into the standard either when a request comes in, or in anticipation of such a request. From our current work with auto-assisted coding, we are aware that such a system approach has a significant potential for error, and will require some type of monitoring or auditing, especially until the industry adopts and fully implements a standard EHR and deals with the question of "minimum necessary," in an automated environment.

Combined Use..Collaboration

AHIMA applauds the concept of using combined standards as highlighted in this rule, we must however comment on the statement on page 70FR55998 where it is noted that standardizing attachments "allows healthcare providers to anticipate requirements from health plans regarding additional documentation." We are concerned about this statement for a several reasons:

  • First, we are not sure if HHS intended this to suggest that clinicians are falling short of providing ample information in their charting, or if you were suggesting that items are not being reported adequately from the record. If it is the former, then there may be a question if such items have been agreed to by the affected clinical profession, otherwise, it becomes an issue for HIM professionals to get such data if not charted as guidelines would suggest.
  • If there is ongoing information needed, by consensus, about a particular type of service or services rendered in response to a particular patient type, diagnosis, and so forth, then perhaps a non-solicited approach should be considered in more cases as institutions implement electronic records and administrative programs. (This is stated with the knowledge that privacy minimum necessary rules must be adhered to.) To build additional software applications programs for attachments is expensive and while standards help the process, applications program architectures are not standard.
  • Much of the data requested in an attachment is clinical; AHIMA recommends that any attachment standard be harmonized with the clinical standards and EHR standards currently under development and in line with the goals of uniformity, consistency, and interoperability. ONC recently initiated the HITSP harmonization process, and this regulation should reflect this process. The healthcare industry cannot afford to have the HIPAA standards out of sync with those developed in our nation's quest for a standard EHR.

Electronic Health Care Claims Attachment vs. Health Care Claims Data

In the introduction of the proposed rule and on page 70FR55999, the NPRM states the difference between data that should be in the claim itself, with data that is to be considered for a claims attachment. There is no discussion or description put forth as to how, where, or when such a consideration should be made. It appears that for some services claims, attachments will always be needed and therefore are essentially an ongoing addendum to the claim. Such demands do have some variation, but in the interest of administrative simplification AHIMA believes that HHS should have an identified, transparent, on-going process for the healthcare industry to determine what data is necessary in a standard claim (X12-837), versus an ongoing attachment, versus a non-standard request.


Based on our comments immediately above, AHIMA agrees with HHS that attachments should not be submitted in a unsolicited manner, however, some of the attachments suggested by HHS could easily become "routine" once standards are enacted - raising a concern that they in fact become a automatic claim addendum requiring additional work for some providers. Since it will be some time until the majority of healthcare providers will have a system allowing for complete computerization of the requests and responses covered under this proposed rule, the handing of attachments as an exception becomes a additional administrative expense, whether or not the attachment in question is a standard. AHIMA suggests that HHS work with the industry to monitor the claims process and provide and designate situations (claims types) where an unsolicited attachment will be provided to all health plans, for example an ambulance attachment for all ambulance claims.

HHS proposes that for each specific claim, health plans may solicit only one electronic attachment request transaction. This does not prevent additional solicitation, outside of this attachment process, and that reimbursement for claims are often held until all responses to all questions are accepted, even if the original request is met.

Impact of Privacy Rule

AHIMA members have been the administrators of individuals' health records since before AHIMA's beginnings in 1928. Over the years HIM professionals have administered this trust by exercising professionalism over the release of healthcare information and have continued to do so under the HIPAA privacy rule through training and even additional certification. As the industry moves forward, HIM professionals will continue to exercise the rights given to protect individuals/patients under the HIPAA privacy rule's "minimum necessary" sections with respect to the content in each of the approved attachment standards, whether information is requested or sent electronically or on paper.

Problems have arisen with regard to the minimum necessary standard, as HIPAA transaction standards have been implemented. AHIMA expects that the same will hold true for the electronic attachment standard depending on the request for additional information and the particular situation of the patient. According to AHIMA's annual privacy and security survey, over 50 percent of states have some sort of consent law that must be adhered to in addition to the HIPAA standard so each request for information must be review on a situational basis against prevailing laws. In addition, HIM professionals are concerned about the ability to establish an audit trail for the release of such information in case privacy becomes a concern at the receiver end. (See signatures below.)

While AHIMA agrees that only the minimum necessary should be provided, we are concerned that electronic attachments (either scanned or computer variant) will contain information that is over and above the minimum necessary standard. It is impractical and extremely labor intensive and error prone to redact scanned documents so that they only contain minimum necessary. The requirements for minimum necessary should be clarified for scanned and text documents.

Impact of the Security Rule

AHIMA agrees with HHS that the security rule itself should not hamper the use of standard attachments. Concern has been raised however, concerning the need for non-repudiation agreements and the ability to maintain data integrity is systems involving scanning and transmission of LOINC codes. The impact in this case will be related more as to how information is transmitted and received. Some HIM professionals also noted that HHS has not yet addressed the ability to use the Internet for claims or for claims attachments. Given the current environment in healthcare, addressing this issue and allowing for secure Internet transactions would greatly enhance the administrative process for many small providers. (See signatures below.)

Connection to Signatures - Authentication

The issue of signatures has been outstanding since the passage of HIPAA. Signatures and the issue of authentication must be addressed, or there will be problems not only for this proposal, but any exchange of healthcare data that includes personal health information (PHI). While the use of "signature on file" has served the industry for many years, these proposed regulations ignore the fact that the solicitor of additional data must also be properly identified. There is no mention in this regulation of how the requestor will - in a standard manner - identify themselves and their relationship to the health plan. The proposed regulation also does not address the process for sending a response. Should it always be sent to the same address as the claim, if not what security process should be utilized to ensure privacy is met?

AHIMA is also concerned with the language in the NPRM related to electronic signatures that permits health plans to request a paper copy of the signature plan without limitation. We are concerned that plans will use this practice for a routine audit of claims - a practice that would be to the detriment of providers. Request for paper copy of a signature is used in some cases to delay the claims adjudication process by requiring a manual document be copied and submitted. AHIMA recommends that this practice be constrained and invoked only where there is a specific concern. In the absence of a national standard, we also recommend that health plans accept the provider's policy for use of electronic signature to authenticate electronic documents and not impose their own standard or policy for what is or what is not an electronic signature.

Connection to Consolidate Health Informatics (CHI) Initiative

AHIMA agrees with HHS' comments regarding CHI. However, we would also note that the standards under CHI were not adopted under HIPAA and have not been harmonized under HITSP. We believe this identifies the need to ensure harmonization of HIPAA and CHI standards and appropriate mapping so that true data interoperability exists in the future.


While the NPRM mentions the amount of time attachment standards have been under consideration by the SDOs, you also note that significant changes are occurring in the healthcare industry and your concern for the impact of these changes on these standards and the processes and workflow that surrounds them. Among the changes in the industry is the quest for the standard EHR and an interoperable healthcare data exchange. Inherent in this approach is the potential that healthcare data could reside in more than one location for a patient - meaning that potentially to complete all the information being requested in an attachment might require a different approach than that which is currently being considered in stand-alone organizations. This should be studied and accounted for in any final rule, and AHIMA offers its resources for such a review.

AHIMA and its members are deeply involved in the various activities related to achieving interoperability and the EHR. We are concerned that as HHS is attempting to put in to place a process (and tangential work process) for "attachment" data to be exchanged between providers and payers, it should consider today's environment and goals, and not those identified in 1993 and 1998 - the last time any serious consideration was given to the need for attachments. This is not a question of if we address the need for attachments, but rather of how. The work flow associated with the attachment process is significant for healthcare providers and health plans. The proposed rule has not addressed the current situation for attachments beyond those identified several years ago. We see the direction the Department is leading the industry for the EHR, NHIN, and harmonization and we believe the rule should reflect more coordination with the goals of the President, Secretary, and ONC, and describe how this rule will be harmonized with these goals and current needs.

Since 1993, AHIMA and many other healthcare providers, professionals, population health organizations, vendors, health technology groups, and some health plans have been actively seeking adoption and implementation of an upgrade to the ICD-9-CM classification system for diagnoses and inpatient procedure and technology. In 2003, both the NCVHS and the Congress made similar recommendations to the Secretary, but no action has yet occurred toward adoption. We have argued that if the ICD-9-CM system were replaced with HHS-developed ICD-10-CM and ICD-10-PCS classification systems; significant detail would be present for adjudication that could eliminate some of the details often sought out in the request for attachments. The Centers for Medicare and Medicaid Services (CMS) has made a similar argument in testimony to the NCVHS, and other government agencies have likewise recommended such an upgrade. Those that have argued against a more refined and detail set of classification systems, have noted that health plans can ill afford to change adjudication systems to accept more detail, this appears contrary to the rational proposed in this September 23, 2005 NPRM.

On a similar note, the National Uniform Billing Committee (NUBC) has also called on CMS and the industry to begin using all of the potential diagnoses and procedure codes that are available on the X12-837 claims transaction and not limit them to just those that can be identified on the paper claims. Again, this is additional detail that can often eliminate the need for attachments.

Besides questioning the information and approach to attachments, given today's environment, we are also concerned about the approach to the standard's versions expressed in this proposed rule. Recently, in our work to secure adoption of an upgrade to ICD-9-CM, it came to the attention of many that the X12 and NCPDP standards and guidelines also need upgrading, for a variety of reasons including the ability to accommodate the ICD-9-CM upgrade appropriately. It was further discovered that any modification under current HIPAA regulations and law could take well over four years because of the required activities of the SDO, DSMO, and the Department. Four years in today's environment is intolerable, and AHIMA and many others are seeking a means to change such a process, and yet allow the necessary role of the SDO and the industry to ensure our standards are up-to-date and not a barrier to our healthcare system and the services we render our patients. For this reason AHIMA recommends that HHS consider some alternative to locking the proposed standards into what could be antiquated versions by the time the final standards are compulsorily.


As noted elsewhere, AHIMA agrees with the approach that HHS took to arrive at a process that uses more than one standard. However, as just noted we are concerned that the standards selected might not be up-to-date when a compliance date is met and therefore be detrimental to the industry.

AHIMA members have worked with the X12 and HL7 for several years and understand their approach and how the public can work with these SDOs for a consensus standard. While AHIMA members are familiar with LOINC, especially in the area of laboratory reporting codes, we are less familiar with the codes being recommending for messaging and beyond laboratory reporting. Likewise, since LOINC is a proprietary coding system, we are not aware of how the public/industry will be given access to the coding change or modification process similar to some of the other codes utilized in standards under HIPAA. HHS should consider:

  • Identifying the public's role in LOINC and its codes and guidelines once the standard is accepted,
  • Identifying any guidelines for the use of LOINC under the HIPAA standard, and
  • Work with the industry to ensure education is available on the use of LOINC and its guidelines.


AHIMA reviewed the examples and flowcharts provided, and has the following comments:

The flow charts for providers do not indicate the request for an attachment (solicited). It is presumed that such a request might be in the standard suggested by the rule, but not necessarily. Some providers may not be able to accept such a request, especially smaller entities that use clearinghouses for claims, but do the rest of their work by paper, phone, and Internet.

Figure 1: Our review of this flow chart raised the point that scanning documents is often more complicated than the current process of copying. Members and vendors we queried were not aware of industry-wide billing application software that would move the scanned image into the billing application and capture a record of the transaction. It was noted that some providers currently request a receipt from the health plan that accepts the transaction. This proves that the attachment was sent and accepted by an appropriate party. Currently HIPAA does not have a receipt process - perhaps, since there are X12 transactions that would accomplish this transaction, one or more transaction standard could be added to the HIPAA standards.

Figures 2 and 3: AHIMA's review noted that these flows add additional manual steps and could result in more errors. In larger organizations only HIM personnel would be involved in responses that simply record additional information from the record, however, there are times when the response must come from a clinician. Again, there are the issues of appropriate application software, a copy of what was sent, and an acknowledgement.

Figure 4: We viewed this scenario as future, since it would work more economically with a standard EHR than today's proprietary systems. Since most of the electronic records systems, today, do not permit outside query, concerns were raised about how the request gets into the system to generate a response and how manual that effort might be. Concern was also raised about the ability to place privacy walls in order to ensure that the provider's minimum necessary requirements are met.

Figure 5: This figure suggests that the electronic attachment will either be reviewed on a screen or printed and reviewed. Our reviewers were concerned about health plan issues with the integrity of the data of the data and the ability to have a nonrepudiation process. Any conversion of data could create a problem, and both parties to a transmission should understand any problems that could occur as transmitted data is opened and processes in this figure or any of those following.

Figures 6-8: These figures identify additional abilities that health plans might add to automate the adjudication of attachments. Given the status of the industry we do not see the ability or the desire to implement such systems, and would note that health plans should pay special attention to the standard being developed for the EHR. Those developing the EHR and the architecture in which it will reside must be aware of data that will commonly be requested and reported. Such data may be in a classification process that combines data elements in the EHR, or the reporting of specific data out of the EHR. Close work at this stage of development should improve information flow for a variety of uses including claims processing and these attachments.

Requirements - Maximum Data Set

On page 70FR56013, the NPRM discusses the maximum data set. AHIMA agrees with the concept described, but the restriction recommended does not preclude a health plan for asking for additional information outside of the electronic claims process. When the original HIPAA claims transactions were considered, maximum data sets were pondered, with the idea that health plans and respective partner health providers could agree on transmitting less than the full data set (to reduce redundancy). However, in practice the full maximum data set became the standard forcing the transmission of data not needed in all cases. While use of the human variant-2 and the computer variant might be able to address a concept of less than total data, we are not sure this will happen.

AHIMA agrees that covered entities need to review the AIS and provide comments regarding applicability to today's environment, but we must point out that a process should be in place to do this on an ongoing basis, with appropriate upgrades to the standard. Failure to have a process that allows for change in a rapidly changing industry will not resolve its administrative costs and information concerns.


Our comments above noted that a survey has only recently been undertaken by the NUBC on the types of attachments needed. AHIMA is aware that the HL7 has reviewed the recommended attachment types and raised questions regarding the emergency department attachment. In the meantime, the AHIC has undertaken a "breakthrough" task associated with information also coming from emergency departments. Given the breath of AHIMA's membership and the current environment, we have no recommendation for or against the attachment types proposed in the NPRM, but recommend that they be reviewed in light of other activity occurring in projects associated with AHIC, ONC, and CMS pay for performance efforts.

Currently, the ICD-9-CM volume 3 procedure and technology codes are in danger of reaching a point where new codes cannot be generated or granted unless out of appropriate sequence. If this occurs, additional attachment information will likely be needed to identify new technologies and procedures. This may be an area that needs consideration for such an attachment, however, at the same time, development and implementation of new attachments may not be able to keep up with the need, as pointed out above.

AHIMA strongly recommends implementing an efficient process for adding new claims attachments that recognizes the primary purpose of the standard EHR, the need for uniform, consistent data, and accommodates the industry need for secondary claims data on a timely basis. It appears that current HIPAA regulations and possibly the law will need modification to permit this to happen. AHIMA looks forward to working with HHS to see such a process develop.

Modification to Standards

Several times, in this letter, AHIMA has noted concern with the current HIPAA modification process. We request that the Department address these problems. We have also noted our concern that the NPRM does not address public participation, schedules, and the processes in the establishment and maintenance of LOINC codes and guidelines, other than submission of requests for new codes. It is our belief that, under HIPAA, coding maintainers should have a process for not only requests, but also for public comment regarding changes that might be made to codes and code sets. To do this requires a transparent process so that the industry/public can be so involved in the process.

Issues identified in sections B and C have been addressed above.


AHIMA must note our concern that the NPRM uses studies undertaken in 1993 and refers to pilots and studies recently reported that are limited. While we share HHS' goals for standardization and privacy, we do not see relevant information that provides data to determine cost and benefits in today's environment. Implementation will vary by organization and the demand for attachment information. Costs will also be affected by other demands and projects that will occur during the implementation phase. We have noted elsewhere in these comments, that the attachment is but one secondary use of health record data. Adoption and implementation of this transaction must we done in relation to other changes anticipated by HHS and the industry.


It has been clear for many years that standardization of health claims attachments had the potential to improve the administration of the claims process for providers and health plans. As the HIPAA standards were conceived, claims attachments became one of the prime standards identified, but over the course of the 10 years since HIPAA legislation came into being many other changes have occurred in the healthcare industry. While not changing the need for standard attachment data, they have changed the perspective on how we approach developing such standards. At the same time, the priorities and projects undertaken by the healthcare industry toward a standard EHR, interoperability, and an NHIN have also accelerated immensely.

AHIMA's comments take both of these changes into account in addressing the NPRM released in September 2005. We also recognized (and urge others to recognize) that claims attachments are a secondary use of the data contained in the health record. As the industry moves to standardize both of these collections of data, it must do so in a reliable and reasonable fashion. AHIMA, and the 50,000 professionals it represents (professionals who task is to report data from the record) stand ready to work with the industry to accomplish a reasonable and timely implementation of the standard EHR and claims attachment, and ensure data in both is harmonized, consistent, uniform, and reliable. AHIMA members also stand ready to work with providers, health plans, and HHS to ensure that administrative simplification can be achieved, and when possible eliminate the need for some data exchange now needed to process claims.

Our thanks for your review and your consideration of this letter. If you have any questions or concerns, or would like additional AHIMA involvement as the development of standards move forward, please let me know at (202) 659-9440 or at dan.rode@ahima.org.


Dan Rode, MBA, FHFMA
Vice President, Policy and Government Relations