CMS Delays HIPAA Implementation by 90 Days

Recently, the Centers for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS) announced the agency will delay enforcement of the required Health Insurance Portability and Accountability Act (HIPAA) 5010 transition until March 31, 2012, instead of the original date slated for Jan. 1, 2012.  The requirement relates to compliance with the ASC X12 Version 5010 (Version 5010), NCPDP Telecom D.0 (NCPDP D.0) and NCPDP Medicaid Subrogation 3.0 (NCPDP 3.0) standards. 

OESS made the decision for a discretionary enforcement period based on industry feedback revealing that, with only about 45 days remaining before the January 1, 2012 compliance date, testing between some covered entities and their trading partners has not yet reached a threshold whereby a majority of covered entities would be able to be in compliance by January 1. 

Feedback indicated that the number of submitters, the volume of transactions, and other testing data used as indicators of the industry’s readiness to comply with the new standards have been low across some industry sectors. OESS has also received reports that many covered entities are still awaiting software upgrades. 

CMS said it decided to provide a 90-day discretionary enforcement period.  Even though the agency will not take enforcement action before April 1, 2012, CMS said providers still must make “a good faith effort” to comply with the implementation deadline of Jan. 1, 2012. 

Although the three-month window allows providers extra time to get software upgrades to meet the new compliance standards, OESS said it still will accept compliance complaints regarding Version 5010, NCPDP D.0, and NCPDP 3.0 transaction standards during that time. 

“OESS encourages all covered entities to continue working with their trading partners to become compliant with the new HIPAA standards, and to determine their readiness to accept the new standards as of January 1, 2012,” CMS said in a statement.

Notwithstanding OESS’ discretionary application of its enforcement authority, the compliance date for use of these new standards remains January 1, 2012 (small health plans have until January 1, 2013 to comply with NCPDP 3.0). 

OESS encouraged all covered entities to continue working with their trading partners to become compliant with the new HIPAA standards, and to determine their readiness to accept the new standards as of January 1, 2012. While enforcement action will not be taken, OESS will continue to accept complaints associated with compliance with Version 5010, NCPDP D.0 and NCPDP 3.0 transaction standards during the 90-day period beginning January 1, 2012. 

If requested by OESS, covered entities that are the subject of complaints (known as “filed-against entities”) must produce evidence of either compliance or a good faith effort to become compliant with the new HIPAA standards during the 90-day period. 

Version 5010, NCPDP Telecom D.0 and NCPDP Medicaid Subrogation 3.0 standards represent significant improvement over the current standard versions. NCPDP Telecom D.0 addresses certain pharmacy industry needs. NCPDP Medicaid Subrogation 3.0 allows state Medicaid programs to recoup payments for pharmacy services in cases where a third party payer has primary financial responsibility. 

Version 5010 in particular provides more functionality for transactions such as eligibility requests and health care claims status Implementation of Version 5010 also is a prerequisite for using the updated ICD-10 CM diagnosis and ICD-10-PCS inpatient procedure code set in electronic health care transactions effective October 1, 2013.

NEW
Comments (1)
Add Comment
  • B.A.

    CMS is not delaying implementation but the enforcement. The Agency still plans to be 5010 by 1/1/12 and expects the same for others.