HIPAA Deadline Approaching - Begin Testing Systems Now
The October 16, 2003 HIPAA Electronic Transactions and Code Sets deadline is rapidly approaching. A medical practice that is covered by the HIPAA Electronic Transaction and Code Set standard should already have started testing to determine the medical practice's state of readiness to comply with the standard. According to some industry experts, if a medical practice does not begin testing by early September, the medical practice will not have enough time to meet the deadline. Each medical practice covered under the HIPAA Electronic Transactions standard should contact its vendors regarding any updated software needed to comply with the standard, and should be testing its software with payers, including Medicare, Medicaid and commercial payers. If a medical practice should obtain the assurance from the entity that it is able to comply with the standard by the October 16, 2003 deadline.
Under the HIPAA Electronic Transactions and Code Set standard medical practices covered by the regulations had until October 16, 2002 to comply with the standard. However, the "Administrative Simplification Compliance Act" signed by President Bush on December 27, 2001 gave medical offices and other covered entities a one year extension - or until October 16, 2003 - if the medical practice or other covered entity submitted a "Compliance Plan" to the U.S. Department of Human Services before October 16, 2002. If no compliance plan was filed, the medical practice or other covered entity is subject to penalties under HIPAA if it engages in non-compliant health care transactions after October 16, 2002.
The Centers for Medicare and Medicaid Services (CMS) is responsible for enforcing the Electronic Transactions standard. On July 24, 2003, CMS issued guidance "Steps Toward HIPAA Compliance" on its website, www.cms.hhs.gov/hipaa/hipaa2/guidance-final.pdf. According to CMS, it will use a complaint-driven approach for enforcement of HIPAA's electronic transactions and code set provisions. When CMS receives a complaint, it will notify the covered entity that it has received a complaint and will ask the covered entity to 1) demonstrate compliance, 2) document its good faith efforts to comply with the standard, and/or 3) submit a corrective action plan.
The guidance provides that CMS will consider an entity's good faith efforts to comply when assessing individual complaints. CMS states that it may decide not to impose a civil money penalty where the entity demonstrates it is making good faith efforts to comply and the failure to comply is not the result of "willful neglect." The guidance also states that CMS recognizes that transactions often require the participation of two covered entities (e.g. electronic transactions between medical practice and health plan) and that noncompliance by one covered entity may place the second covered entity in a difficult position. CMS, therefore, states that it intends to look at both covered entities' good faith efforts to come into compliance in determining, on a case by case basis, whether to impose penalties. [return to top]