HIMSS: Stay the HIPAA course despite recent announcements

September 29, 2003

The Centers for Medicare and Medicaid Services (CMS) and Blue Cross and Blue Shield will implement contingency plans to accept noncompliant electronic Health Insurance Portability and Accountability Act transactions after the Oct. 16, 2003, deadline.

The Centers for Medicare and Medicaid Services (CMS) and Blue Cross and Blue Shield will implement contingency plans to accept noncompliant electronic Health Insurance Portability and Accountability Act transactions after the Oct. 16, 2003, deadline. Many organizations subject to the law wonder if they've received a reprieve.

The Sept. 23 announcements from CMS and the Blues may cause confusion because, while the HIPAA deadline did not change, a contingency plan in place changes the requirements for submission of electronic transactions for an interim - but as yet undetermined - period of time.

"Those working on compliance may not be sure if they can or should slow down or change their plan for implementation," said Joyce Sensmeier, R.N., director of professional services for the Healthcare Information and Management Systems Society.

While the CMS contingency plan is a good thing, given the lack of readiness in the industry, it is not a reprieve of the regulation. Everyone needs to continue to work steadily on compliance efforts, Sensmeier said.

Covered entities should continue to communicate with their trading partners, including clearing houses, to determine their status of readiness and to document their own compliance and any contingency plan to demonstrate their own good faith effort to comply, she said. Specifically, they should:
? maintain current contingency plans and do not assume that there will be a lengthy reprieve
? continue testing and obtain firm testing dates from all trading partners
? review and follow the contingency plan for claim submissions for Medicare and Medicaid if a covered entity has not successfully tested with CMS to date
? contact other payers besides CMS to determine their readiness and if they will accept noncompliant transactions
? ask for a copy of your trading partners' contingency plan
? document everything you have done to become compliant, especially your determination of what contingency planning needs to be done
? consider contracting with a third-party vendor that specializes in testing and certification for HIPAA compliance to assist with determining if your transactions or those of your trading partners are compliant

Sensmeier said to watch for the results of the HIMSS/Phoenix Health Systems U.S. Healthcare Industry Quarterly HIPAA Compliance Survey in early November for up-to-date status of industry readiness.