 |
|
|
|
|
|
|
 |
|
|||||
 |
|
|
||||
|
 July 31, 2003 HIPAA EDI ENFORCEMENT GUIDELINES ISSUED
On July 24, 2003, the Centers for Medicare and Medicaid Services (CMS) issued Guidance
on Compliance with the Transactions and Code Sets requirements of the Health Insurance
Portability and Accountability Act (HIPAA), which are commonly referred to as HIPAA's
electronic data interchange (EDI) standards. CMS announced that it will not grant an
extension of the October 16, 2003 deadline for all health plans to comply with the EDI
standards. CMS encourages health plans to intensify their efforts toward achieving HIPAA
EDI compliance and to assess the readiness of their provider community to determine the
need to implement contingency plans to maintain cash flows while working toward compliance.
(The guidance is available on the CMS Web site. To see it, click
here.) In light of this guidance, plan sponsors should assure that they can document their
efforts to test transactions with health care providers and facilities. Sponsors should
also be able to demonstrate active outreach and testing efforts with providers. Finally,
health plans should consider whether a contingency plan is necessary to allow health claims
to continue to be processed without interruption as of October 16, 2003. Enforcement Approach Announced When the EDI standards take effect, CMS will focus on voluntary compliance and will use a
complaint-driven approach for enforcement of the EDI standards. (This is the same approach
taken by the Office for Civil Rights for privacy enforcement, as discussed in a May 8, 2003
issue of The Segal Company's Capital Checkup.) While civil monetary penalties may be imposed for failure to comply ($100 per standard per
violation, up to $25,000 per year for each standard), CMS will not impose them where the
failure to comply is based on reasonable cause and is not due to willful neglect, if the
failure is cured within 30 days. The 30-day cure period may be extended on a case-by-case basis. When a complaint is received, CMS will notify the subject of the complaint in writing. The
"covered entity" will then have the opportunity to: Health Plans Must Facilitate Compliance with Providers CMS recognizes that transmissions will often involve one compliant and one non-compliant entity.
For example, a health plan would be compliant and a health care provider non-compliant if a
transmission from the provider does not contain required data. This has raised concerns among health
care providers that their bills will not be processed and paid if a transmission is non-compliant. CMS states it will not impose a penalty on a health plan that adopts a contingency plan so that it
can keep paying providers, as long as the plan has made reasonable and diligent efforts to become
compliant and to facilitate the compliance of their trading partners. CMS will place a strong emphasis
on sustained actions and demonstrable progress. Although CMS does not give examples of contingency plans,
the Workgroup on Electronic Data Interchange (WEDI) has suggested several. For example, a health plan
could adopt a contingency plan that states that it will accept transactions without all of the required
data content elements for a brief time, as long as the transactions can otherwise be processed. Or a health
plan might establish a brief transition period in which it will continue to accept proprietary formats.
This would allow the parties to transactions to work out some of the possible glitches in the system that
may not have been fully explored during testing. Consequently, health plans should assess the readiness of their provider community and determine whether a
contingency plan is necessary to assure that cash flow remains steady. Corrective Action Plans CMS announced that after October 16, 2003, it expects non-compliant covered entities to submit plans to
achieve compliance in a manner and time acceptable to the Secretary. More detailed information on CAPs
will be forthcoming. What Plan Sponsors Should Be Doing Now Plan sponsors that conduct EDI transactions should review the status of both their internal testing and
external testing with trading partners (e.g., doctors, physician groups and hospitals). External testing
programs should be well underway and contact should be made with providers to determine whether contingency
plans need to be adopted. Plan sponsors should communicate with trading partners or assure that trading partner
agreements are in place detailing how transmissions should be submitted. High-volume trading partners (e.g.,
hospitals, physician groups and ambulatory care centers) should be identified and contacted. Plan sponsors that rely on service providers to conduct EDI transactions on their behalf should contact the
service provider to determine what actions they are taking. Although the service providers are conducting the
transmissions, the penalty for violation of the EDI rules would fall on the group health plan not on a third party
administrator, because the plan is the covered entity. |
|
||||
|
|
|||||
|
||||||
print this page