| HIPAAdvisory > HIPAAnews > Archives |  |
|
September 2003 News ArchivesSeptember 26, 2003 HIMSS: Testing, Talking and Documenting Key for TCS Compliance The recent announcement that the Centers for Medicare and Medicaid Services (CMS) will implement a contingency plan to accept non-compliant electronic HIPAA transactions after the October 16, 2003 transactions and code sets (TCS) deadline has left many covered entities wondering what this means. As an association that represents all segments impacted by this, the Healthcare Information and Management Systems Society (HIMSS) is recommending the healthcare industry take steps to avoid confusion regarding the potential action of other payers or delay the forward movement towards HIPAA compliance within the industry. September 24, 2003 BCBS Will Accept Non-Compliant Claims Under TCS Contingency Plans Each of the 42 Blue Cross and Blue Shield (BCBS) companies will continue to accept existing claim formats, in addition to HIPAA compliant transactions, under their respective contingency plans after the Oct. 16 Transactions and Code Sets (TCS) compliance deadline. According to TCS Implementation Guidance issued by the Centers for Medicare and Medicaid Services (CMS) on July 24, 2003, payers will not be penalized for accepting existing transactions during a transition period as part of their contingency plan, provided they can demonstrate good faith efforts in working with their providers to facilitate compliance. Alissa Fox, Executive Director, Policy, BCBSA, testified yesterday before the Senate's Special Committee on Aging concerning the regulatory implementation repercussions stemming from HIPAA (see below). September 23, 2003 Senate Committee Hears Testimony on HIPAA The Senate Special Committee on Aging held a hearing today on HIPAA, its implementation and enforcement. Committee Chairman Larry Craig (R-ID) said, "I called today's hearing to get some clear answers from federal officials about how they planned to avoid what many have feared could be a financial 'train wreck' of stopped payments, denied medical care, or even a widespread reversion from electronic claims back to time-consuming paper claims. I commend the Bush administration for announcing this critically needed step today. With just over three weeks left before the deadline, it comes not a moment too soon."The hearing, entitled, "HIPAA Medical Privacy and Transaction Rules: Overkill or Overdue?" included an extensive question and answer session between Sen. Craig and federal officials concerning HHS’ announcement and other aspects of the HIPAA rules. September 23, 2003 Medicare Announces Its TCS Contingency Plan The Centers for Medicare & Medicaid Services (CMS) announced today that it will implement a contingency plan to accept noncompliant electronic transactions after the October 16, 2003 compliance deadline. This plan will ensure continued processing of claims from thousands of providers who will not be able to meet the deadline and otherwise would have had their Medicare claims rejected. CMS made the decision to implement its contingency plan after reviewing statistics showing unacceptably low numbers of compliant claims being submitted. The contingency plan permits CMS to continue to accept and process claims in the electronic formats now in use, giving providers additional time to complete the testing process. As previously stated, the contingency plan will be the same for all Medicare's fee-for-service contractors. CMS will regularly reassess the readiness of its trading partners to determine how long the contingency plan will remain in effect. CMS announced its contingency plan on September 11, but at that time had not made a decision on whether the plan would be implemented. Today's announcement means the CMS plan will be implemented on October 16, 2003. September 19, 2003 Some State Medicaid Programs Will Not Be Ready Oct. 16 A few state Medicaid programs are now ready to accept electronic transactions, but many more are not yet and possibly will still not be ready by the October 16 Transactions and Code Sets (TCS) compliance deadline. The Centers for Medicare & Medicaid Services (CMS) issued a statement last week that while CMS is working on the possibility of Medicare implementing a contingency plan, other health plans are urged to announce their contingency plans as soon as possible. Some states, such as Arizona, have posted their Medicaid program's TCS contingency plans, identifying the contingencies or alternatives that provide possible interim solutions to delays in implementation. Read more, including the TCS compliance status for 29 states. September 19, 2003 Coalition Urges Protection of Health Info Sent Through Banking Network The Electronic Privacy Information Center (EPIC), the Health Privacy Project and 28 other health care advocacy, labor, consumer, disability rights, and health care provider groups sent a letter to The Department of Health and Human Services (HHS) Secretary Tommy Thompson urging him to affirm that protected health information (PHI) sent through the banking network must be accessible only to providers and health plans for whom it is intended. Financial institutions have expressed interest in data mining electronic transactions that flow through the banking system in order to gain information for use in marketing and credit risk evaluation. View
the letter sent by the coalition (PDF). September 19, 2003 Anonymous Patient Identified, But Not Through Her Doctor The case of Jane Doe, unconscious in critical condition since being hit by a truck in Michigan on Sepember 1, was solved without help from her doctor. The Detroit Free Press reports police tracked the bar code from makeup the woman had to a Rite Aid drugstore. Store workers manually sorted through receipts until they found the purchase. Along with the makeup, the woman had picked up prescription medication from a local doctor. Police then called the doctor, who declined to provide them with the woman's name because of confidentiality laws. September 17, 2003 CMS Presenting HIPAA TCS Implementation Roundtable Sept. 25 The Centers for Medicare and Medicaid Services (CMS) is hosting its Thirteenth National HIPAA Implementation Roundtable conference call on Thursday September 25, 2003 from 2:00 - 3:30PM ET. The call will focus on the HIPAA Transactions and Code Sets Standards.
Due to the volume of callers wishing to participate, CMS asks that participants dial in fifteen minutes before the start of the meeting. September 17, 2003 Cybersecurity Forum Planned Federal Computer Week reports the Department of Homeland Security (DHS) now has the foundation for addressing cybersecurity vulnerabilities and response, but the details will be filled in at a summit later this year, Robert Liscouski, assistant secretary of infrastructure protection, testified before a House subcommittee yesterday. The cybersecurity division will hold a forum in the fall for federal, state and local government agencies, and all portions of the private sector, to determine the details of executing the priorities outlined in the National Strategy to Secure Cyberspace. September 12, 2003 CMS Not Confident Providers Are Ready for TCS Deadline "Not confident that providers are ready or that they have enough time for adequate testing," Leslie Norwalk, Acting Deputy Administrator of the Centers for Medicare & Medicaid Services (CMS), yesterday issued a statement that while CMS is working on the possibility of Medicare implementing a contingency plan, other health plans are urged to announce their contingency plans as soon as possible. CMS' Guidance on the TCS Compliance Deadline, issued 7/24/03, clarified that covered entities, which made a good faith effort to comply with HIPAA transaction and code set standards, may implement contingencies to maintain operations and cash flow. September
11, 2003 Security Experts: New Attacks Likely to Exploit
Latest Windows Flaws Security experts are predicting new attacks
trying to take advantage of three critical Windows flaws announced
yesterday by Microsoft, reports ComputerWorld. Because the vulnerabilities
are very similar to the one that the Blaster worm took advantage
of last month, it will take little effort to create variants attacking
the new holes, they said. The Department of Homeland Security (DHS)
also issued an advisory yesterday warning users of the “potential
for significant impact on Internet operations” because of the
vulnerabilities. September 11, 2003 CMS to Decide by Sept. 25 Whether to Deploy TCS Contingency Plan AHA News reports the Centers for Medicare & Medicaid Services (CMS) announced in eight new Frequently Asked Questions posted to its web site that it is assessing the health care industry's readiness to comply with the HIPAA transactions standards to determine whether it will deploy its contingency plan, adding that a decision on whether to deploy the plan will be made by Sept. 25. CMS said that if it decides to deploy its contingency plan, Medicare would continue to accept and send transactions in formats being used now, in addition to HIPAA compliant transactions, while Medicare providers and others worked through issues related to implementing the HIPAA standards. Read
Health Data Management's article, "Feds Clarify HIPAA Compliance
Plans." Read
CMS' FAQs on contingency plans. September 5, 2003 Wal-Mart Pharmacy Inadvertently Releases List of Medical Info to Reporter Wal-Mart officials are investigating a recent incident in which a list of 22 customers, their telephone numbers and the drugs they were taking was inadvertently given to another pharmacy customer, a reporter for the Lubbock Avalanche-Journal. The list for prescriptions filled between August 23 and 28 "was just stapled to something else," pharmacy manager Jana Snelling said. "It's not like that's a normal practice." She said most people would have returned the document to the pharmacy or destroyed it. September 3, 2003 Kobe Bryant's Attorneys Ask for Accuser's Medical Records Lawyers for NBA star Kobe Bryant, charged with sexually assaulting a 19-year-old, have subpoenaed a Colorado hospital to see his accuser's medical records, reports the San Francisco Chronicle. The subpoenas were disclosed in a court filing by a Greeley hospital where the accuser was treated in February after police at the University of Northern Colorado determined she was a "danger to herself." Attorneys for the North Colorado Medical Center and its psychiatric care center asked a judge to quash the subpoenas and destroy the records already sent to him, citing medical privacy laws. The woman's attorney has told the hospital she has "explicitly not waived her medical privilege," according to the filing. September 3, 2003 India to Adopt Data Privacy Rules India's Ministry of Information Technology and the National Association of Software and Service Companies (Nasscom) are drafting a data protection law designed to quell growing privacy concerns from their offshore clients, reports CIO Magazine. The legislation, expected to be in place early next year, would provide legal safeguards to ensure data privacy protection in India. Such safeguards are required for all data leaving the European Union, which is a result of the EU Data Protection Directive and is what prompted India to act. But the safeguards could also prove beneficial for American companies regulated by laws such as HIPAA and Gramm-Leach-Bliley. September 2, 2003 Increasing Virus Attacks Spur Call for Oversight Some experts say it is time for the government to bolster a basic sense of stability in cyberspace that societies expect from their critical public resources, reports the New York Times. "The government has essentially relied on the voluntary efforts of industry both to make less-buggy software and make systems more resilient," says Michael A. Vatis, former director of the National Infrastructure Protection Center at the Federal Bureau of Investigation. "What we're seeing is that those voluntary efforts are insufficient, and the repercussions are vast." The increasing frequency and severity of computer virus attacks — last month's dual assault cost billions of dollars in lost productivity alone — may have muted the antiregulatory reflex. Many security experts now advocate direct regulation, in the form of legislation that makes software companies liable for damage caused by security flaws in their products. According to an attorney quoted in the Telecom Manager's Voice Report newsletter, the HIPAA security rule says hospital IT and telecom teams could be liable should Internet worms and viruses paralyze operations. The security rule will require providers to take reasonable measures, such as firewalls and virtual private networks, to block viruses. The newsletter reports that last month, a worm struck an internal network at Georgetown University Hospital in Washington, DC, though patient information was not affected in any way. September 2, 2003 Kansas University Changes Athlete-Injury Reporting Rule According to the Lawrence (KS) Journal-World, Kansas University's (KU) athletic department has implemented a new policy to comply with HIPAA privacy laws. Student-athletes are now required to sign a waiver form before their injury information can be released to the media and other individuals not associated with health care. The waiver will not cover the entire season; each injury will require a new form to be signed. If the student-athlete declines to sign the waiver, KU officials can discuss playing status only (i.e., playing, probable, doubtful or out).
|
![[external link]](../../../images/extlink.gif "external link"){kind=small}
