HIPAA regs
HIPAA dvisory
HIPAAdvisory > HIPAAregs > Transactions Phoenix Health Systems
news
regs
action
tech
wares
alert
live
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

The New Transactions Compliance Extension: What It Means to You

by Steve Fox, Esq., Partner, and Rachel Wilson, Esq., Pepper Hamilton LLP

The compliance date for HIPAA's Electronic Transaction Standards has been delayed. Well, sort of. President Bush recently signed the "Administrative Simplification Compliance Act," providing a one-year extension of the compliance date to covered entities that submit a plan describing how they will achieve compliance by the extended October 16, 2003 deadline. (Note: this is the same deadline which previously applied only to small health plans, and remains unchanged by this legislation.)

The required compliance plans must be submitted to HHS no later than October 16, 2002 -- the original compliance date. Plans must summarize the following:

  1. An analysis reflecting the extent to which, and the reasons why, the entity is not in compliance;
  2. A budget, schedule, work plan, and implementation strategy for achieving compliance;
  3. Whether the entity plans to use or might use a contractor or other vendor to assist the entity in achieving compliance; and
  4. A timeframe for testing that begins not later than April 16, 2003.

It is important to note that this date falls only SIX months after the original compliance deadline. In order to be ready for testing by this date, covered entities will have to make significant progress over the next year towards completion of their implementation/conversion plans.

On its end, HHS is required to publish a model compliance plan form by March 31, 2002. Covered entities may utilize the HHS form to submit the mandated information, or may use an alternative format.

What Was Congress' Intent?

This new law represents Congress' attempt to balance its concerns about delaying compliance against the legitimate reasons why compliance by October 2002 is untenable for many organizations. An unconditional one year delay had the potential to yield to indefinite extensions, falling prey to status quo advocates who would present new excuses and request additional extensions. Consequently, including the compliance plan requirement is intended to force covered entities to focus on implementation efforts and help them map out the exact steps needed to ensure compliance.

One of the underlying goals of Congress' compliance plan requirement is to support implementation efforts. Accordingly, the plans are not subject to HHS approval, but instead will be used to assist covered entities with their compliance initiatives. A sampling of the plans will be distributed to the National Committee on Vital and Health Statistics (the "NCVHS"), which intends to publish reports offering effective solutions to compliance problems identified in the submitted compliance plans. The reports will not focus on any one plan, but will be generalized and address the most common or challenging problems identified in the plans submitted. Confidential information included in compliance plans will be removed prior to NCVHS' publication of reports.

Will the Act Be Enforced?

In a word, yes. Covered entities that fail to submit compliance plans are required to comply with the electronic transaction standards no later than the original deadline of October 16, 2002. Organizations that fail to submit a compliance plan or implement the transaction standards by then may face exclusion from participation in Medicare, in addition to any and all other penalties permissible under HIPAA.

What About the Privacy Rule Deadline?

The Act specifically notes that its provisions do not affect the April 2003 compliance date for HIPAA's Privacy Standards. Congress wanted to ensure that entities comply with the Privacy Standard despite the fact that they may not be subject to the Transaction Standards until six months after the Privacy Standard goes into effect. Toward that end, covered entities are required to protect the confidentiality of patient information regardless of whether the data is transmitted in the format mandated under the Electronic Transaction Standards.

Can't We Just Go Back to Paper Claims?

In line with HIPAA's goal to promote industry-wide use of electronic transactions, the Act provides a strong disincentive to those considering a return to paper claims management. Covered entities are prohibited from submitting paper claims to Medicare after October 16, 2003. Submission of electronic, HIPAA compliant, Medicare claims will be a condition of payment from that date forward. There are waivers for certain small providers or if there is no method for electronic submission of claims available. Further details about this requirement are forthcoming.

The Act also expressly includes the Medicare+Choice program under the definition of a health plan, making these organizations covered entities and requiring them to comply with HIPAA as well.

Pepper Hamilton, LLP is a multi-practice law firm with more than 425 lawyers in 11 offices. Steve Fox leads Pepper's healthcare informatics practice.
www.pepperlaw.com

Go to TOP