|
 HIPAA
NEWS
The
Centers for Medicare and Medicaid Services
(CMS) has stated that they will not accept an extension request for
compliance with the Health Insurance Portability and Accountability
Act (HIPAA) after October 15, 2002. The electronic extension form
has been removed from the CMS Web site. CMS is in the process of
updating their Web site. CMS’ Web site is
www.cms.hhs.gov/hipaa.
The initial panic reactions to these regulations have been
similar to those experienced when the Privacy Rule was first released. While the
Security Rule is highly technical, in the end, implementation will not be as
onerous as many believe. With EmedSafe,
compliance can actually be a cost reduction and increase staff capacity.
EmedSafe has
overcome capital investment and scalability issues and provides user-friendly
tools to help practices comply with the regulation deadline of October 16, 2003
and for small health plans well before their April 20, 2005, deadline.
HIPAA COMPLIANCE DEADLINES:
Transactions and Code Sets
Requirements
-
October 16, 2002 (all covered
entities except small health plans less than $5 million in revenue)
-
October
16, 2003 (all small health plans)
Electronic Health Care Transactions and Code Sets
-
October
16, 2003 (covered entities that have requested an extension under ASCA)
National Employer Identifier
-
July 30, 2004 (all covered entities except small health plans)
-
July 30, 2005 (all small health plans)
Privacy Requirements
-
April 14, 2003 (all covered entities except small health plans)
-
April 14, 2004 (all small health plans)
CMS Announces HIPAA Contingency Plan- September 23, 2003
The Centers for Medicare and Medicaid Services (CMS)
announced September 23 that it will implement a contingency plan to accept
non-compliant electronic transactions after the October 16, 2003 compliance
deadline. The decision was made after statistics showed that an unacceptably low
number of compliant claims were being submitted. Under its contingency plan, CMS
will continue to accept and process claims in electronic formats now in use so
that its trading partners will have additional time to complete testing.
"Implementing this contingency plan moves us toward the
dual goals of achieving HIPAA compliance while not disrupting providers' cash
flow and operations, so that beneficiaries can continue to get the health care
services they need," said CMS Administrator Tom Scully.
To read CMS' press release, go to
http://www.cms.gov/media/press/release.asp?Counter=870
CMS Says Don't Expect
Any Delays On The Oct. 16 Deadline - July 1, 2003
There isn't a lot of time left for covered entities to
prepare for the Oct. 16 Transaction and Code Set deadline,
Karen Trudel, director of HIPAA outreach at the Centers
for Medicare and Medicaid Services (CMS), said at CMS'
eighth HIPAA roundtable discussion.
"Some people have said that HIPAA will go away, or
Congress will give us more time, or we don't have to worry
about this right now. Well, my response to that is first,
HIPAA is the law. It could be said that Congress has
already given us more time; time that is up on Oct. 16,
and it began last Oct. 16, 2002, with the extension," she
said.
Reported by HIPAA Heads Up
OCR Reports 637 Privacy
Complaints - June 30, 2003
OCR presented their data to the National Committee on
Vital and Health Statistics (NCVHS) at its June meeting.
The numbers reflect statistics gathered from April 14,
2003 to the middle of June. 637 privacy complaints have
been filed. Of those, 260 will proceed to investigation,
124 were closed without further investigation and no
official decision has been made on the remaining 253
complaints. Most of those closed reflect incidents
occurring prior to April 14, 2003.
The top reasons for complaints that will be investigated
include: 1) Patient denied access to medical records; 2)
No Notice of Privacy Practices provided to patients; 3)
Inadequate safeguards in place in treatment settings.
In addition, OCR has received several HIPAA privacy
complaints from employees reporting the organization where
they work. OCR is determining whether this meets the
"whistleblower" status and whether these complaints will
be referred to the Department of Justice.
Reported by HIPAA Weekly Advisor
Security and Transaction
Modification Final Rules - February 13, 2003
HHS Secretary Tommy G. Thompson today announced the
adoption of the Security and Transaction Modifications
Final Rules. The security standards will be published as a
final rule in the Feb. 20 Federal Register with an
effective date of April 21, 2003. Most covered entities
will have two full years -- until April 21, 2005 -- to
comply with the standards; small health plans will have an
additional year to comply, as HIPAA requires.
Security Standards
Final Rules - January 14, 2003
The OMB (Office of Management & Budget) received the Final
Rules yesterday on Security Standards and the
Modifications to Standards for Electronic Transactions and
Code Sets. Clearance for publication could take two weeks
to 90 days before being published in the Federal Register.
Rules
Clarification - December 30, 2002
In an answer to an inquiry I made to CMS regarding the
publication of the final Security Rule on December 27,
2002, the reply was that the Security Final Rules would be
published “as soon as possible”. From another news source,
I learned that the final rules have not been submitted as
yet to the OMB (Office of Management & Budget). The OMB
can take 2 weeks or longer (more likely) to review a rule
as hefty as HIPAA. Through another source, HHS has called
in additional resources to review the language and most
likely January 2003 won’t see the rule either.
Final Rules not
Published - December 28, 2002
Despite reassurance on
December 13, 2002 from Karen Trudel, deputy director of
the new Office of HIPAA Standards in the Centers for
Medicare and Medicaid Services, the Final Security
Standards did not appear in the Federal Register on
December 27, 2002. Additional publications were expected
as well; a final rule making modifications to the
transactions and code sets. Technical implementation
glitches and inconsistencies in the current final
transaction implementation guides have been found by
providers, payers and vendors. The final rule adopts the
fixes. The rule also adopts updated versions of
pharmacy-related transactions and code sets.
File Your Transactions
Complaints Online - December 16, 2002
Centers for Medicare and
Medicaid Services (CMS) has posted the "Electronic Health
Care Transactions and Code Sets Complaint Submission Form"
on its Web site and now can accept complaints online. The
form should not be used for complaints about privacy.
New Medicare Fee
Schedule Announced - November 28, 2002
Next year's Medicare
physician fee schedule may go into effect on February 1, a
Medicare official announced November 19. Problems with
certain calculations have delayed the schedule beyond the
usual January 1 launch. Congress may give the Centers for
Medicare & Medicaid Services (CMS) the authority to adjust
the fee update. A hopeful Tom Scully, the CMS
administrator, is seeking a positive 1.5% update.
Currently, the law requires a 4.4% negative update.
Final Security Rule
Expected Soon - November 27, 2002
The final security rule
under the Health Insurance Portability & Accountability
Act (HIPAA) is expected on December 27, and it’s more
streamlined than the bulky proposed rule, according to
William Braithwhite, MD, PhD, FACMI, national director of
HIPAA advisory services at PricewaterhouseCoopers, and
former senior advisor on health information policy for the
Department of Health and Human Services (HHS). The
HIPAA-Kit Newsletter will preview some of the expected
changes in next week’s edition (12/04/02).
DHHS Urged to Change
Transaction Codes - November 20, 2002
In a letter sent November
19, 2002 to the Department of Health and Human Services
(DHHS), The AHA, Federation of American Hospitals and the
Advanced Medical Technology Association urged DHHS to
replace the ICD-9-CM coding classification with ICD-10-CM
for diagnosis codes and ICD-10-PCS for procedure code
reporting for all hospital inpatient services. The groups
state the 23 year-old ICD-9-CM system limits the
capabilities of today’s needs and no capacity for growth.
They oppose the Common Procedure Terminology (CPT) system
for inpatient services, stating it was designed for
services more commonly provided for physicians’ offices.
X12N Addenda Announced -
November 7, 2002
The Washington Publishing
Company and the ASC X12N Committee announced the
publication of the X12N Addenda for the nine May 2000 X12N
Implementation Guides adopted for use under the Health
Insurance Portability and Accountability Act of 1996
(HIPAA). The X12N Addenda to the Implementation Guides are
not independent documents and must be used in concert with
the May 2000 Implementation Guides.
Final Security Rule to
be Published - November 7, 2002
Stanley Nachimson, CMS
Senior Technical Advisor said to expect the Final Security
Rule publication on December 27, 2002 along with the final
Addenda to Transactions and Code Sets. He was also quoted
as saying that the final National Provider Identifier is
expected in early 2003 and the National Health Plan
(Payer) is expected in early Spring 2003.
CMS reports many
delinquent filers - November 19, 2002
CMS reports that more than
1 million covered entities did not file for an extension
to the Transactions and Code Sets. They will, however, not
be actively pursued or have to pay fines at first.
Corrective action plans will be the first step following a
complaint investigation. CMS advises all that did not file
for the extension to become compliant as soon as possible.
Patient Consent
Provisions - November 19, 2002
House Democrats introduced
two bills last month to restore patient consent provisions
of the HIPAA Privacy Rule. HR5646 would also require
health providers to notify consumers when they receive
payment from drug companies to send unsolicited marketing
material and limit how FDA regulated companies could use
or disclose personal medical information.
Another bill, The Health
Records Confidentiality Bill was introduced and seeks to
prohibit the use of patient databases for marketing
without the express consent of the patient (S 3064).
Implementation Guides
Addenda 11/7/2002
The Washington Publishing
Company and the ASC X12N Committee announced the
publication of the X12N Addenda for the nine May 2000 X12N
Implementation Guides adopted for use under the Health
Insurance Portability and Accountability Act of 1996
(HIPAA). The X12N Addenda to the Implementation Guides are
not independent documents and must be used in concert with
the May 2000 Implementation Guides.
Transaction Code
Enforcement 10/15/2002
In a press release issued
today, HHS Secretary Tommy G. Thompson announced that CMS
(Centers for Medicare and Medicaid Services – formerly
HCFA) will be responsible for enforcing the HIPAA
transaction and code set standards. To accomplish the end
result of streamlining and standardizing the electronic
filing and processing of electronic claims in an effort to
save money and provide better service to providers,
insurers and patients, will require an enforcement
operation that will assure compliance and provide support.
Federal law, HIPAA,
requires most health plans, clearinghouses and those
providers conducting certain transactions electronically
to be compliant by October 16, 2002, unless they have
filed for the one year extension (deadline October 15,
2002). Those who are not compliant and have not filed for
the extension may be subject to statutory penalties.
Enforcement activities will
focus on obtaining voluntary compliance through technical
assistance. The process will be primarily complaint driven
and will consist of progressive steps that will provide
opportunities to demonstrate compliance or submit a
corrective action plan.
Battle in Iowa raises
questions over limits of medical privacy 9/26/2002
by Janlori Goldman
Director, Health Privacy Project, Georgetown University
Iowa law enforcement
officials are pressing the state’s Planned Parenthood and
five local hospitals to release the names, addresses and
ages of all women who had a positive pregnancy test
between August 15, 2001 and May 30, 2002. Planned
Parenthood has refused to release any patient information,
citing state confidentiality laws. Now the Iowa Supreme
Court has agreed to hear the case and Planned Parenthood
will file its brief on Sept. 30. The court is expected to
rule by the end of this year on whether the police can
demand these highly sensitive records.
The Iowa case is raising a
furor nationally for a number of reasons:
-
What kind of a criminal
case justifies law enforcement access to such a sweeping
body of sensitive medical information?
-
Does the state privacy
law – or the new federal medical privacy law – set any
real limits on police access to patient records?
-
Do electronic medical
records make it easier for law enforcement to cast the
net wide on fishing expeditions?
U.S. House Approves
Medical Liability Legislation 9/30/2002
On Sept. 26, the House of
Representatives approved H.R. 4600, a medical liability
reform bill by a vote of 217-203. The legislation awaits a
vote in the Senate.
According to the Medical
Group Management Association (MGMA), the bill's reforms
include:
-
Caps. Non-economic
damages, such as pain and suffering, would be capped at
$250,000. The amount of damages that injured patients
could recover for economic harm, such as future medical
expenses and loss of future earnings, would not be
limited.
-
Time limits. A lawsuit
may be filed no later than three years after the date of
injury or one year after the party discovered (or
through reasonable diligence should have discovered) the
injury.
-
Evidence standards. A
standard of clear and convincing evidence for punitive
damages would be established. The legislation would also
limit punitive damages to two times the amount of
economic damages awarded or $250,000 (the greater of the
amounts).
-
Proportional
allocations. Payment for damages would be proportional
to a party's degree of fault.
Click here for
the
Complete
HIPAA Guidelines
|
