CMS has no legal authority to extend the Oct. 16 deadline for compliance with HIPAA regulations on electronic transactions and code sets but will be lenient with enforcement for a short time after that date as long as covered entities have made "good-faith" efforts to comply with the standards, agency officials say.
In a long-awaited guidance on HIPAA transactions released today, CMS urges healthcare providers and payers to reach out to trading partners and to test electronic transactions in as many forms as possible up until Oct. 16 to ensure compliance. Entities that cannot meet the deadline despite their best efforts should develop contingency plans to assure prompt submission and payment of electronic claims.
"We are planning to abide by the deadline of Oct. 16," says CMS acting Deputy Administrator Leslie Norwalk. "Still, we do not want the healthcare system to shut down on Oct. 17."
Medicare is sticking by its decision not to accept paper claims once the HIPAA rules take effect, except from the smallest medical practices and other healthcare facilities, and is discouraging commercial payers from taking paper claims, Norwalk says.
As with the HIPAA privacy regulations that went into effect in April, CMS says enforcement of the transaction rules will be driven by individual complaints and on pre-deadline readiness activities.
"CMS will not impose penalties on covered entities that deploy contingencies (in order to ensure the smooth flow of payments) if they have made reasonable and diligent efforts to become compliant and, in the case of health plans, to facilitate the compliance of their trading partners," the guidance says.
CMS says noncompliant entities will be required to submit plans to achieve compliance. The agency says it will provide details at an unspecified later date.
In a nationwide conference call Thursday, Norwalk said the agency will ask questions such as: "What sort of good-faith effort did you make prior to Oct. 16 to make sure you are in compliance?"
According to Norwalk, "We will be looking after Oct. 16 at the amount of outreach (to trading partners) and testing before Oct. 16."
She says that CMS will not penalize covered entities if they have made "reasonable and diligent efforts" to meet the standards or if they have developed contingency plans. However, CMS will become less likely to consider pre-deadline efforts the longer entities wait beyond mid-October to finish their preparations, Norwalk says.
"In the few remaining months before the Oct. 16 deadline, HHS encourages health plans and providers to intensify their efforts toward achieving transaction and code set compliance," the three-page guidance says.
"The whole point of this exercise is to get the entire industry into compliance," Norwalk says.
CMS on Thursday also published a list of questions for providers to ask their vendors, clearinghouses or third-party administrators. These include which transactions their software supports, whether upgrades are necessary, if the practice will have to start collecting new data and whether the third party has tested with specific payers.
CMS encourages providers to ask vendors, clearinghouses and other third parties if they have any contingency plans in case they are not fully compliant by Oct. 16.
"Do not assume your vendor or clearinghouse is HIPAA compliant. Communicate with them often to determine their progress. Their HIPAA readiness will directly impact your HIPAA readiness," this document says.