For our Healthcare Clients: We republish the following CMS Statement released November 17, 2011, regarding the 90 day period of enforcement discretion for compliance with new HIPAA Transaction Standards...
CMS STATEMENT
FOR IMMEDIATE RELEASE
Thursday, November 17, 2011
Centers for Medicare & Medicaid Services’ Office of E-Health Standards and Services Announces 90-Day
Period of Enforcement Discretion for Compliance with New HIPAA Transaction Standards
Today the Centers for Medicare & Medicaid Services’ Office of E-Health Standards and Services (OESS)
announced that it would not initiate enforcement action until March 31, 2012, with respect to any HIPAA covered
entity that is not in compliance with the ASC X12 Version 5010 (Version 5010), NCPDP Telecom D.0 (NCPDP
D.0) and NCPDP Medicaid Subrogation 3.0 (NCPDP 3.0) standards. Notwithstanding OESS’ discretionary
application of its enforcement authority, the compliance date for use of these new standards remains January 1,
2012 (small health plans have until January 1, 2013 to comply with NCPDP 3.0).
CMS’ Office of E-Health Standards and Services is the U.S. Department of Health and Human Services’
component that enforces compliance with HIPAA transaction and code set standards.
OESS encourages all covered entities to continue working with their trading partners to become compliant
with the new HIPAA standards, and to determine their readiness to accept the new standards as of January 1, 2012.
While enforcement action will not be taken, OESS will continue to accept complaints associated with compliance
with Version 5010, NCPDP D.0 and NCPDP 3.0 transaction standards during the 90-day period beginning January
1, 2012. If requested by OESS, covered entities that are the subject of complaints (known as “filed-against
entities”) must produce evidence of either compliance or a good faith effort to become compliant with the new
HIPAA standards during the 90-day period.
OESS made the decision for a discretionary enforcement period based on industry feedback revealing that,
with only about 45 days remaining before the January 1, 2012 compliance date, testing between some covered
entities and their trading partners has not yet reached a threshold whereby a majority of covered entities would be
able to be in compliance by January 1. Feedback indicates that the number of submitters, the volume of
transactions, and other testing data used as indicators of the industry’s readiness to comply with the new standards
have been low across some industry sectors. OESS has also received reports that many covered entities are still
awaiting software upgrades.
Version 5010, NCPDP Telecom D.0 and NCPDP Medicaid Subrogation 3.0 standards represent significant
improvement over the current standard versions. NCPDP Telecom D.0 addresses certain pharmacy industry needs.
NCPDP Medicaid Subrogation 3.0 allows state Medicaid programs to recoup payments for pharmacy services in
cases where a third party payer has primary financial responsibility. Version 5010 in particular provides more
functionality for transactions such as eligibility requests and health care claims status Implementation of Version
5010 also is a prerequisite for using the updated ICD-10 CM diagnosis and ICD-10-PCS inpatient procedure code
set in electronic health care transactions effective October 1, 2013.
Links to information on Version 5010, NCPDP D.0 and NCPDP 3.0 are available at www.cms.gov/ICD10
By:
DEPARTMENT OF HEALTH & HUMAN SERVICES
Centers for Medicare & Medicaid Services
Room 352-G
200 Independence Avenue, SW
Washington, DC 20201