Apex 3 Blog
A blog to offer ideas, suggestions and techniques to turn around or fix troubled or failed IT projects

Recent CMS Statement Covering Enforcement Discretion for HIPAA Transaction Compliance

by Mark Davison December 11. 2011 17:55

For our Healthcare Clients:  We republish the following CMS Statement released November 17, 2011, regarding the 90 day period of enforcement discretion for compliance with new HIPAA Transaction Standards...




Thursday, November 17, 2011                           


Centers for Medicare & Medicaid Services’ Office of E-Health Standards and Services Announces 90-Day 

Period of Enforcement Discretion for Compliance with New HIPAA Transaction Standards 


Today the Centers for Medicare & Medicaid Services’ Office of E-Health Standards and Services (OESS) 

announced that it would not initiate enforcement action until March 31, 2012, with respect to any HIPAA covered 

entity that is not in compliance  with the ASC X12 Version 5010 (Version 5010), NCPDP Telecom D.0 (NCPDP 

D.0) and NCPDP Medicaid Subrogation 3.0 (NCPDP 3.0) standards. Notwithstanding OESS’ discretionary 

application of its enforcement authority, the compliance date for use of these new standards remains January 1, 

2012 (small health plans have until January 1, 2013 to comply with NCPDP 3.0). 


CMS’ Office of E-Health Standards and Services is the U.S. Department of Health and Human Services’ 

component that enforces compliance with HIPAA transaction and code set standards. 


OESS encourages all covered entities to continue working with their trading partners to become compliant 

with the new HIPAA standards, and to determine their readiness to accept the new standards as of January 1, 2012.  

While enforcement action will not be taken, OESS will continue to accept complaints associated with compliance 

with Version 5010, NCPDP D.0 and NCPDP 3.0 transaction standards during the 90-day period beginning January 

1, 2012.  If requested by OESS, covered entities that are the subject of complaints (known as “filed-against 

entities”) must produce evidence of either compliance or a good faith effort to become compliant with the new 

HIPAA standards during the 90-day period.   


OESS made the decision for a discretionary enforcement period based on industry feedback revealing that, 

with only about 45 days remaining before the January 1, 2012 compliance date, testing between some covered 

entities and their trading partners has not yet reached a threshold whereby a majority of covered entities would be 

able to be in compliance by January 1.  Feedback indicates that the number of submitters, the volume of 

transactions, and other testing data used as indicators of the industry’s readiness to comply with the new standards 

have been low across some industry sectors.  OESS has also received reports that many covered entities are still 

awaiting software upgrades.   


Version 5010, NCPDP Telecom D.0 and NCPDP Medicaid Subrogation 3.0 standards represent significant 

improvement over the current standard versions.   NCPDP Telecom D.0 addresses certain pharmacy industry needs.  

NCPDP Medicaid Subrogation 3.0 allows state Medicaid programs to recoup payments for pharmacy services in 

cases where a third party payer has primary financial responsibility.   Version 5010 in particular provides more 

functionality for transactions such as eligibility requests and health care claims status   Implementation of Version 

5010 also is a prerequisite for using the updated ICD-10 CM diagnosis and ICD-10-PCS inpatient procedure code 

set in electronic health care transactions effective October 1, 2013.  


Links to information on Version 5010, NCPDP D.0 and NCPDP 3.0 are available at www.cms.gov/ICD10 




Centers for Medicare & Medicaid Services 

Room 352-G 

200 Independence Avenue, SW 

Washington, DC  20201 


Add comment

  Country flag
  • Comment
  • Preview

About Mark Davison

Mark Davison

After 25+ years of working on and leading projects primarily in IT, I'm establishing this blog to share knowledge, ideas, tips and techniques regarding how to turnaround and fix troubled and failed projects

Month List

Tag cloud

    ContactUs About Services Industries About Services