CMS Announced 90-Day Discretionary Enforcement Period for Compliance with New HIPAA Standards

On November 17, 2011, the Centers for Medicare and Medicaid Services (“CMS”) announced that it will delay enforcement action until March 31, 2012 for those Health Information Portability and Accountability Act (“HIPAA”) covered entities that are not in compliance with the ASC X12 Version 5010, NCPDP Telecom D.0 and NCPDP Medicaid Subrogation 3.0 standards. CMS stated, however, that the compliance date remains January 1, 2012, but it will have discretionary application of its enforcement authority. In fact, according to an FAQ posted on the CMS website:

What will be the level of enforcement during the enforcement discretion period for X12 Version 5010 (Version 5010), NCPDP Telecom D.0 (NCPDP D.0) and NCPDP Medicaid Subrogation 3.0 (NCPDP 3.0) implementation?

The compliance date for implementation of these updated standards remains January 1, 2012. Because trading partner testing has not reached a threshold whereby a majority of covered entities may be able to comply by the compliance date, the Centers for Medicare & Medicaid Services’ Office of E-Health Standards and Services (OESS), has announced that it would exercise its enforcement discretion with respect to any HIPAA covered entity that a complaint is filed against for violation of compliance with Version 5010, NCPDP D.0 and NCPDP 3.0 standards. The enforcement discretionary period is for 90 days after the January 1, 2012 compliance date.

If a complaint is received by CMS after January 1, 2012, the entity against which the complaint has been filed will be evaluated to determine its level of compliance. An assessment will be made of the filed-against entity’s efforts to test and become compliant. OESS will take appropriate actions as permitted under the authority of the HIPAA enforcement rule, but will not assess any penalties and/or civil monetary penalties during this 90-day period.

Please note: this requirement applies to everyone who is covered by HIPAA, not just those who submit Medicare or Medicaid claims.

CMS’ ICD-10 page may be found here.

For more information on HIPAA Compliance, please contact Abby Pendleton, Esq. or Jessica L. Gustafson, Esq. at (248) 996-8510 or (212) 734-0128 or visit the HLP website.

Contact Information