|
News
|
March 28,
2002 |
| The proposed
rules on Part 164 - Standards for Individually Identifiable Health
Information, can be found in PDF format here. |
|
February 25,
2002 |
The
following appeared in HFMA Express News February 22, 2002
"CMS
STRUGGLES TO MEET ORIGINAL DEADLINE FOR TRANSACTION STANDARDS
Organizations
that will not be filing for the transaction standards implementation
extension under the Administrative Simplification Compliance Act only
need to test the transactions outlined in the original standards, CMS
explained at the National Uniform Billing Committee's (NUBC's)
February 14-15, 2002, meeting. Such entities don't need to test for
anticipated modifications. This is because CMS was unable to formally
publish the modifications in time to allow for statutorily required
review and implementation periods to occur prior to the October 16,
2002, deadline.
Furthermore,
even though some organizations may be sticking to the original October
16, 2002, implementation deadline, CMS has indicated to the NUBC that
it will not be ready by then to implement several transactions
standards, including the 837IB, 837COB, and the 4010.
For
more information on the NUBC, go to http://www.nubc.org "
|
|
January 18, 2002 |
CMS
will broadcast a 60 minute introduction to HIPAA Administrative
Simplification on January 22, 2002 at noon and 3 pm (CST). Both times
will feature the same broadcast. The Webcast will be made only on the
noon broadcast, but will be available to download for thirty days
afterward. The following is the notice that CMS distributed. If anyone
plans to receive the satellite transmission, and is willing to host
other WorkGroups members, either "reply to all" or send the
information to me and I'll redistribute it.
"Meeting the
HIPAA Challenge: An Introduction to the HIPAA Administrative
Simplification Regulations
"This satellite
broadcast and webcast will inform physicians and the health care
provider community about the Administrative Simplification
provisions of the Health Insurance Portability and Accountability
Act (HIPAA). This presentation will serve as an informational
resource to explain and highlight critical issues relating to
HIPAA's Transaction &Code Sets, information about the Privacy
Rule and all the up-to-date news.
"This
is an updated version of last year's broadcast. Information about
this satellite broadcast can be viewed at
http://www.hcfa.gov/medlearn/hipacast.htm
"Webcast
information can be found at:
http://cms.livewebcasts.com/
"Please
direct questions regarding this broadcast to Robin Phillips at:
CMS
- 410-786-3010
mailto:rphillips@cms.hhs.gov
|
| January
11, 2002 |
The
following is the "official statement" from CMS (formerly
HCFA) regarding the signing, implementation and requirements of the
Transaction & Code Set implementation delay.
On
December 27, 2001, President Bush signed into law H.R. 3323, the
Administrative Simplification Compliance Act (now known as Public Law
107-105). This law provides for a one year extension of the date for
complying with the HIPAA standard transactions and code set
requirements (to Oct 16, 2003) for any covered entity that submits to
the Secretary of Health and Human Services a plan of how the entity
will come into compliance with the requirements by October 16, 2003.
The
plan must be submitted by October 15, 2002 and shall be a summary of:
(A)
An analysis reflecting the extent to which, and the reasons why, the
person is not in compliance.
(B)
A budget, schedule, work plan, and implementation strategy for
achieving compliance.
(C)
Whether the person plans to use or might use a contractor or other
vendor to assist the person in achieving compliance.
(D)
A timeframe for testing that begins not later than April 16, 2003.
The
law also requires the Department to develop and promulgate a model
compliance form for the plan by March 31, 2002, and to allow for
compliance plans to be submitted electronically.
Please
note that this legislation kept in place the compliance deadlines for
the Privacy Rule (April 14, 2003 for all covered entities except small
health plans; April 14, 2004 for small health plans).
The
Department will be providing the details of the model form and
submission procedures at a later date.
The
law also requires that, by Oct 16, 2003, providers stop submitting
paper claims and submit claims electronically to Medicare. There are
waivers for certain small providers or if there is no method for
electronic submission of claims available. CMS will provide further
details about these requirements through the regulatory process.
You
can read the enrolled version of the bill (the version passed by
Congress) at:
http://thomas.loc.gov/cgi-bin/query/z?c107:H.R.3323.ENR:
The
Public Law version is expected to be available at the Government
Printing Office shortly.
Stanley
Nachimson
Office
of Information Services, CMS
410-786-6153
DON'T
FORGET TO REGISTER FOR THE JANUARY WORKGROUPS SESSIONS COVERING
MINIMUM NECESSARY AND SECURITY ISSUES. WE HAVE ALSO ADDED A FOURTH
SESSION IN NEW ORLEANS. A DETAILED OUTLINE AND BIOGRAPHIES OF THE
SPEAKERS HAVE BEEN ADDED TO THE WEBSITE. CALL OR EMAIL US IF YOU HAVE
ANY QUESTIONS.
|
|
January 10, 2002 |
|
DON'T FORGET THE HIPAA
SECURITY & ACCESS WORKGROUPS SESSIONS.
HR 3323, which was signed
by President Bush at the end of last year, delays the effective date
of the Transaction & Code Set regulations for one year. The
following is an excerpt from the published legislative history that
makes it clear that the legislation does not delay the privacy
compliance deadline. We will publish the entire statement on the
website in the next few days.
"Mr. Thomas, on behalf
of himself, Mr. Rangel, Mrs. Johnson, Mr. Stark and Mr. Hobson
inserted the following comments in the Congressional Record of
December 20, 2001 regarding H.R. 3323.
Legislative History and
Intent Concerning H.R. 3323, the Administrative Simplification
Compliance Act.
Background and Need For
Legislation
The administrative
simplification provisions of the Health Insurance Portability and
Accountability Act (HIPAA) of 1996 will improve administrative
efficiencies in the health care market by facilitating electronic
transactions between covered entities-health plans, clearing houses
and health care providers. Indeed, the Department of Health and Human
Services estimated that administrative simplification will save $29.9
billion over 10 years as a result of increased efficiencies.
Many covered entities
believed coming into compliance with the October 16, 2002 deadline set
by the regulations implementing the transactions and code set
standards required by HIPAA was an insurmountable hurdle. As such,
they argued that a one-year delay in implementing the transactions and
code set standard was necessary.
* * *
Scope and Application of
Confidentiality Rule
In this legislation, the
Committee has sought to ensure that entities become compliant with the
April 14, 2003 HIPAA confidentiality requirements despite the fact
that the final transaction standards will not be effective until six
months later. With regard to clearinghouses, the Committee appreciates
that there are healthcare information technology vendors, such as
applications service providers (ASPs) that create, adjudicate and
process claims in other ways than converting data into standard
transactions formats other than HIPAA standardized formats. The
Committee does not intend to create any new covered entities under any
of the HIPAA rules during this time.
The Committee does not
intend to modify the April 14, 2003 effective date of the
confidentiality regulation in this legislation.
* * *
Completion of Additional
Rules
The Committee strongly
encourages the Department of Health of Human Services to complete in
final form, the outstanding rules provided for in the original
statute, namely the provider identifier, plan identifier, and employer
identifier. Congress also strongly encourages the Department to issue
the final security and electronic signatures regulation.
DON'T FORGET TO REGISTER
FOR THE JANUARY WORKGROUPS SESSIONS COVERING MINIMUM NECESSARY AND
SECURITY ISSUES. WE HAVE ALSO ADDED A FOURTH SESSION IN NEW ORLEANS. A
DETAILED OUTLINE AND BIOGRAPHIES OF THE SPEAKERS HAVE BEEN ADDED TO
THE WEBSITE. CALL OR EMAIL US IF YOU HAVE ANY QUESTIONS.
|
| December 31, 2001 |
It
was reported that HR 3323 was signed by the President last Thursday,
December 27. It is now official - the Transaction & Code
Sets compliance date has been moved back one year. The first
HIPAA rule to go into effect will now be the Privacy rules.
Happy
New Year!
|
|
December
27, 2001 |
|
The Society for Healthcare
Strategy and Market Development of the American Hospital Association
recently released the latest edition of its "Guidelines for
Releasing Information on the Condition of Patients." This short
publication was revised to comply with the directory provisions in the
"opt-out" section (§510) of the HIPAA Privacy Rules. It can
be accessed (at no charge) at http://www.stratsociety.org/resources/rc_315.doc
.
Those who attended the last
WorkGroups sessions (Authorization and Opt-Out) will find it
particularly interesting. It will be a good starting point for an
effective policy on the subject.
|
|
June 29, 2001 |
DHHS Secretary on Privacy Guidelines
At a recent breakfast briefing and Q&A, DHHS Secretary Thompson
was asked "when will the privacy guidelines be out?"
Thompson indicated that they were still at OMB, that he had expected
them out a month ago, that he was pushing to get them out, and that he
expected them within the "next couple of weeks". He indicated
that they were about 40 pages in length and addressed some of the more
egregious problems with the rule, including the picking up prescriptions
problem and the issues surrounding lab work.
|
|
June 7, 2001 |
|
Updated
the Useful Links Page; click here to view it.
|
|
May 22, 2001 |
|
Get
information about the Louisiana HIPAA Conference; click
here.
|
|
February 26, 2001 |
|
DHHS
delays privacy rules and extends comment period
HHS
published a notice on February 26 indicating that due to an
oversight, the new effective date for the Final
Privacy Rule would be April 14, 2001, with a new compliance date of
April 14, 2003. On February 28, the Department of Health and Human
Services ("DHHS") also reopened the Final Privacy Rule,
originally published December 28, 2000, to add a thirty-day comment
period. Comments are due by March 30, according to a notice
published in the February 28 Federal Register.
In a
February 23 press release, DHHS Secretary Tommy Thompson observed
that the agency would use the opportunity presented by the delay to
add a public comment period, after which DHHS will review the
comments it receives
to determine whether changes in the final rule are needed to ensure
that the rule will work as intended without creating unanticipated
consequences that might harm patients' access to care or the quality
of that care. It is expected that after the comment period ends and
the congressional review period runs out, DHHS will announce whether
it intends to make changes to the rule.
Thompson stated in an address on March 1 to attendees at a
conference on HIPAA that during DHHS' review, the agency would
ensure that it had not overstepped its authority in issuing the
regulations, and noted that both he
and President Bush intend to look to state and local governments for
ways to increase access to and improve the quality of healthcare in
the United States.
|
|
|
Nov. 9, 2000
|
|
Most
hospitals not yet aggressively preparing for HIPAA ...
"Most hospitals are not yet aggressively involved in preparing for HIPAA
implementation despite the expectation that the regulations will be finalized by
the Department of Health and Human Services by the end of this year."
That was the conclusion of a recent survey designed to assess the readiness
of hospitals nationwide to implement information security regulations proposed
under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
HIPAA's proposed information security standards require providers and payors to
embrace new guidelines that ensure patient privacy and security of all
electronic systems that contain health information. The survey was conducted by
HCPro, a provider of management and regulatory information to healthcare
professionals.
The HCPro survey of 167 hospitals, found that only 24% had completed a
security audit. Of the 76% who hadn't completed an audit, only half indicated
that they planned to complete an audit by April 2001. Security audits of
information systems are widely regarded by industry experts to be the first step
in a thorough appraisal of system weaknesses. The survey also found that 40% of
the hospitals have not yet selected an Information Security Officer, a position
proposed by HIPAA, and 30% have yet to form organizational committees to examine
HIPAA issues.
"Clearly, this survey demonstrates that most providers are not
proactively preparing for HIPAA," according to Paul Nash, executive editor
of Briefings on HIPAA and Health Information Security. "HCPro's experience
with organizations preparing for HIPAA has shown that the process of achieving
compliance is time consuming and resource intensive. Even though enforcement is
still over two years away, hospitals should at least be examining their security
systems and processes and comparing them to the rule HIPAA has proposed."
The survey also found that of the hospitals that have performed information
security audits, 51% believe their information security procedures will need
major improvements or a complete overhaul. And 49% said their policies would
need either major improvement or complete replacement. Yet considering that so
many hospitals anticipate having to make major changes, only 5% indicated that
they have an annual budget for HIPAA compliance.
The survey also found that 16% of hospitals believe their information
security systems were completely adequate in ensuring limited access to
information by only those staff with a need to know the information retrieved.
Hospitals will have two years to comply with HIPAA's security regulations
after the regulations become finalized. HHS will levy heavy financial penalties
against organizations that fail to comply and criminal penalties against
individuals found guilty of certain wrongful disclosures of health information.
[Return to top of
page]
|
|
|