CMS Delays HIPAA Transaction Operating Rules Enforcement
Enforcement of two new HIPAA transaction operating rules has been delayed 90 days by the Centers for Medicare and Medicaid Services’ Office of E-Health Standards and Services (OESS). The operating rules, which are intended to simplify and standardize complex administrative healthcare transactions and are required for all HIPAA-covered entities, will not be enforced by OESS until March 31, 2013—though the formal compliance date for the rules remains January 1, 2013, according to a CMS press release.
The operating rules, called for by the Affordable Care Act, manage the “eligibility for a health plan” and “healthcare claim status” transactions that providers and payers use to receive and send healthcare business information. The operating rules were created to further clarify the HIPAA transaction standards and reduce administrative costs in the process. OESS decided to delay enforcement from January 1, 2013 after receiving feedback from industry stakeholders that too many covered entities were unprepared to use the new rules.
“HIPAA covered entities have not reached a threshold whereby a majority of covered entities would be able to be in compliance with the operating rules by January 1, 2013,” the CMS press release said. “This enforcement discretion period does not prevent applicable HIPAA covered entities that are prepared to conduct transactions using the adopted operating rules from doing so, and all applicable covered entities are encouraged to determine their readiness to use the operating rules as of January 1, 2013 and expeditiously become compliant.”
Though OESS will not take enforcement action until March 31, it will still accept complaints associated with operating rule compliance. Those entities subject to complaints must produce evidence of either compliance or “a good faith effort” to become compliant with the operating rules during the 90-day grace period.
For more on the two pending operating rules, read this Journal of AHIMA article.