1 / 16

Applying for an Extension to HIPAA Transaction and Code Set Compliance Date

Applying for an Extension to HIPAA Transaction and Code Set Compliance Date. The Fourth National HIPAA Summit Mark Lutes Partner, Epstein, Becker & Green, P.C. Washington, D.C. <mlutes@ebglaw.com> 202-861-1824. Where Does the Right to Extension Arise?.

vera-giles
Download Presentation

Applying for an Extension to HIPAA Transaction and Code Set Compliance Date

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Applying for an Extension to HIPAA Transaction and Code Set Compliance Date The Fourth National HIPAA Summit Mark Lutes Partner, Epstein, Becker & Green, P.C. Washington, D.C. <mlutes@ebglaw.com> 202-861-1824

  2. Where Does the Right to Extension Arise? • The Final Rule on Transactions and Code Sets established a compliance deadline of 10/16/02 • Congress passed H.R. 3323 delaying the compliance date until 10/16/03 for a covered entity that submits, by 10/15/02, a “plan” detailing how compliance will be achieved by such time.

  3. H.R. 3323 directed HHS to promulgate model form No approval of plans will occur--mere submission suffices Form available on line: <http://www.cms.hhs.gov/hipaa/hipaa2/ascaform.asp> Form can also be submitted by mail Advantage: Online submission only method of generating CMS confirmation though postal receipt is alternative any advantage to submitting a compliance plan in another format? Model Compliance Plan Option

  4. Analysis of the extent to which the covered entity is not in compliance The reasons for such non-compliance A budget, schedule, workplan or other implementation strategy Whether a vendor will be used to achieve compliance Timeframe for testing no later than 4/16/03 What did the Statute Suggest the Plan Would Need to Include?

  5. No need to state the extent to which covered entity is currently noncompliant “Reasons why” can include simply needing more time Budget requirement morphs into statement of aggregate costs Workplan requirement morphs into statement as to whether one exists Contrast with Statute: the Model Compliance Plan Approach

  6. Contrast with Statute: the Model Compliance Plan Approach • Strategy requirement translates into a simple task of assigning date to three presumed macro phases: • awareness • operational assessment • development and testing

  7. Who is Required to File? • Most covered entities that will not be compliant by 10/16/02 • Exclusion for small health plans • Hotly debated topic: whether a covered entity that is ready to receive standard transactions need file in case trading partners not ready-- HHS FAQs says “no”.

  8. What Penalty Applies? • H.R. 3323 allows the Secretary of HHS to exclude from the Medicare program covered entities that are not in compliance and do not submit by 10/15/02. • No regulations yet to explain how non-compliance will be assessed for purpose of this penalty • Query: does this make filing for an extension always a good idea?

  9. Filing By MCOs and Providers for the Group Health Plans They Sponsor • in theory there are multiple covered entities with filing obligations • Instructions suggest that where covered entities are: 1) related; and 2) operating under a single implementation plan, a combined filing would be appropriate • Issue: are you operating under a single implementation plan?

  10. Additional Provider Issue • How to reconcile privacy rule’s optional OCHA or ACE designations with TCS extension plan filing? • Designations not directly implicated nor does the model plan form take them into account • However, where OCHA or ACE participants meet the relatedness and single implementation tests are met, a single filing is appropriate

  11. Self-funded Group Health Plans • Unless self-administered, group health plan needs to coordinate with all vendors handling one or more of the HIPAA transactions • Med/surg, mental health, dental could be spread among multiple vendors with multiple: start/completion dates for phases which form surveys, development and testing dates, etc. • Strategies: “aggregate response” e.g,, earliest start date and latest completion date?

  12. Self-Funded Group Health Plan • Who will be the authorized person? • Group health plan could ask vendors to report to plan administrator • Group health plan could designate lead vendor and ask others to report to that vendor • ASO vendors not able to file single response for entire book of business--fail relatedness and single compliance plan tests

  13. Self-funded Group Health Plan Issues • Circulate proposed responses and ask for outliers to report by date certain? • How to account for aspects of compliance plan outside the vendor’s purview • e.g., enrollment and payment transactions

  14. Insured Group Health Plans • Could assume that each MCO is either ready by deadline or will file for itself • Report 834 (enrollment) compliance? • Or does plan sponsor not plan do enrollment? • Different result if plan sponsor conducts those transactions on behalf of the plan? • Same issues for 811 invoice and 820 payment?

  15. Sample Text from surveys Readiness Surveys

  16. Readiness Surveys • Theories of liability around negligent representation • Potential Disclaimers relative to responses • Alternative approaches to dialogue with your trading partners? • Why not deemphasize representations and warranties and emphasize timetables for information exchange and testing?

More Related