CMS issues guidance on HIPAA Transactions and Code Sets

The Centers for Medicare and Medicaid Services on July 24 issued a guidance document on compliance with the HIPAA transactions and code sets rule after the Oct. 16 compliance deadline. The guidance document contains some tough language, but indicates that the government is willing to provide some flexibility to covered health entities that are not entirely HIPAA compliant by the deadline.

“The law is clear: October 16, 2003, is the deadline for covered entities to comply with HIPAA’s electronic transaction and code sets provisions,” according to the guidance document. “After that date, covered entities, including health plans, may not conduct non-compliant transactions.”

The guidance document, however, creates some wiggle room around that rigid declaration. Provider organizations hoping the government would create a contingency plan to ensure ongoing claims reimbursement if the transition was rocky didn’t get a formal plan. The guidance document, however, suggests HIPAA enforcement officials will show significant flexibility as long as covered entities are showing good faith efforts to comply with the rule.

That flexibility extends to contingency plans developed within the industry. The government “will not impose penalties on covered entities that deploy contingencies (in order to ensure the smooth flow of payments) if they have made reasonable and diligent efforts to become compliant and, in the case of health plans, to facilitate the compliance of their trading partners,” according to the guidance document. “Specifically, as long as a health plan can demonstrate its active outreach/testing efforts, it can continue processing payments to providers.”

The guidance document gives examples of activity that would indicate good faith efforts in becoming compliant before the Oct. 16 deadline. The document appears to endorse health plans accepting and processing compliant and noncompliant transactions for an “appropriate” period of time if the plan can demonstrate efforts to help its provider partners achieve compliance, and if the providers show they took compliance action before the deadline. “If the Centers for Medicare and Medicaid Services determines that reasonable and diligent efforts have been made, the cure period for noncompliance would be extended at the discretion of the government,” the document states.

Text of the guidance document is available at

Posted to HIPAAcomply 7/28/03