 News
Archives - 2003 |
 DHHS Updates
Status of HIPAA Rules |
| 12/22/2003 |
|
The Unified Agenda (also known as the
Semiannual Regulatory Agenda) was posted today in the Federal Register. It
contains a summary of the rules and proposed rules that each Federal agency
expects to issue during the next six months. The Department of Health and Human
Services expects the following in regards to HIPAA:
- The
Standard Unique Health Care Provider Identifier Final Rule is still set to be
published this month.
- The
estimated publication date for the Claims Attachments Standards Proposed Rule
has been changed from January to August 2004.
- The
Standard Unique National Health Plan (Payer) Identifiers Proposed Rule was
expected to be published by the end of this year; the date is now yet to be
determined. replacing the interim final rule issued August 15 of this
year.
- The
Electronic Medicare Claims Submission Final Rule is estimated to be published
in September 2004, replacing the interim final rule issued August 15 of this
year.
|
| DHHS To
Explore HIPAA's Impact On Sports |
| 11/1/2003 |
|
|
The National Football League has a
21-year-old policy limiting players' access to medical and training records
during the 17-week regular season. Players can access their medical records
once during the preseason and after the regular season ends. Critics say the
policy violates players' civil and legal rights under HIPAA. A September 25
news article in the Charlotte Observer said that several veteran
players did not even know about the policy. According to the article, the
league has contacted the Department of Health and Human Services, and is
awaiting word on how the law applies to pro sports teams. Several medical
technology companies, including one run by a former NFL player, have approached
the NFL and the union pitching the sale of electronic online medical records
systems designed to bring the league into compliance with HIPAA guidelines. If
security measures are achieved, records could be maintained on an Internet site
and players could see their files without having to ask doctors or trainers for
the information. |
| National
Provider ID Final Rule Pending |
| 10/23/2003 |
|
|
The Final Rule announcing the National
Provider Identifier (NPI) was received by the White House Office of Management
& Budget (OMB) for review earlier this week. Final clearance takes between
two weeks and 90 days, at which point, the final version of the regulations is
placed on display at the Government Printing Office (GPO) in Washington, DC,
and then published in the Federal Register. The Proposed Rule was published
over five years ago, recommending the adoption of a standard 8-position
alphanumeric health care provider identifier. The Final Rule will address
public comments and may contain changes from the proposed rule. Meanwhile,
today's Federal Register contains notice that HHS Secretary Tommy Thompson has
delegated his authority, effective October 7, to the Administrator of the
Centers for Medicare & Medicaid Services (CMS) to carry out the
administrative and enforcement activities related to the HIPAA regulations,
excluding those pertaining to the Privacy Standards. All actions that pertain
to the Privacy Standards were already delegated by the Secretary to the
Director of the Office for Civil Rights (OCR). The CMS Administrator now has
the authority to impose civil monetary penalties for a covered entity's failure
to comply, and to make exceptions concerning when State laws that are contrary
to the Federal standards are not preempted by the Federal provisions. This
delegation to the Administrator excludes the authority to issue regulations,
and to hold hearings and issue final determinations if the respondent has
requested a hearing on the imposition of civil monetary penalties. |
| CMS Publishes
Interim Final Rule for Electronic Submission of Medicare Claims |
| 8/20/2003 |
|
The Department of Health and Human
Services (HHS) published the Interim Final Rule, with comment period, for
Electronic Submission of Medicare Claims. This rule implements the statutory
requirement found in the Administrative Simplification Compliance Act (ASCA).
With a few exceptions, ASCA requires all claims sent to the Medicare Program be
submitted electronically starting October 16, 2003. This Rule sets forth the
details for implementation of the Medicare electronic claims submission
requirement and who may be exempt from these requirements. The regulation
requires that all claims submitted to Medicare on October 16, 2003 and beyond
be done so electronically except for certain circumstances including: a) the
entity is a small provider; b) dental claims; c) claims where there is more
than one payer primary to Medicare; c) roster billing for vaccinations; claims
for Medicare demonstration projects.
Read the Rule. (71k -
.PDF) |
| Electric
Transactions & Code Sets - Medicare "Waiver" Available for Small Providers
Billing on Paper |
| 8/12/2003 |
|
The Administrative Simplification
Compliance Act or ASCA includes a provision that states, effective October 16,
2003, Medicare may not pay claims submitted on paper, with certain exceptions.
One of the major exceptions is for claims submitted by "a small provider of
services or supplier."
Read the provisions for exemption.
(6k - .PDF) |
| Electric
Transactions & Code Sets - Steps Towards HIPAA Compliance |
| 8/12/2003 |
|
|
Do not assume your vendor or
clearinghouse is HIPAA compliant. Communicate with them often to determine
their progress. Their HIPAA readiness will directly impact your HIPAA
readiness! It is essential that you communicate often with your software vendor
about their progress towards HIPAA compliance. Talk to your Vendor, TPA or
Clearinghouse Now!
Ask your vendors these important
questions. (161K - .PDF) |
| As T&CS
Deadline Approaches CMS Offers 11th Hour Loophole &
Guidance |
| 8/10/2003 |
|
|
The clock is ticking toward the HIPAA
transaction and code set deadline on Oct. 16, 2003 but for covered entities
that continue to make good faith efforts toward compliance up until the
deadline, and for a "little while" afterward, the deadline should not be so
frightening. At least that's the message the Centers for Medicare and Medicaid
Services (CMS) seemed to impart at a July 24 open door forum where they
announced new guidance materials on the rule.
Read the
announcement. |
| National
Health Information Infrastructure Act of 2003 Introduced in
Congress |
| 7/30/2003 |
|
|
Congresswoman Nancy Johnson (R-CT),
Chairman of the House Ways and Means Health Subcommittee, introduced last week
the "National Health Information Infrastructure Act of 2003." The bill, HR
2915, which was referred to the House Committee on Energy and Commerce, would
create within the Department of Health and Human Services (HHS) a national
health information officer serving for five years unless Congress extends the
term. The officer, in consultation with an advisory group comprised of health
care industry members, would issue recommendations for a uniform health
information system to ensure compatibility and interoperability. The
legislation would also require the development of national, voluntary data and
communications standards such as medical vocabularies and electronic
messaging. |
| CMS Emphatic
About Transactions Compliance Deadline |
| 7/24/2003 |
|
|
"The law is clear: October 16, 2003 is
the deadline... after that date, covered entities, including health plans, may
not conduct noncompliant transactions", say officials at the Centers for
Medicare and Medicaid Services. CSM has sent a memo instructing its Medicare
carriers to accept only paper forms after the transactions and code sets (TCS)
compliance deadline for a secondary claim with more than one primary payer,
reports Health Data Management. The X12 837 implementation guide does not have
the data fields which the Medicare program needs to process the obscure claim
type. The HIPAA transactions rule, which CMS is charged to enforce, currently
prohibits payers, including Medicare, from requiring electronically submitted
claims to include data elements not supported in the implementation
guides. |
| Vets
Administration to Launch Nationwide Health Info Web Portal |
| 7/20/2003 |
|
|
Government Computer News reports the
Veterans Affairs Department (VA) is ramping up its HealtheVet services portal
for a nationwide release in mid-September. The portal ultimately will give
veterans secure access to their health records. It will let veterans
personalize their accounts with links to information explaining their records
and medical conditions. When fully interactive in April, veterans will be able
to track their medical data and make appointments, refill prescriptions, enter
self-taken information such as blood pressure and chart their
conditions. Read about
it. |
| CMS to Provide
Guidance with Transactions and Code Sets |
| 7/19/2003 |
|
|
Department of Health and Human Services
Secretary Tommy Thompson recently announced an effort to develop a national
standard for the electronic medical record (EMR). As a sponsor with the
Healthcare Information and Management Systems Society (HIMSS), the Centers for
Medicare and Medicaid Services (CMS) and the Department of Veterans Affairs
(VA) are providing financial and content expertise to support this initiative.
A definitional model of the electronic medical record (EMR) proposed by HIMSS'
EHR Steering Committee work group was submitted to Health Level 7 (HL7) and the
Institute of Medicine (IOM), and is now under review by the federal government.
The IOM also requested, and has received, a listing of the winners of the HIMSS
Nicholas E. Davies Award of Excellence for use of EMRs, and in-depth specifics
about the attributes of each winner’s EMR systems. Once the recommended
specifications have been evaluated, HHS will share all components of the EMR
standardized model record with the US health care system. The HIMSS EMR
Definitional Model identifies eight key attributes that an electronic medical
record must have |
| HIMSS Working
on Electronic Medical Record (EMR) Standard |
| 7/15/2003 |
|
|
Department of Health and Human Services
Secretary Tommy Thompson recently announced an effort to develop a national
standard for the electronic medical record (EMR). As a sponsor with the
Healthcare Information and Management Systems Society (HIMSS), the Centers for
Medicare and Medicaid Services (CMS) and the Department of Veterans Affairs
(VA) are providing financial and content expertise to support this initiative.
A definitional model of the electronic medical record (EMR) proposed by HIMSS'
EHR Steering Committee work group was submitted to Health Level 7 (HL7) and the
Institute of Medicine (IOM), and is now under review by the federal government.
The IOM also requested, and has received, a listing of the winners of the HIMSS
Nicholas E. Davies Award of Excellence for use of EMRs, and in-depth specifics
about the attributes of each winner’s EMR systems. Once the recommended
specifications have been evaluated, HHS will share all components of the EMR
standardized model record with the US health care system. The HIMSS EMR
Definitional Model identifies eight key attributes that an electronic medical
record must have |
| NCVHS
Recommends Against Delaying Upcoming October Deadline |
| 7/2/2003 |
|
|
The National Committee on Vital and
Health Statistics (NCVHS), an advisory body to the Secretary of Health and
Human Services (HHS), has recommended to DHHS Secretary Tommy Thompson that the
upcoming Transactions and Code Sets (TCS) compliance deadline on October 16,
2003 not be further delayed. Although there is wide agreement and concern that
a substantial segment of the health care industry will be unable to comply with
the October 16, 2003 implementation deadline for HIPAA's electronic
transactions and code sets provisions, NCVHS nonetheless recommended that the
deadline not be postponed, citing "It does appear that most covered entities,
with the possible exception of small providers, are making the investment to
comply with this deadline. Extending the implementation deadline once again is
unlikely to motivate the noncompliant providers to take a new deadline
seriously, while an extension will penalize those who have already come into
compliance. At some point, a firm deadline must be imposed and the Committee
believes that the deadline should remain October 16, 2003." |
| DHHS Promoting
Paperless Electronic Health Care System |
| 7/1/2003 |
|
|
HHS Secretary Tommy G. Thompson today
announced two new steps towards building a national electronic health care
system that will allow patients and their doctors to access their complete
medical records anytime and anywhere they are needed, leading to reduced
medical errors, improved patient care, and reduced health care costs. These
steps are part of the DHHS's ongoing effort in developing a National Health
Information Infrastructure. The first step is the establishment of a common
medical language. The Secretary announced that the DHHS has signed an agreement
with the College of American Pathologists (CAP) to license the College's
standardized medical vocabulary system and make it available without charge
throughout the United States. This action opens the door to establishing a
common medical language as a key element in building a unified electronic
medical records system in the US. The second step will be to create a
standardized model of an electronic health record. The Secretary announced that
HHS has commissioned the Institute of Medicine to design a standardized model
of an electronic health record. The health care standards development
organization known as HL7 has been asked to evaluate the model once it has been
designed. HHS will share the standardized model record at no cost with all
components of the US health care system. The Department expects to have a model
record ready in 2004. It will be free available to the health care
industry. |
| Medicare
Waiver for Small Providers Billing on Paper |
| 6/23/2003 |
|
|
The Centers for Medicare & Medicaid
Services (CMS) posted a memo today emphasizing that the Administrative
Simplification Compliance Act (ASCA) includes a provision that effective
October 16, 2003 Medicare may not pay claims submitted on paper - with certain
exceptions. One of the major exceptions is for claims submitted by "a small
provider of services or supplier." Health care providers and practitioners with
fewer than 10 full-time employees are advised to read this memo. Read the Medicare Memo
(Word Doc Only) |
| DHHS Schedules
Dates for Publishing New HIPAA Rules |
| 6/3/2003 |
|
|
The Department of Health and Human
Services (HHS) has released the dates that it expects to publish several HIPAA
rules. The current schedule is as follows: Electronic Medicare Claims
Submission NPRM expected 7/03; Standard Unique National Health Plan Identifier
NPRM expected 9/03; Standard Unique Health Care Provider Identifier Final
Action 9/03; Claims Attachments Standards NPRM expected 1/04; Modifications to
Electronic Transactions and Code Sets NPRM expected 2/04 |
| DHHS Publishes
Correction to Enforcement Rule |
| 5/5/2003 |
|
|
The Department of Health and Human
Services (HHS) published a correction to the first part of its HIPAA
enforcement rule, "Civil Money Penalties: Procedures for Investigations,
Imposition of Penalties, and Hearings," in the April 28 Federal Register. In
the correction, HHS clarifies that the interim final rule will be effective
from May 19, 2003, to September 16, 2004, not September 16, 2003. Read The
Corrections |
| DHHS Releases
Interim Final Rule on Enforcement |
| 4/15/2003 |
|
|
The Secretary of Health and Human
Services has established an interim final enforcement rule entitled "Civil
Money Penalties: Procedures for Investigations, Imposition of Penalties, and
Hearings". It establishes rules of procedure for the imposition of monetary
penalties on covered entities that violate the HIPAA regulations. This interim
enforcement rule, when finalized, will mandate procedural and substantive
requirements for imposition of monetary penalties. HHS is issuing this interim
final enforcement rule to inform covered entities of its approach to
enforcement and to advise all covered entities of certain procedures that will
be followed as it enforces the Administrative Simplification provisions of
HIPAA. This interim final rule will be effective 30 days following its
publication in the Federal Register. Read "Protecting the
Privacy of Patients' Health Information Fact Sheet" Read "How to File a
Health Information Privacy Complaint with the Office for Civil Rights Fact
Sheet" |
| DHHS Secretary
Thompson On Reaching the Privacy Deadline |
| 4/14/2003 |
|
|
Department of Health and Human Services'
Secretary Tommy Thompson issued a press release on the HIPAA Privacy
regulations going into effect today.Read the Press
Release |
| OCR Sets
Privacy Complaint Process |
| 3/20/2003 |
|
|
The Office of Civil Rights (OCR), an arm
of the Department of Health and Human Services, has published a notice
explaining how to file a complaint of an alleged violation of medical
confidentiality under the HIPAA privacy rule. The OCR, which will enforce
HIPAA, published the notice in the Federal Register. The notice includes the
address of the agency’s ten regional offices and an email address to which
individuals can send complaints. |
| HHS Releases
Process for Requesting State Preemption of HIPAA |
| 3/11/2003 |
|
|
The Federal Register today published a
notice from the Department of Health and Human Services (HHS) outlining the
process for requesting a state exemption of the HIPAA regulations. The notice
makes clear the boundaries of what HHS can exempt and the reasons that may be
used to justify an exemption. Requests must be made to HHS in writing and in
the format specified in the notice. Read the Federal
Register Notice. |
| Final Security
Rules Official - Other Changes and Modifications Also Published |
| 2/20/2003 |
|
After over four years of wrangling and
deliberation, the official Final Security Rules were finally published in the
Federal Register today. Health care providers will have until February 20, 2005
to become fully compliant with all the regulations. Also appearing today in the
Federal Register are the Modifications to the Transaction Rules and a special
notice reflecting a change in the organizational structure of the CMS (Centers
for Medicare & Medicaid Services) by establishing the Office of Health
Insurance Portability and Accountability Act Standards. Among the Office's
duties:
- Provide technical assistance regarding HIPAA
standards and their implementation.
- Provide assistance and guidance for HIPAA-related
budget formulation and execution activities.
- Develop, implement and administer the enforcement
of HIPAA including portability, transactions, code sets, identifiers, and
security.
- Work with Federal departments and agencies to
identify and adopt universal messaging and clinical health data standards, and
represent CMS (Centers for Medicare & Medicaid Services) and DHHS
(Department of Health and Human Services) in national projects supporting the
national health enterprise architecture and the National Health Information
Infrastructure.
- Collaborate with the Department, especially the
Office for Civil Rights, on HIPAA policy issues.
- Develop regulations to enforce the provisions of
the HIPAA and the ASCA. Also develop regulations and guidance materials on
HIPAA standards.
- Coordinate and provide guidance on legislative
and regulatory issues.
- Develop, implement and administer the enforcement
of the Administrative Simplification Compliance Act (ASCA).
- Educate and reach out to the public and internal
CMS staff on HIPAA issues. Formulate and coordinate a public relations
campaign, prepares and delivers presentations and speeches, responds to
inquires on HIPAA issues, and liaisons with industry representatives.
Read the Final Security
Rule. Large File: 289 Pages - 950Kb. |
| Final Security
Rule To Be Published Feb. 20, 2003 |
| 2/13/2003 |
|
| HHS Secretary Tommy G. Thompson today announced the adoption of
the Final Security Final Rules. They are scheduled to be published as a Final
Rule in the Federal Register on Feb. 20, 2003 with an effective date of April
21, 2003. Under the Final Security Rules, health insurers, certain health care
providers and health care clearinghouses must establish procedures and
mechanisms to protect the confidentiality, integrity and availability of
electronic protected health information. The rule requires covered entities to
implement administrative, physical and technical safeguards to protect
electronic protected health information in their care. The security standards
work in concert with the Final Privacy Rules adopted by HHS last year and
scheduled to take effect for most covered entities on April 14, 2003. The two
sets of standards use many of the same terms and definitions in order to make
it easier for covered entities to comply. Health care providers, and other
covered entities, will have two years - until April 21, 2005 - to comply with
the Final Security Rule Regulations. Small health plans will have until April
21, 2005 to comply. Because both the Privacy Rule and the Security Rule share
overlapping security issues, many health care providers will now have the
opportunity to implement both the Privacy and the Security regulations by the
April 15, 2003 deadline for compliance of the Privacy Rule. Read the Final Security Rule. Large File:
289 Pages - 950Kb. |
| Transaction
Rules Modified |
| 2/13/2003 |
|
| HHS has adopted modifications to the transaction standards.
Covered entities must comply with these modified transaction standards by Oct.
16, 2003. The Final Transaction Modifications Rule will be published in the
Federal Register on Feb. 20, 2003. The Final Transaction Modifications Rule,
combines two proposed rules published May 31, 2002. HHS worked extensively with
the Designated Standards Maintenance Organizations (DSMOs) to revise the
proposed changes to the standards, as required by Congress as part of HIPAA.
Major provisions of the Final Rule include: Repealing the National Drug Code
(NDC) as the standard medical data code set for reporting drugs and biologics
in all non-retail pharmacy transactions; Adopting the proposed Addenda to the
implementation guides with some technical revisions based upon comments
received and consultation with the DSMOs. For retail pharmacy transactions:
Adopting the National Council for Prescription Drug Programs (NCPDP) Batch
Version 1.1 to support the Telecommunications Version 5.1; Adopting the
Accredited Standards Committee (ASC) X12N 835 as the standard for payment and
remittance advice and the NCPDP Telecommunications Version 5.1 and NCPDP Batch
Version 1.1. Implementation Guides as the standard for the referral
certification and authorization transaction; Continuing the use of the NDC code
set for the reporting of drugs and biologics. The rule also adopts modified
standards for two transactions that were not included in the proposed rules -
premium payments, and coordination of benefits. The modifications were approved
by the DMSOs and merely provide explanatory guidance. Read the Final Transaction Modifications
Rule.Large File: 110 Pages - 375Kb. |
| Bush Wants $34
Million HIPAA Enforcement Funds |
| 2/5/2003 |
|
| Under President Bush’s proposed budget for the Department
of Health and Human Services, the Centers for Medicare and Medicaid Services
would receive $10 million in fiscal 2004 to begin activities related to
enforcement of HIPAA’s transactions and code sets, security and identifier
rules. Such activities would include the promulgation of a HIPAA enforcement
rule, according to a 103-page briefing paper. “In order to enforce the
HIPAA standards, CMS will assemble an enforcement staff, write an enforcement
regulation that outlines the enforcement program, implement the enforcement
system and begin to accept complaints,” according to the briefing paper.
The proposed 2004 HHS budget includes $34 million in total spending for the
Office of Civil Rights, which will enforce the HIPAA privacy rule. Read the Briefing Paper. Large File: 103
pages - 629Kb |
| California
Patients Urged to Get Records |
| 2/6/2003 |
|
| Hundreds of thousands of Southern Californians are in danger of
having their medical records destroyed because a Boston company says it is no
longer being paid to store them. Iron Mountain has been housing the records of
KPC Medical Management, which closed its clinics in 2000 and left behind 8
million medical documents. The Iron Mountain, which has housed the records
since August 2001, was paid to store them for one year and distribute them to
patients who requested them, company spokeswoman Melissa Burman said. Because
the company has not received more money, officials have been considering
whether to destroy the documents. Read the Article
|
| Health Data
Monitored for Bioterror Warning |
| 1/27/2003 |
|
| To secure early warning of a bioterror attack, the government
is building a computerized network that will collect and analyze health data of
people in eight major cities, administration officials say. The Centers for
Disease Control and Prevention is to lead the multimillion-dollar surveillance
effort, which officials expect to become the cornerstone of a national network
to spot disease outbreaks by tracking data like doctor reports, emergency room
visits and sales of flu medicine. "Our goal is to have a model that any city
could pick up and apply," a senior administration official said of the plan.
Officials would not disclose the program's cost or which cities will be
involved. But experts say Washington is likely to be one of the eight. Read the Article
|
| HIPAA
Extension Legislation Signed |
| 1/2/2003 |
|
| On December 27, 2001, President Bush signed into law H.R. 3323,
the Administrative Simplification Compliance Act (now known as Public Law
107-105). This law provides for a one year extension of the date for complying
with the HIPAA standard transactions and code set requirements (to Oct 16,
2003) for any covered entity that submits to the Secretary of Health and Human
Servcices a plan of how the entity will come into compliance with the
requirements by October 16, 2003. The plan must be submitted by October 15,
2002 and shall be a summary of (A) An analysis reflecting the extent to which,
and the reasons why, the person is not in compliance. (B) A budget, schedule,
work plan, and implementation strategy for achieving compliance. (C) Whether
the person plans to use or might use a contractor or other vendor to assist the
person in achieving compliance. (D) A timeframe for testing that begins not
later than April 16, 2003. The law also requires the Department to develop and
promulgate a model compliance form for the plan by March 31, 2002, and to allow
for compliance plans to be submitted electronically. Please note that this
legislation kept in place the compliance deadlines for the Privacy Rule (April
14, 2003 for all covered entities except small health plans; April 14, 2004 for
small health plans). The Department will be providing the details of the model
form and submission procedures at a later date. The law also requires that, by
Oct 16, 2003, providers stop submitting paper claims and submit claims
electronically to Medicare. There are waivers for certain small providers or if
there is no method for electronic submission of claims available. CMS will
provide further details about these requirements through the regulatory
process. Read The Bill |
|
