January 31, 2002
Q1: What will be the impact of the one-year extension?
A1: The delay
will give covered entities more time to build, test, and successfully implement
the new Final Electronic Transactions and Code Sets required by HIPAA.
Q2: Does the extension affect the compliance date for the HIPAA privacy
standards?
A2: No, the compliance date for the privacy standards is still
April 14, 2003 or, for small health plans, April 14, 2004.
Q3: Can small health plans get an extension to their current compliance
date of October 16, 2003?
A3: No, the compliance date for small plans does
not change.
Q4: Do all covered entities automatically get an extension?
A4: No.
Covered entities must submit a compliance extension plan to the Department of
Health and Human Services (HHS) before October 16, 2002 to get an extension.
Q5: Why didnt Congress just give everyone an extension?
A5:
The requirement to submit a compliance extension plan provides assurance that
covered entities have plans in place that will allow them to be compliant by
the new deadline of October 16, 2003.
Q6: Is HHS going to actually review and approve all these compliance
extension plans? Will some be denied?
A6: Submission of a properly
completed extension plan is sufficient to secure the one-year extension.
Q7: When will the model compliance extension form be available?
A7:
The form will be available by March 31, 2002 on the website of the Centers for
Medicare & Medicaid Services at http://cms.hhs.gov
Q8: Where can I get a copy of the form? Do I have to use the form, or
can I submit a compliance plan in another format?
A8. We will publish the
form in the Federal Register and will also make it available on several
websites. The compliance extension form we have developed is a model. While we
strongly recommend its use, covered entities may submit plans using other
formats.
Q9: How extensive will the model compliance extension form be?
A9:
The ASCA requires the plans to contain summary information regarding compliance
activities, including: 1) budget, schedule, work plan and implementation
strategy for achieving compliance; 2) planned use of contractors or vendors; 3)
assessment of compliance problems; and 4) a timeframe for testing to begin no
later than April 16, 2003.
Q10: My organization has a very detailed, voluminous compliance plan
are we supposed to submit the whole thing?
A10: No. The compliance
extension form asks only for summary information from your detailed plan. You
do not need to send other information.
Q11: Can I file the compliance extension form electronically?
A11:
Yes, we will encourage electronic filing of compliance extension plans,
although we will also accept plans submitted on paper.
Q12. What will be the application deadline for a delay?
A12. Covered
entities must submit their compliance extension plans on or before October15,
2002.
Q13: Where should I send my completed compliance extension form?
Q13: Please do not submit requests at this time. Instructions will be
issued that will explain how to submit compliance extension plans.
Q14: How will one covered entity know whether another covered entity
with which it does business has submitted a plan?
A14: Each covered entity
should communicate directly with its own trading partners to determine which
ones have submitted plans. This information could be included in establishing
schedules for the testing activities that are to begin by April 16, 2003,
culminating in a migration to the new standards that meets the needs of all
trading partners.
Q15: I believe I will be fully compliant by October, 2002. However, I
know that some of my trading partners are requesting extensions and will
continue to use nonstandard formats after that date. Do I need to submit a
compliance extension plan so that I can continue to communicate with these
partners using nonstandard transactions?
A15: No. A covered entity is not
required to conduct compliant transactions with covered entities who are not
yet required to be in compliance and therefore would not need to submit a
compliance extension plan.
Q16: Can a plan require its network providers to move to standard
transactions before October 16, 2003?
A16: This is a business decision
between the plan and its provider network. Neither HIPAA nor ASCA preclude
plans from requiring that their providers use standard transactions in advance
of the compliance deadline, but HIPAA non-compliance penalties would not apply
to a provider that has submitted a plan until 2003.
Q17: What will be done with the information I provide?
A17: ASCA
requires that a sample of the plans will be provided to the National Committee
on Vital and Health Statistics (NCVHS), an advisory committee to the Secretary
of Health and Human Services. The NCVHS will review the sample to identify
common problems that are complicating compliance activities, and will
periodically publish recommendations for solving the problems.
Q18: Will the information I provide be made public?
A18: Under the
Freedom of Information Act (FOIA), information held by the federal government
is available to the public on request, unless it falls within one of several
exemptions. The model form will be designed to avoid collection of any
information that would be subject to exemption, such as confidential personal
or proprietary information. If such information is submitted, both the FOIA and
the ASCA require that it be redacted before the files are released either to
the NCVHS or to the public.
Q19: How does the delay affect Medicare implementation activities?
A19: Medicare will continue to implement the HIPAA transaction standards on
a sequenced basis, and that schedule will not change significantly. We expect
to be ready to test the claim and several other transactions by Spring 2002,
but implementation of several transactions (such as the referral/authorization
transaction) will be in early FY 2003. Once a provider has successfully tested
a transaction with us, it will be able to use the standard in our production
environment.
Q20: When will Medicaid Agencies begin testing compliant transactions
with their trading partners?
A20: Each Medicaid State Agency has its own
project plan for achieving HIPAA compliance, and will decide whether to submit
a compliance extension plan. If you are a trading partner, you will receive
notice of testing directly from the Medicaid State Agency(s) with whom you do
business.
Q21: Do software vendors need to file for an extension?
A21: No.
Only covered entities plans, clearinghouses and providers must
file. In fact, vendors will need to maintain their current delivery schedules
for compliant software in order for covered entities to make use of the
additional implementation time.
Q22: Should covered entities discontinue testing until 2003?
A22:
ASCA requires that compliance plans include a testing phase that would begin no
later than April 16, 2003. We recommend that all covered entities begin to test
as soon as they are ready in order to allow adequate time to address and
correct problems. CMS will soon send out an instruction with dates by which
Medicare contractors must begin testing with providers.
Q23: ASCA allows the Secretary of HHS to exclude covered entities from
the Medicare program if they do not submit a compliance extension plan or
achieve compliance by October, 2002. Will every such covered entity be
excluded?
A23: HHS will be publishing proposed regulations to address this
new exclusion authority.
Q24: Doesnt the law also require Medicare claims to be submitted
electronically after October, 2003?
A24: ASCA prohibits HHS from paying
Medicare claims that are not submitted electronically after October 16, 2003,
unless the Secretary grants a waiver from this requirement. It further provides
that the Secretary must grant such a waiver if there is no method available for
the submission of claims in electronic form or if the entity submitting the
claim is a small provider of services or supplies. Beneficiaries will also be
able to continue to file paper claims if they need to file a claim on their own
behalf. The Secretary may grant such a waiver in other circumstances. We will
publish proposed regulations to implement this new authority.