Search Frequenty Asked Questions

Normal Fonts Larger Fonts Printer Version Email this page Submit Feedback Questions & Answers About CMS Return to cms.hhs.gov Home Normal Fonts Larger Fonts Email this page Submit Feedback Questions & Answers About CMS Return to cms.hhs.gov Home
Return to cms.hhs.gov Home    Return to cms.hhs.gov Home

  


  Professionals   Governments   Consumers   Public Affairs
Programs
Topics
Resources

September 8, 2000

Dear State Medicaid Director:

This letter informs you of our current activities regarding the implementation of the Administrative Simplification section of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), P. L. 104-191. Included in this letter is the funding policy for changes made to Medicaid Management Information Systems (MMIS) as a result of HIPAA, including a discussion of where States should be in their HIPAA implementation efforts.

BACKGROUND

The Administrative Simplification provisions of HIPAA mandate that the Department of Health and Human Services adopt standards for all health care information that is electronically exchanged. National standards will be developed for electronic health care transactions, code sets, standard identifiers, and security and privacy of health information. The security and privacy provisions apply to all electronic health data that are maintained, even if the data are not transmitted to other parties electronically.

Implementation of these standards affects all health care entities in both the public and private sectors. In general, a 60-day plus 24-month period time frame for implementation is required, and will be initiated, after final rules for these standards are published. Final rules for Administrative Simplification are intended to reduce the costs and administrative burdens of health care by replacing the many non-standard formats currently used nationally with a single set of electronic standards that would be used throughout the health care industry.

Standardization is needed to improve the efficiency of health care delivery and to protect the confidentiality and security of health care data. The health care arena will greatly benefit from standardization through savings in administrative cost and time.

Due to the complex nature of implementing national standards, we highly recommend using the 6-step phase-in approach defined in the General Accounting Office's Year 2000 Computing Crisis: An Assessment Guide and Year 2000 Computing Crisis: Business Continuity and Contingency Planning guide. The principles contained in these guides go beyond the year 2000 and should be applied when preparing for any major system initiative. The web site for these documents is: http://www.gao.gov/y2kr.htm

PUBLICATION OF FINAL RULES FOR TRANSACTIONS AND CODE SETS

On August 17, 2000, the final rule for national standards for electronic transactions was published in the Federal Register. This rule adopts standards for eight electronic transactions and for code sets to be used in those transactions. It also contains requirements concerning the use of these standards by health plans, health care clearinghouses, and certain health care providers. For more information, check the following web site: http://aspe.hhs.gov/admnsimp/

FUNDING

Funding for changes to States' MMIS that are necessary to implement HIPAA will be governed by current funding policy for MMIS specified in part 11 of the State Medicaid Manual (www.hcfa.gov/pubforms/stmcaid/mcaidtoc.htm). As with routine MMIS requests, States should contact their regional office (RO) to discuss which activities are eligible for 50-percent, 75-percent, and 90-percent Federal financial participation (FFP). As with other major changes to the MMIS for which enhanced FFP is available, we will perform on-site MMIS certifications to ensure that the systems are HIPAA-compliant. Non-MMIS changes and non-system changes, as always, will continue to be funded at 50-percent FFP.

WHAT IS HCFA DOING?

HCFA has taken several steps to raise awareness of the magnitude and importance of HIPAA legislation. In addition to the Medicaid HIPAA Plus news notes, HCFA regional training, and the LISTSERV, HCFA plans a series of education efforts for providers and other professional associations.

Also, to update you of policy decisions about implementation of HIPAA Administrative Simplification in a more efficient and timely manner, we will transmit information to you by means of a series of Division of State Systems (DSS) CMSO Information/Action Transmittals in lieu of State Medicaid Director letters. This new format will allow for easier tracking of correspondence from this Division as we provide you with future updates.

Issuance of DSS CMSO Information/Action Transmittals is a newly implemented process. Your RO will forward transmittals to you, and HIPAA-related transmittals will be posted to the HIPAA leaders' LISTSERV. The first HIPAA-related Information/Action Transmittals that will be released in the near future will separately address guidelines for the Advance Planning Document process for HIPAA-related MMIS changes, and the status of our newly awarded contract to AverStar and Fox Systems for a Medicaid HIPAA-compliant concept model.

WHAT YOU CAN DO NOW?

States should make all efforts to become knowledgeable about HIPAA requirements and begin making plans for HIPAA implementation. Several valuable resources and important web site addresses are listed below.

States should:

  • Be familiar with the contents of the Notices of Proposed Rulemaking (NPRMs) for the various HIPAA standards and the Department's regulation development process (www.aspe.hhs.gov/admnsimp/8steps.htm). Copies of the NPRMs can be found at www.aspe.hhs.gov/admnsimp/index.htm, and the status of publication of these regulations can be found at www.aspe.hhs.gov/admnsimp/pubsched.htm.
  • Read all of the Medicaid HIPAA Plus news notes that are intended to keep States apprised of the latest HIPAA Administrative Simplification developments. The Medicaid HIPAA Plus reports on activities of Standards Development Organizations, clarifies technical issues, answers questions submitted by subscribers, and directs readers to numerous HIPAA-related web site addresses. Medicaid HIPAA Plus news notes are located at www.hcfa.gov/medicaid/hipaapls.htm. CMSO's Data and Systems Group automatically sends the Medicaid HIPAA Plus to subscribers of the Medicaid HIPAA Administrative Simplification LISTSERV. (You may subscribe by sending an e-mail to listserv@list.nih.gov with the command "subscribe HIPAAadminsimpl" in the body of the message.)
  • Keep abreast of Administrative Simplification policy developments relating to Medicaid. Your designated lead staff person for HIPAA Administrative Simplification has been automatically subscribed to the HIPAA leaders LISTSERV maintained by CMSO's Data and Systems Group. This LISTSERV will forward information to him/her regarding Administrative Simplification policy developments relating to Medicaid Information Technology. (You may ask that additional staff from your State agency be added to the LISTSERV by sending an e-mail to listserv@list.nih.gov with the command "subscribe STATEMCAIDHIPAL" in the body of the message.)
  • Take the opportunity for your agency to have your business needs and system requirements accommodated by the national standard. Document your State's list of data elements and codes and their definitions that are routinely used, and participate in as many Standard Development Organizations and workgroups as possible. Recommended groups include: Accredited Standards Committee (ASC) X12 at www.X12.org; Workgroup for Electronic Data Interchange (WEDI) at www.WEDI.org; HL7 (accredited standards committee for clinical data) at www.HL7.org; SNIP (industry-wide HIPAA Strategic National Implementation Process) sponsored by WEDI; and AFEHCT (Association for Electronic Health Care Transmissions) at www.AFEHCT.org. At a minimum, make sure your State is actively taking part in the NASMD sponsored National Medicaid EDI HIPAA Workgroup (NMEH). States may contact Lisa Doyle at 608-266-6960 to join.
  • Attend the regional HIPAA training sponsored by HCFA. Each State agency is allowed to send five people at no charge. This combined Medicare and Medicaid training is intended to reach all of HCFA's partners (States, carriers, intermediaries, and Medicare standard system maintainers), and emphasizes the industry-wide impact of HIPAA.

    The instructors contracted for this training are nationally recognized experts. States may arrange for make-up training sessions in other regions by contacting the RO representative.

  • Begin a detailed analysis of current practices against X12 version 4010 Implementation Guides, which can be downloaded from www.wpc-edi.com, and map local State code sets and identifiers' characteristics to those defined and named in the proposed rule for Transactions and Code Sets.

We will continue to update you regarding HIPAA activities so that we can work together in order to meet HIPAA implementation and compliance. If you have any questions, please contact Sheila Frank of my staff at 410-786-0442, or by e-mail at sfrank1@hcfa.gov.

Sincerely,

Timothy M. Westmoreland
Director

cc:
All HCFA Regional Administrators
All HCFA Associate Regional Administrators for Medicaid and State Operations
Mark Ragan - Director, Office of State Systems, Administration for Children and Families
Lee Partridge - Director, Health Policy Unit, American Public Human Services Association
Joy Wilson - Director, Health Committee, National Conference of State Legislatures
Erin Nagy - Director of Health Legislation, National Governors' Association

Last Modified on Friday, September 17, 2004  
Department of Health and Human Services Logo
www3		 Privacy & Security | Accessibility | FOIA | Help | Email Updates | CMS Careers
Health and Human Services | Medicare.gov | FirstGov
Equal Employment Opportunity Data Posted Pursuant to the No Fear Act
CMS Identity Mark
Centers for Medicare & Medicaid Services

7500 Security Boulevard, Baltimore MD 21244-1850
CMS Telephone Numbers