September 8, 2000
Dear State Medicaid Director:
This letter informs you of our current activities regarding the
implementation of the Administrative Simplification section of the Health
Insurance Portability and Accountability Act of 1996 (HIPAA), P. L. 104-191.
Included in this letter is the funding policy for changes made to Medicaid
Management Information Systems (MMIS) as a result of HIPAA, including a
discussion of where States should be in their HIPAA implementation efforts.
BACKGROUND
The Administrative Simplification provisions of HIPAA mandate that the
Department of Health and Human Services adopt standards for all health care
information that is electronically exchanged. National standards will be
developed for electronic health care transactions, code sets, standard
identifiers, and security and privacy of health information. The security and
privacy provisions apply to all electronic health data that are maintained,
even if the data are not transmitted to other parties electronically.
Implementation of these standards affects all health care entities in both
the public and private sectors. In general, a 60-day plus 24-month period time
frame for implementation is required, and will be initiated, after final rules
for these standards are published. Final rules for Administrative
Simplification are intended to reduce the costs and administrative burdens of
health care by replacing the many non-standard formats currently used
nationally with a single set of electronic standards that would be used
throughout the health care industry.
Standardization is needed to improve the efficiency of health care delivery
and to protect the confidentiality and security of health care data. The health
care arena will greatly benefit from standardization through savings in
administrative cost and time.
Due to the complex nature of implementing national standards, we highly
recommend using the 6-step phase-in approach defined in the General Accounting
Office's Year 2000 Computing Crisis: An Assessment Guide and Year 2000
Computing Crisis: Business Continuity and Contingency Planning guide. The
principles contained in these guides go beyond the year 2000 and should be
applied when preparing for any major system initiative. The web site for these
documents is: http://www.gao.gov/y2kr.htm
PUBLICATION OF FINAL RULES FOR TRANSACTIONS AND CODE
SETS
On August 17, 2000, the final rule for national standards for electronic
transactions was published in the Federal Register. This rule adopts standards
for eight electronic transactions and for code sets to be used in those
transactions. It also contains requirements concerning the use of these
standards by health plans, health care clearinghouses, and certain health care
providers. For more information, check the following web site:
http://aspe.hhs.gov/admnsimp/
FUNDING
Funding for changes to States' MMIS that are necessary to implement
HIPAA will be governed by current funding policy for MMIS specified in part 11
of the State Medicaid Manual (www.hcfa.gov/pubforms/stmcaid/mcaidtoc.htm). As
with routine MMIS requests, States should contact their regional office (RO) to
discuss which activities are eligible for 50-percent, 75-percent, and
90-percent Federal financial participation (FFP). As with other major changes
to the MMIS for which enhanced FFP is available, we will perform on-site MMIS
certifications to ensure that the systems are HIPAA-compliant. Non-MMIS changes
and non-system changes, as always, will continue to be funded at 50-percent
FFP.
WHAT IS HCFA DOING?
HCFA has taken several steps to raise awareness of the magnitude and
importance of HIPAA legislation. In addition to the Medicaid HIPAA Plus news
notes, HCFA regional training, and the LISTSERV, HCFA plans a series of
education efforts for providers and other professional associations.
Also, to update you of policy decisions about implementation of HIPAA
Administrative Simplification in a more efficient and timely manner, we will
transmit information to you by means of a series of Division of State Systems
(DSS) CMSO Information/Action Transmittals in lieu of State Medicaid Director
letters. This new format will allow for easier tracking of correspondence from
this Division as we provide you with future updates.
Issuance of DSS CMSO Information/Action Transmittals is a newly implemented
process. Your RO will forward transmittals to you, and HIPAA-related
transmittals will be posted to the HIPAA leaders' LISTSERV. The first
HIPAA-related Information/Action Transmittals that will be released in the near
future will separately address guidelines for the Advance Planning Document
process for HIPAA-related MMIS changes, and the status of our newly awarded
contract to AverStar and Fox Systems for a Medicaid HIPAA-compliant concept
model.
WHAT YOU CAN DO NOW?
States should make all efforts to become knowledgeable about HIPAA
requirements and begin making plans for HIPAA implementation. Several valuable
resources and important web site addresses are listed below.
States should:
We will continue to update you regarding HIPAA activities so that we can
work together in order to meet HIPAA implementation and compliance. If you have
any questions, please contact Sheila Frank of my staff at 410-786-0442, or by
e-mail at sfrank1@hcfa.gov.
Sincerely,
Timothy M. Westmoreland
Director
cc:
All HCFA Regional Administrators
All HCFA Associate Regional Administrators for Medicaid and State Operations
Mark Ragan - Director, Office of State Systems, Administration for Children
and Families
Lee Partridge - Director, Health Policy Unit, American Public Human Services
Association
Joy Wilson - Director, Health Committee, National Conference of State
Legislatures
Erin Nagy - Director of Health Legislation, National Governors'
Association
Last Modified on Friday, September 17, 2004
|