HIPAA Regulatory Alert: HHS announces flexibility in NPI enforcement
HIPAA Regulary Alert
HHS announces flexibility in NPI enforcement
Penalties may be waived
With the May 23, 2007, deadline looming for covered entities to comply with the National Provider Identifier (NPI) rule, the Department of Health and Human Services said it would exercise enforcement discretion and flexibility to give organizations additional time to come into compliance, provided they demonstrate good faith efforts to comply.
"The Centers for Medicare and Medicaid Services recognizes that transactions often require the participation of two covered entities, each of whom is required to comply with HIPAA and that noncompliance by one covered entity may put the second covered entity in a difficult position, the notice said. "CMS also understands that if one of the covered entities is a small health plan, which has a May 23, 2008, compliance date, compliance by the covered trading partner may be especially challenging.
"Therefore, during the 12-month period immediately following the May 23, 2007, compliance date for all covered entities other than small health plans, CMS intends to look at both covered (non-small health plans) entities' good faith efforts to come into compliance with the NPI standards in determining, on a case-by-case basis, whether reasonable cause for the noncompliance exists and, if so, the extent to which the time for curing the noncompliance should be extended."
The agency said during the 12 months it would not impose penalties on covered entities that deploy contingency plans, to ensure the smooth flow of payments, if they have made "reasonable and diligent efforts" to become compliant and, in the case of health plans that are not small health plans, to facilitate their trading partners' compliance.
"Specifically," the notice said, "as long as a health plan (that is not a small health plan) can demonstrate to CMS its active outreach/testing efforts, it can continue processing payments to providers. In determining whether a good faith effort has been made, CMS will place a strong emphasis on sustained actions and demonstrable progress."
Indications of good faith
The notice gives examples of what CMS will consider as indications of good faith, including increased external testing with trading partners; lack of availability of, or refusal by, a trading partner to test transactions with the covered entity before the compliance date; and for providers to have obtained an NPI and have the ability to use it on HIPAA transactions.
Such contingency plans had been sought by the HIPAA Implementation Working Group, a coalition of health care providers and vendors. The group also had asked CMS to extend the transition period to the national provider identifier by at least 12 months to ensure that implementation not lead to disruption in Medicare payments or services. Members of the HIPAA Implementation Working Group include the American Hospital Association, Laboratory Corporation of America Holdings, and Emdeon Business Services.
In a letter to CMS Administrator Leslie Norwalk, the group said full adoption of the NPI requires a three-phase transition: (1) providers must obtain their NPIs; (2) NPIs must be communicated to all trading partners that identify providers in health care transactions; and (3) trading partners must use the NPI in their healthcare transactions.
"The industry has made significant progress on the first phase of NPI adoption," the group said. "We commend CMS for its efforts to assure that providers understand their obligation to obtain NPIs." But the group said the second step was a greater challenge because many in the health care industry had intended to use the National Plan and Provider Enumeration System as their primary source of NPI information during the transition to the NPI, but the lack of access to those data severely slowed industry efforts at NPI communication.
Still waiting on notice from CMS
"Some in the industry have diverted their limited resources for NPI adoption from NPI implementation to sharing NPI information with their trading partners," the letter said. "Others continue to wait on the NPPES data to facilitate their NPI transition process. We urge CMS to release the NPI Data Dissemination Notice as soon as possible and to assure time, robust, and continual access to NPPES data by the provider and vendor communities."
NPI adoption requires a significant transformation in health care communications, the coalition said. It will necessitate the convergence of hundreds of methods for identifying providers to a single enumeration scheme and these efforts are still being developed. Once system upgrades have been implemented and direct testing is possible, trading partners will need time to assure the NPIs work as intended in electronic transactions and to validate that each trading partner's use of an NPI correlates to the same provider and has no unintended effects on transaction processing. "It appears that many in the industry are not prepared for full NPI implementation by May 23, 2007," the group cautioned.
New certification combines health care privacy, security
The American Health Information Management Association (AHIMA) is offering a new certification aimed at credentialing the health care privacy and security industry. AHIMA officials said they integrated the Certified in Healthcare Privacy and Certified in Healthcare Security certifications into a Certification in Healthcare Privacy and Security to better serve the industry by issuing a credential that demonstrates mastery in both areas.
Candidates must meet one of these eligibility requirements: (1) bachelor's degree and a minimum of four years' experience in health care management; (2) master's or related degree (JD, MD, PhD) and two years' experience in health care management; or (3) health care information management credential (RHIT, RHIA) with a baccalaureate or higher degree and a minimum of two years' experience in health care management.
The Centers for Medicare and Medicaid Services recognizes that transactions often require the participation of two covered entities.Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.