The Centers for Medicare & Medicaid Services’ Office of E-Health Standards and Services (OESS) announced that with respect to any HIPAA covered entity that is not in compliance with the HIPAA 5010 standards, it is offering a 90-day enforcement grace period until March 31, 2012. The compliance date for use of these new standards remains Jan. 1, 2012.
CMS’ Office of E-Health Standards and Services is the U.S. Department of Health and Human Services’ component that enforces compliance with HIPAA transaction and code set standards. OESS encourages all covered entities to continue working with their trading partners to become compliant with the new HIPAA standards, and to determine their readiness to accept the new standards as of Jan. 1, 2012.
While enforcement action will not be taken, OESS will continue to accept complaints associated with compliance with Version 5010, NCPDP D.0 and NCPDP 3.0 transaction standards during the 90-day period beginning Jan. 1, 2012. If requested by OESS, covered entities that are the subject of complaints (known as “filed-against entities”) must produce evidence of either compliance or a good faith effort to become compliant with the new HIPAA standards during the 90-day period.
OESS made the decision for a discretionary enforcement period based on industry feedback revealing that, with only about 45 days remaining before the Jan. 1, 2012 compliance date, testing between some covered entities and their trading partners has not yet reached a threshold whereby a majority of covered entities would be able to be in compliance by Jan 1, 2012. Feedback indicates that the number of submitters, the volume of transactions, and other testing data used as indicators of the industry’s readiness to comply with the new standards have been low across some industry sectors.