HIPAA compliance: Referral sources will keep HMEs honest

August 11 , 2003 WASHINGTON - The Health Insurance Portability and Accountability Act (HIPAA) may be largely a self-policing privacy requirement, but that doesn't mean providers can ignore it. That's because even if CMS doesn't have the resources to adequately enforce it, chances are good that doctors, case managers and other referral sources will keep HMEs honest. “It's not a big deal until a doctor says, ‘I want to see how you protect your patients' PHI (protected health information),” said HME consultant Randy Schluter, president of ReferE-Z. On Oct. 16, providers must be compliant with HIPAA's electronic transactions and code set provisions. For the most part, that's an issue a company's software vendor should take care of, and providers better make sure they do. CMS Administrator Tom Scully sent a letter to providers earlier this summer warning them that noncompliant claims submitted after the Oct. 16 deadline will be returned unpaid. In the letter, he also urged providers to test for HIPAA compliant electronic transactions with their CMS contractors if they have not already done so. When it comes to HIPPA's privacy regulations, which went into effect in April 14, providers must take it upon themselves to make sure they have the systems in place to protect sensitive patient information.