Legal

New HIPAA pointers With Corrine Parver Q. What new guidance is HHS offering for DMEPOS companies regarding implementation of HIPAA's transactions and code sets standards? A. As explained in a July 24 HHS “Guidance,” CMS will focus on obtaining “voluntary compliance” and use a “complaint-driven approach” for enforcing these provisions. Starting Oct. 16, when CMS receives a complaint, the agency is expected to notify the covered entity in writing that a complaint has been filed. Then, the covered entity will have an opportunity to demonstrate compliance, document its good faith efforts to comply with the electronic transactions and code set standards, and/or submit a corrective action plan. CMS will be expected to give covered entities an opportunity to demonstrate that they submitted compliant transactions. In addition, CMS is supposed to consider good faith efforts to comply when assessing individual complaints. HHS may not impose a civil money penalty where failure to comply is based on “reasonable cause” and is not due to willful neglect, and the failure is cured within a 30-day period. HHS may extend the period within which a covered entity may cure the non-compliance “based on the nature and extent of the failure to comply.” CMS has stated that healthcare providers should be able to demonstrate that they took actions to become compliant prior to Oct. 16. After Oct. 16, in addition to possible fines and penalties, CMS expects non-compliant covered entities to submit corrective action plans to achieve compliance in a manner and time acceptable to HHS. Corrine Parver is a healthcare partner with Dickstein Shapiro et al: 202-775-4728 or [email protected].