Watch out for the HIPAA police

Sunday, August 31, 2003

WASHINGTON - The Health Insurance Portability and Accountability Act (HIPAA) may be largely a self-policing requirement, but that doesn’t mean providers can ignore it.

Even if CMS doesn’t have the resources to adequately enforce it, chances are good that doctors, case managers and other referral sources will keep HMEs honest.

“It’s not a big deal until a doctor says, ‘I want to see how you protect your patients’ PHI (protected health information),” said HME consultant Randy Schluter, president of ReferE-Z.

“I’ve seen a lot of this happen in Texas, where the doctors are saying, ‘Look, I’m referring to four of you guys and two have come in and said they are HIPAA compliant, but we haven’t heard a word from you.’ That’s when people say we better do something.”

On Oct. 16, providers must be compliant with HIPAA’s electronic transactions and code set provisions, and they better make sure they are up to speed. CMS Administrator Tom Scully sent a letter to providers earlier this summer warning them that non-compliant claims submitted after the Oct. 16 deadline will be returned unpaid. In the letter, he also urged providers to test for HIPAA compliant electronic transactions with their CMS contractors if they have not already done so.

“If you have a health plan that is a covered entity accepting claims from a provider who is not in compliance, than the health plan will get involved and say, You’ve got to get your systems in order,”’ said attorney Corrine Parver, an healthcare partner with Dickstein Shapiro Morin & Oshinsky in Washington. “If anything is going to force a provider to pay attention, it will be the larger health plans that are saying, ‘Look, I can’t accept your claims any more.”’ HME