More on Policy and Legislation

CMS offers grace period for 5010 compliance

Tom Sullivan, Editor-in-Chief, Healthcare IT News

The Centers for Medicare & Medicaid Services (CMS) are giving payers, providers and vendors a bit of a break. It has instituted a 90-day grace period for HIPAA 5010. January 1, 2012 is still the compliance date, but CMS said it will not "initiate enforcement action" on that compliance before March 31, 2012.

Vague rumors that CMS would do something about the coming HIPAA 5010 compliance deadline have been gaining momentum since the WEDI Fall Conference. Industry surveys have consistently found that payers, providers and the software vendors they rely on are all running behind schedule such that too few have even begun internal, let alone external testing – leading up to what could easily become a train wreck once the switch flips and payers are supposed to reject any HIPAA 4010 claims.

[See also: Are you ready for 5010? Depends on how you define 'ready'.]

HIMSS20 Digital

Learn on-demand, earn credit, find products and solutions. Get Started >>

"I would suggest that it's going to be a very messy situation in January with lots of confusion because the majority of providers and vendors … don't have the ability to modify their technology that quickly and more than likely might make one version of an application 5010-compliant but not update their entire client base," Raul Villar, president of ADP ADvancedMD, which offers cloud-based medical practice applications it updated this week for 5010, said during an interview before the CMS announcement. "That is going to put a lot of pressure on the government to provide an extension."

CMS was listening. Not just to Rillar, of course, but also to the increasingly-louder chant for a backup plan, and even more recently to the Medical Group Management Association's (MGMA) call for a contingency plan late last month at its annual conference.

An important point of clarification is that health organizations are not getting a free ride and should not simply postpone HIPAA 5010 conversion until, say, after the holidays.

Rather, CMS' Office of E-Health Standards and Services (OESS), "encourages all covered entities to continue working with their trading partners to become compliant with the new HIPAA standards, and to determine their readiness to accept the new standards as of January 1, 2012. While enforcement action will not be taken, OESS will continue to accept complaints associated with compliance with Version 5010, NCPDP D.0 and NCPDP 3.0 transaction standards during the 90-day period beginning January 1, 2012," CMS explained in the statement. "If requested by OESS, covered entities that are the subject of complaints (known as 'filed-against entities') must produce evidence of either compliance or a good faith effort to become compliant with the new HIPAA standards during the 90-day period."

HIPAA 5010, of course, is the so-called EDI precursor to the ICD-10, about which CMS used this occasion to subtly remind the healthcare industry that the compliance deadline for the pending code set transition remains October 1, 2013.