CMS urges states to continue HIPAA implementation despite fiscal problems

States facing fiscal problems still should make every effort to comply with electronic transaction requirements on time and not seek the one-year extension available under the Administrative Simplification Compliance Act signed by President Bush Dec. 27. That’s the advice from Dennis Smith, federal Medicaid director, in a March 7 letter to state Medicaid directors.

"We recognize that all states are facing severe fiscal constraints for the coming year and possibly beyond," Mr. Smith wrote. "It is critically important that you maintain your level of effort to achieve Health Information Portability and Account-ability Act (HIPAA) compliance."

Mr. Smith said that while it is possible to get a one-year extension to the compliance date by filing a compliance plan with the secretary of Health and Human Services by Oct. 16, 2002, any delay in implementation activities could jeopardize success and also increase the cost of achieving compliance. "The Administrative Simplification Compliance Act requires that your compliance plan include a timeframe for testing that begins not later than April 16, 2003," he wrote. "If your HIPAA activities are stopped or severely curtailed, your agency may not even be able to meet these new compliance deadlines." He also pointed out that the act does not delay the April 14, 2003, compliance date for the HIPAA privacy rule and said that delays by Medicaid agencies in implementing the transactions rule may lead to delays in meeting requirements of the privacy rule.

There are several reasons why state efforts should move forward, Mr. Smith said:

• The Centers for Medicare & Medicaid Services (CMS) has approved enhanced funding at the 90% federal financial participation level for many Medicaid Manage-ment Information System-related HIPAA gap analysis and remediation activities.

• Using HIPAA standards to process crossover and third-party liability claims will accelerate reimbursement and facilitate use of electronic data interchange. Any delay could prevent state agencies from realizing the significant cost savings that are anticipated from use of a standard coordination of benefit and third-party liability process and may worsen state fiscal pressures.

• Standardization of health care transaction information is expected to greatly facilitate fraud detection, which has been estimated to cost payers as much as 11 cents of every health care dollar spent.

• It is essential to maintain state leadership in HIPAA work groups and standard-setting organizations. Lack of state representation reduces state agency ability to get modifications adopted by national standard-setting organizations, modifications that are critically needed to meet Medicaid business needs within the mandated HIPAA standards.

• HIPAA implementation does not lend itself to being stopped and then restarted later without serious project compromises, inefficiencies, and cost increases.

Mr. Smith said state Medicaid directors should keep in mind that HIPAA administrative simplification requirements are expected ultimately to result in substantial savings to health providers and payers, including state agencies.

(Access the letter at