Are you ready for the Oct. 16 HIPAA deadline?

Beginning Oct. 16, providers, with a few exceptions, are required to submit all Medicare claims electronically. The Centers for Medicare & Medicaid Services (CMS) has distributed guidance on how to comply with transactions and code sets for the Health Insurance Portability and Accountability Act (HIPAA).

"The guidance is significant because it provides covered entities the flexibility they need to be able to continue to send and receive legacy transactions for a brief period of transition after Oct. 16," says Lee Ann Morris, Esq., associate counsel for the Blue Cross and Blue Shield Association in Chicago. "Essentially, CMS recognized that there can’t be a flip of the switch’ on Oct. 16, but instead there needs to be a period of testing and transition."

This guidance should give providers comfort in continuing to use current formats as long as they are making good faith efforts to come into compliance, Morris says.

"However, the guidance does not provide comfort to entities that are not engaging in testing with their trading partners or that cannot show demonstrable progress toward compliance both before and after Oct. 16," she adds.

Here is an overview of the guidance: CMS will not impose a civil money penalty when the failure to comply is based on reasonable cause and not willful neglect, and the failure to comply is cured within 30 days. CMS can extend the period for a provider to cure the noncompliance.

CMS recognizes that transactions often require two entities and that noncompliance by one entity may put the second entity in a difficult position. "Therefore, during the period immediately following the compliance date, CMS intends to look at both covered entities’ good-faith efforts to come into compliance with the standard in determining, on a case-by-case basis, whether reasonable cause for the noncompliance exists and, if so, the extent to which the time for curing the noncompliance should be extended," the agency says.1 CMS gives examples of indications of good faith, such as:

• increased external testing with trading partners;

• lack of availability of, or refusal by, the trading partner(s) prior to Oct. 16, 2003, to test the transaction(s) with the entity whose compliance is at issue.

Providers should be able to demonstrate that they took actions to become compliant prior to Oct. 16, the agency advises. At press time, this advisory was available by going to: and clicking on "CMS Issues Guidance on Compliance with HIPAA Transactions and Code Sets’ Oct. 16, 2003 Deadline." Under "Latest News," click on "Guidance Document."

Medicare is working on the possible strategies and accommodations that will be used with providers who are not compliant by Oct. 16, according to Mary Knapp, MSN, BSN, RN, CHC, senior director at Healthcare Solutions, a Jenkin-town, PA-based firm that offers consultation on HIPAA practice and regulatory compliance.

At press time, CMS was determining whether to deploy its contingency plan and was to make a decision by Sept. 25. CMS has published eight new frequently asked questions on its web site relating to compliance and contingency plans. To access the FAQs, go to:, select "HIPAA Administrative Simplification" from the topic list and click the search button, then go to page 4.

Also, CMS published the interim final rule for electronic submission of Medicare claims in the Aug. 15, 2003, Federal Register. This rule lists the details for implementation and explains who may be exempt.

Waiver for the use of the transactions after Oct. 16 will be based on three situations: The provider cannot be expected to have the capability, the provider is small, or by special exception, Knapp says. A professional group of fewer than 10 employees is exempt, she adds. "Interestingly, the provider’s inability and size is based on a self-assessment that is not communicated to CMS or [Health and Human Services]," Knapp says.

To obtain a copy, go Also, copies of the Federal Register are available at many public and academic libraries.


1. Centers for Medicare & Medicaid Services. Guidance on Compliance with HIPAA Transactions and Code Sets After the October 16, 2003, Implementation Deadline. Accessed at