HIPAA Regulatory Alert: CMS issues HIPAA checklist for provider compliance

Checklist addresses business associates

The Department of Health and Human Services’ Centers for Medicare & Medicaid Services (CMS) has issued a checklist to help health care providers who do business electronically and their business partners to comply with the administrative simplification requirements of HIPAA.

HIPAA does not require a health care provider to conduct all transactions such as claims or equivalent encounter information, payment and remittance advice, claim status inquiry and response, eligibility inquiry and response, and referral authorization inquiry and response electronically. But any of these things that are done electronically must be done in the standard format outlined under HIPAA.

"Whether you contract a third-party biller or clearinghouse to conduct any of these transactions for you," the checklist says, "it is up to you as the health care provider to see to it that your transactions are being conducted in compliance with HIPAA."

Checklist items include:

  • determining, as a health care provider, if you are covered by HIPAA because you conduct any of the typical transactions electronically;
  • assigning a HIPAA point person to handle the remaining checklist items, having that person educate others on the office staff;
  • familiarizing yourself with key HIPAA deadlines such as Oct. 16, 2003, the date providers must be ready to conduct transactions electronically in the standard HIPAA format with health plans and payers.

How HIPAA affects what you do — determine that software is ready, find out what needs to be done differently to comply for all electronic transactions, ask vendors how and when they will be making HIPAA changes and document the response.

Talk to health plans and payers you bill to see what they are doing to prepare for HIPAA and ask for trading partner agreements that specify transmission methods, volumes, and timelines as well as coding and transaction requirements that are not specifically determined by HIPAA.