CMS issues HIPAA checklist for providers

Checklist addresses business associates

The Department of Health and Human Services’ Centers for Medicare & Medicaid Services (CMS) has issued a checklist to help health care providers who do business electronically and their business partners to comply with the administrative simplification requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

HIPAA does not require a health care provider to conduct all transactions — such as claims or equivalent encounter information, payment and remittance advice, claim status inquiry and response, eligibility inquiry and response, and referral authorization inquiry and response — electronically. But any of these things that are done electronically must be done in the standard format outlined under HIPAA.

"Whether you contract a third-party biller or clearinghouse to conduct any of these transactions for you, it is up to you as the health care provider to see to it that your transactions are being conducted in compliance with HIPAA," the checklist says.

Checklist items include:

  • determining, as a health care provider, if you are covered by HIPAA because you conduct any of the typical transactions electronically;
  • assigning a HIPAA point person to handle the remaining checklist items and having that person educate others on the office staff;
  • familiarizing yourself with key HIPAA deadlines such as Oct. 16, 2003, the date providers must be ready to conduct transactions electronically in the standard HIPAA format with health plans and payers;
  • determining that software is ready, finding out what needs to be done differently to comply for all electronic transactions, and asking vendors how and when they will be making HIPAA changes and document the response.

Talk to health plans and payers you bill to find out what they are doing to prepare for HIPAA, and ask for trading partner agreements that specify transmission methods, volumes, and time lines as well as coding and transaction requirements that are not specifically determined by HIPAA.