March 2003[1]

HIPAA Administrative Simplification Compliance Act (ASCA)

Frequently Asked Questions

Q1: What will be the impact of the one-year extension?
A1: The delay will give covered entities more time to build, test, and successfully implement the new Final Electronic Transactions and Code Sets required by HIPAA.

Q2: Does the extension affect the compliance date for the HIPAA privacy standards?
A2: No, the compliance date for the privacy standards is still April 14, 2003 or, for small health plans, April 14, 2004.

Q3: Can small health plans get an extension to their current compliance date of October 16, 2003?
A3: No, the compliance date for small plans does not change.

Q4: Do all covered entities automatically get an extension?
A4: No. Covered entities must submit a compliance extension plan to the Department of Health and Human Services (HHS) before October 16, 2002 to get an extension.

Q5: Why didn’t Congress just give everyone an extension?
A5: The requirement to submit a compliance extension plan provides assurance that covered entities have plans in place that will allow them to be compliant by the new deadline of October 16, 2003.

Q6: Is HHS going to actually review and approve all these compliance extension plans? Will some be denied?
A6: Submission of a properly completed extension plan is sufficient to secure the one-year extension.

Q7: When will the model compliance extension form be available?
A7: The form will be available by March 31, 2002 on the website of the Centers for Medicare & Medicaid Services at http://cms.hhs.gov

Q8: Where can I get a copy of the form? Do I have to use the form, or can I submit a compliance plan in another format?
A8. We will publish the form in the Federal Register and will also make it available on several websites. The compliance extension form we have developed is a model. While we strongly recommend its use, covered entities may submit plans using other formats.

Q9: How extensive will the model compliance extension form be?
A9: The ASCA requires the plans to contain summary information regarding compliance activities, including: 1) budget, schedule, work plan and implementation strategy for achieving compliance; 2) planned use of contractors or vendors; 3) assessment of compliance problems; and 4) a timeframe for testing to begin no later than April 16, 2003.

Q10: My organization has a very detailed, voluminous compliance plan – are we supposed to submit the whole thing?
A10: No. The compliance extension form asks only for summary information from your detailed plan. You do not need to send other information.

Q11: Can I file the compliance extension form electronically?
A11: Yes, we will encourage electronic filing of compliance extension plans, although we will also accept plans submitted on paper.

Q12. What will be the application deadline for a delay?
A12. Covered entities must submit their compliance extension plans on or before October15, 2002.

Q13: Where should I send my completed compliance extension form?
Q13: Please do not submit requests at this time. Instructions will be issued that will explain how to submit compliance extension plans.

Q14: How will one covered entity know whether another covered entity with which it does business has submitted a plan?
A14: Each covered entity should communicate directly with its own trading partners to determine which ones have submitted plans. This information could be included in establishing schedules for the testing activities that are to begin by April 16, 2003, culminating in a migration to the new standards that meets the needs of all trading partners.

Q15: I believe I will be fully compliant by October, 2002. However, I know that some of my trading partners are requesting extensions and will continue to use nonstandard formats after that date. Do I need to submit a compliance extension plan so that I can continue to communicate with these partners using nonstandard transactions?
A15: No. A covered entity is not required to conduct compliant transactions with covered entities who are not yet required to be in compliance and therefore would not need to submit a compliance extension plan.

Q16: Can a plan require its network providers to move to standard transactions before October 16, 2003?
A16: This is a business decision between the plan and its provider network. Neither HIPAA nor ASCA preclude plans from requiring that their providers use standard transactions in advance of the compliance deadline, but HIPAA non-compliance penalties would not apply to a provider that has submitted a plan until 2003. [2]

Q17: What will be done with the information I provide?
A17: ASCA requires that a sample of the plans will be provided to the National Committee on Vital and Health Statistics (NCVHS), an advisory committee to the Secretary of Health and Human Services. The NCVHS will review the sample to identify common problems that are complicating compliance activities, and will periodically publish recommendations for solving the problems.

Q18: Will the information I provide be made public? [3]
A18: Under the Freedom of Information Act (FOIA), information held by the federal government is available to the public on request, unless it falls within one of several exemptions. The model form will be designed to avoid collection of any information that would be subject to exemption, such as confidential personal or proprietary information. If such information is submitted, both the FOIA and the ASCA require that it be redacted before the files are released either to the NCVHS or to the public.

Q19: How does the delay affect Medicare implementation activities?
A19: Medicare will continue to implement the HIPAA transaction standards on a sequenced basis, and that schedule will not change significantly. We expect to be ready to test the claim and several other transactions by Spring 2002, but implementation of several transactions (such as the referral/authorization transaction) will be in early FY 2003. Once a provider has successfully tested a transaction with us, it will be able to use the standard in our production environment.

Q20: When will Medicaid Agencies begin testing compliant transactions with their trading partners?
A20: Each Medicaid State Agency has its own project plan for achieving HIPAA compliance, and will decide whether to submit a compliance extension plan. If you are a trading partner, you will receive notice of testing directly from the Medicaid State Agency(s) with whom you do business.

Q21: Do software vendors need to file for an extension?
A21: No. Only covered entities – plans, clearinghouses and providers – must file. In fact, vendors will need to maintain their current delivery schedules for compliant software in order for covered entities to make use of the additional implementation time.

Q22: Should covered entities discontinue testing until 2003?
A22: ASCA requires that compliance plans include a testing phase that would begin no later than April 16, 2003. We recommend that all covered entities begin to test as soon as they are ready in order to allow adequate time to address and correct problems. CMS will soon send out an instruction with dates by which Medicare contractors must begin testing with providers.

Q23: ASCA allows the Secretary of HHS to exclude covered entities from the Medicare program if they do not submit a compliance extension plan or achieve compliance by October, 2002. Will every such covered entity be excluded?
A23: HHS will be publishing proposed regulations to address this new exclusion authority.

Q24: Doesn’t the law also require Medicare claims to be submitted electronically after October, 2003?
A24: ASCA prohibits HHS from paying Medicare claims that are not submitted electronically after October 16, 2003, unless the Secretary grants a waiver from this requirement. It further provides that the Secretary must grant such a waiver if there is no method available for the submission of claims in electronic form or if the entity submitting the claim is a small provider of services or supplies. Beneficiaries will also be able to continue to file paper claims if they need to file a claim on their own behalf. The Secretary may grant such a waiver in other circumstances. We will publish proposed regulations to implement this new authority.