On March 21, 2013, the Internal Revenue Service, Employee Benefits Security Administration, and CMS published proposed rules providing that a group health plan (or health insurance issuer offering group health insurance coverage) may not apply any waiting period that exceeds 90 days, in conformance with the ACA. Under the proposed regulations, waiting period would be … Continue Reading
The Office for Civil Rights ("OCR") of the Department of Health and Human Services released today the long awaited, and much anticipated, omnibus final rule modifying the HIPAA Privacy, Security, Breach and Enforcement Rules. The final rule, which implements the statutory requirements of the Health Information Technology for Economic and Clinical Health Act ("HITECH") and the Genetic Information Nondiscrimination Act ("GINA"), is comprised of four final rules and addresses the July 2010 HITECH proposed rule, the Breach Notification and Enforcement interim final rules, as well as the October 2009 GINA proposed rule (collectively, the "HITECH Final Rule"). Notably, the HITECH Final Rule does not address the May 2011 proposed accounting and access report rule.… Continue Reading
On January 8, 2013, the Obama Administration published its latest semiannual regulatory agenda, outlining planned regulatory initiatives in a number of policy areas. The Federal Register version of the agenda includes only a portion of the regulations in the pipeline, however; the full agenda has been posted on the Office of Management and Budget (OMB) web … Continue Reading
On January 2, 2013, CMS announced a 90-day “enforcement discretion period” with respect to operating rules mandated by the ACA for two transactions: eligibility for a health plan and health care claim status. Specifically, the CMS Office of E-Health Standards and Services (OESS) will not initiate enforcement action until March 31, 2013, with respect to … Continue Reading
The HHS Office for Civil Rights recently announced its first settlement and corrective action plan following a HIPAA breach affecting fewer than 500 individuals. Additional information about the settlement is available on Reed Smith’s Life Sciences Legal Update blog.… Continue Reading
As the year draws to a close, industry is speculating about the release date of the long-awaited Health Information Technology for Economic and Clinical Health Act (“HITECH”) final rule, which is expected to address modifications to the Privacy, Security, Enforcement, and Breach Notification Rules. While the publication date has not yet been announced, it is … Continue Reading
The HHS Office of Civil Rights (OCR) recently released guidance on methods to de-identify protected health information in compliance with the HIPAA Privacy Rule. The guidance, which is summarized on the Reed Smith’s Life Sciences Legal Update blog, is intended to assist covered entities and business associates in understanding what de-identification is and how de-identified … Continue Reading
The Office of the National Coordinator for Health Information Technology (ONC) has issued a Request for Comment (RFC) on Stage 3 meaningful use recommendations, which will “target a collaborative model of care with shared responsibility and accountability.” In releasing the RFC, the ONC acknowledges “today’s challenges in setting up data exchanges,” but recommends that Stage … Continue Reading
On October 4, 2012, CMS published technical corrections to the agency’s September 5, 2012 final administrative transactions rule that adopted a unique health plan identifier standard and delayed the implementation date for the International Classification of Diseases, 10th Revision (ICD-10) coding update from October 1, 2013 to October 1, 2014. CMS also published a rule … Continue Reading
The OIG has given the CMS mixed reviews regarding the extent to which it meets American Recovery and Reinvestment Act (Recovery Act) requirements to notify affected beneficiaries when the privacy or security of their protected health information is compromised. In the report, “CMS Response to Breaches and Medical Identity Theft,” the OIG assesses how CMS … Continue Reading
On September 5, 2012, the HHS published a final rule that establishes new requirements for administrative transactions that are intended to improve the utility of the existing HIPAA transactions and reduce administrative burden and costs. Specifically, the rule adopts the standard for a national unique health plan identifier (HPID) and establishes requirements for the implementation … Continue Reading
On August 10, 2012, the Department of Health and Human Services (HHS) published an interim final rule with comment period setting forth operating requirements for EFTs and electronic remittance advice (ERA) transactions. The rule, which was mandated by the ACA, is the third in a series of regulations intended to streamline health care administrative transactions, … Continue Reading
HHS has announced via a web posting that its adopting without change its January 10, 2012 interim final rule with comment period adopting standards for health care electronic funds transfers (EFT) and remittance advice transaction under HIPAA. HHS did not adopt any changes to the regulation in response to public comments, so “industry implementation efforts … Continue Reading
The GAO has issued a report entitled “Prescription Drug Data: HHS Has Issued Health Privacy and Security Regulations but Needs to Improve Guidance and Oversight.” The report assesses the extent to which HHS has established a framework to ensure the privacy and security of Medicare beneficiaries’ protected health information when data on prescription drug use … Continue Reading
CMS is reminding all HIPAA-covered entities that the enforcement discretion period for the upgrade to Version 5010 electronic standards ends on June 30, 2012. Entities that are not compliant as of July 1, 2012 will be subject to enforcement action under the existing HIPAA transaction and code set enforcement process.… Continue Reading
The HHS Office of Civil Rights has released a number of resources to reinforce an individual’s right to access their personal medical information, including: a Right to Access Memo, "The Right to Access and Correct Your Health Information" Video, and "Your Health Information Privacy Rights" Pamphlet. The OCR notes that while HIPAA has always included a … Continue Reading
On April 17, 2012, HHS published a proposed rule that would to postpone the date by which certain health care entities have to comply with International Classification of Diseases, 10th Edition (ICD-10) diagnosis and procedure codes from October 1, 2013 to October 1, 2014. HHS notes that many provider groups have expressed concerns about their … Continue Reading
On April 25, 2012, CMS is hosting a National Provider Call/webinar regarding the current status of Medicare FFS implementation of HIPAA Version 5010 and D.0, including possible outstanding fixes impacting the Part A and Part B Version 5010 transition.… Continue Reading
The National Institute of Standards and Technology (NIST) and the HHS Office for Civil Rights are co-hosting a conference on Safeguarding Health Information: Building Assurance through HIPAA Security on June 6 and 7, 2012 in Washington, D.C. The event will address the present state of health information security, and practical strategies, tips and techniques for … Continue Reading
CMS is again extending the enforcement discretion period for updated HIPAA ASC X12 Version 5010 (Version 5010) standard. Although CMS previously announced it would require all Medicare fee-for-service transactions to be in version 5010 format by April 1, 2012, that deadline has been extended again until July 1, 2012.… Continue Reading
CMS is reminding Medicare providers that the enforcement discretion period for updated HIPAA ASC X12 Version 5010 (Version 5010) standard ends March 31, 2012. All Medicare fee-for-service transactions must be in version 5010 format by April 1, 2012; transactions using 4010 formatting will be returned as unprocessable. CMS reports that the “vast majority of provider … Continue Reading
On February 16, 2012, CMS is hosting a Special National Provider Education Call regarding Medicare fee-for-service (FFS) implementation of HIPAA Version 5010 and D.0 transaction standards. The call will focus on addressing recommendations made by the industry as well as outstanding fixes impacting the Part A and Part B Version 5010 transition. Registration is required.… Continue Reading
On January 10, 2012, HHS published an interim final rule with comment period that implements an ACA provision requiring the adoption of a standard for electronic funds transfers (EFTs). By streamlining standards for the format and data content of EFT transmissions, HHS estimates that health system administrative costs will be reduced by up to $4.5 … Continue Reading
On January 25, 2012, CMS will host a National Provider Call regarding Medicare fee-for-service (FFS) implementation of HIPAA Version 5010 and D.0 transaction standards. The target audience for this call includes vendors, clearinghouses, and providers who need to make Medicare FFS-specific changes in compliance with HIPAA Version 5010 requirements. Registration is required.… Continue Reading
