HIPAA 5010 deadline stays with bit of leniency

By Tom Sullivan
03:55 PM

 It’s not entirely surprising that CMS has instituted a 90-day grace period for HIPAA 5010. To be clear: The compliance date remains January 1, 2012 but the agency said it will not “initiate enforcement action” on that compliance before March 31, 2012.

Vague rumors that CMS would do something about the coming HIPAA 5010 compliance deadline have been gaining momentum since the WEDI Fall Conference. industry surveys have consistently found that payers, providers and the software vendors they rely on are all running behind schedule such that too few have even begun internal, let alone external testing – leading up to what could easily become a train wreck once the switch flips and payers are supposed to reject any HIPAA 4010 claims.

“I would suggest that it’s going to be a very messy situation in January with lots of confusion because the majority of providers and vendors … don’t have the ability to modify their technology that quickly and more than likely might make one version of an application 5010-compliant but not update their entire client base,” Raul Villar, president of ADP ADvancedMD, which offers cloud-based medical practice applications it updated this week for 5010, said during an interview before CMS announcement. “That is going to put a lot of pressure on the government to provide an extension.”

CMS was listening. Not just to Rillar, of course, but also the increasingly-louder chant for a backup plan, and even more recently to the Medical Group Management Association’s (MGMA) call for a contingency plan late last month at its annual conference.

An important point of clarification is that health organizations are not getting a free ride and should not simply postpone HIPAA 5010 conversion until, say, after the holidays.

Rather, CMS' Office of E-Health Standards and Services (OESS), "encourages all covered entities to continue working with their trading partners to become compliant with the new HIPAA standards, and to determine their readiness to accept the new standards as of January 1, 2012. While enforcement action will not be taken, OESS will continue to accept complaints associated with compliance with Version 5010, NCPDP D.0 and NCPDP 3.0 transaction standards during the 90-day period beginning January 1, 2012," CMS explained in the statement. "If requested by OESS, covered entities that are the subject of complaints (known as 'filed-against entities') must produce evidence of either compliance or a good faith effort to become compliant with the new HIPAA standards during the 90-day period.”

HIPAA 5010, of course, is the so-called EDI precursor to the ICD-10, about which CMS used this occasion to subtly remind the healthcare industry that the compliance deadline for the pending code set transition remains October 1, 2013.