CMS Begins Compliance Review Program

Beginning this month, nine HIPAA-covered entities — a mix of health plans and clearinghouses — will be randomly selected by the Centers for Medicare & Medicaid Services (CMS) for compliance reviews. Any health plan or clearinghouse — not just those that work with Medicare or Medicaid — may be selected. The CMS Division of National Standards is launching the Compliance Review Program to ensure compliance among covered entities with HIPAA Administrative Simplification rules for electronic health record transactions.

What to Expect

Each selected organization will be contacted by telephone to identify the appropriate point of contact for a HIPAA compliance review. The contact will then receive an introductory email with further instructions and resources for assistance, such as a dedicated mailbox and one-on-one phone calls.

CMS will review participants’ administrative transactions for compliance with standards for:

• Electronic transaction formats;
• Code sets; and
• Unique identifiers.

Participants will attest to whether they comply with operating rules.

The program implements a progressive penalty process with the goal of remediation. If an organization isn’t compliant, CMS will work with the entity to resolve any issues. Corrective Action Plans are commonly used to address noncompliance. In cases of willful and egregious noncompliance, monetary penalties may be assessed and calculated on a case-by-case basis.

Learn By Example

CMS recently completed the Optimization Pilot in preparation for this full-scale Compliance Review Program. Ten organizations met the criteria for participation and of these, four clearinghouses and one health plan completed the pilot. Among pilot participants, the most common violations involved transaction standards. Types of violations from the most to the least frequent were:

1. Transactions (42)
2. Code sets (15)
3. Unique identifiers (14)
4. Operating rules (3)

Based on the lessons learned from the pilot, CMS made enhancements to the Edifics X-Engine testing tool, such as increasing the number of violations reported in a single file, streamlining Compliance Review Standard Operating Procedures, and improving communication protocols.

Prep Steps You Can Take

CMS has released prep steps that health plans and clearinghouses can take to prepare for the Compliance Review Program.

Health Plans

For transactions that clearinghouses conduct on your behalf:

• Ask your clearinghouses to verify that they are handling your transactions in a compliant way.
• Test the compliance of your clearinghouse’s transactions.
• Be sure your contracts with clearinghouses and other third parties require compliance with HIPAA Administrative Simplification rules for electronic transactions.

Health Plans and Clearinghouses

For transactions you conduct yourself:

• Test the compliance of your transactions.
• Verify compliance with operating rules for eligibility, claims status, and electronic funds transfer/remittance advice.

According to CMS, providers will be able to participate in a separate pilot program on a voluntary basis, but no information has yet been made available.

Sources:

CMS Compliance Review Program

HHS HIPAA Administrative Simplification Information Bulletin, March 25, 2019

HHS HIPAA Administration Simplification Information Bulletin, March 22, 2019

What to Expect: Q&A, CMS

• About
• Latest Posts

Follow me

Renee Dustman

Executive Editor at AAPC

Renee Dustman, BS, AAPC MACRA Proficient, is an executive editor at AAPC. She holds a Bachelor of Science degree in Media Communications - Journalism. Renee has more than 20 years experience in print production and content management. Follow her on Twitter @dustman_aapc.

Follow me

Latest posts by Renee Dustman (see all)

• Acupuncture for Chronic Low Back Pain Covered Under Medicare - January 22, 2020
• New Diagnosis Code Released for Vaping-Related Disorder - January 7, 2020
• I Am AAPC: Willy Ferrer Pagarigan, MD, MHA, COC - December 30, 2019