Medicare Compliance & Reimbursement

CMS tips its hand on how it will handle post Oct. 16 TCS compliance violations  

There's good news and there's bad news in the Centers for Medicare & Medicaid Services' much-anticipated guidance on compliance with the Health Insurance Portability and Accountability Act transactions standard. The bad news: The guidance doesn't establish a formal, gradual compliance phase-in period, as many provider groups have pleaded for.

The good news: The guidance shows that CMS plans to treat noncompliance gingerly, at least at first. Titled "Guidance on Compliance with HIPAA Transactions and Code Sets After the Oct. 16, 2003 Implementation Deadline," the July 24 document says CMS' enforcement efforts will be complaint-driven - much like the HHS Office for Civil Rights' approach to HIPAA privacy violations - and will focus on fostering compliance among covered organizations. CMS points out it can't impose penalties for unwillful noncompliance if the failure to comply is rectified within 30 days. And the agency seems willing to be generous about extending the 30-day grace period for organizations that appear to be making earnest efforts to get their acts together. To see the guidance, go to www.cms.gov/hipaa/hipaa2/guidance-final.pdf. Lesson Learned: Document your HIPAA compliance work carefully, since CMS will look for evidence that you've made good faith efforts to comply if anything ever goes wrong - and having that documentation at hand will make the enforcement process much easier on you.