CMS Announces HIPAA 5010 Enforcement Deadline Extension

Posted 11.18.11 by

The Centers for Medicare & Medicaid Services (CMS) announced Thursday the extension of the HIPAA 5010 deadline – enforcement will begin March 31, 2012 instead of the January 1, 2012. This gives HIPAA covered entities (any healthcare organization that processes, stores or transfers any type of patient health information, PHI) an extra three months to prepare for the full transition to the HIPAA 5010 upgrade.

The deadline extension comes in the wake of a recent survey by the Medical Group Management Association (MGMA) as reported by HealthcareITNews.com which found that only 4.5 percent of respondents would rate their 5010 implementation as fully complete. This discrepancy between time before the original deadline and the actuality of HIPAA covered entity readiness called for action, and the CMS responded with news of the enforcement delay.

The specific office that handles HIPAA compliance enforcement is the Office of E-Health Standards and Services (OESS), within the U.S. Department of Health and Human Services (HHS). The CMS press release reports that the OESS will continue to accept HIPAA 5010 complaints during the three month period, but enforcement will not begin until after March 31.

However, no penalties will be applied between January and March if the covered entity takes corrective action to resolve complaints, or shows a good faith effort toward HIPAA compliance.

The OESS also urges HIPAA covered entities to contact and schedule the compliance upgrade with their trading partners on a timely basis to meet the new enforcement deadline. This is also a good time to check with your third-party hosting provider if they are providing HIPAA hosting services to avoid any upcoming penalties (see 2011-2012 HIPAA Audits Have Begun: Are You Ready to Prove HIPAA Compliance? for information and tips on the ongoing HIPAA audit schedule and process).

The American Medical Assocation (AMA) also provides a preparatory fact sheet on planning and tactically implementing HIPAA 5010 on a schedule, which you can find on my other blog post, HIPAA 5010 Deadline Approaching: Taking Steps toward Implementation.

The CMS provides more resources on ICD-10 (standards for diagnosis and inpatient procedure coding) and HIPAA 5010 on their site. This handy fact sheet (PDF) from CMS also provides a summary of the upgraded standards (although the deadline portion still needs to be updated).

CMS To Delay Enforcement of HIPAA 5010 Transaction Sets
CMS Press Release: Announcing 90-Day Period of Enforcement Discretion for Compliance with New HIPAA Transaction Standards

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get in touch with an Otava Rep today – just provide us with a bit of information below to get started and we’ll reach out to you shortly!