Press release

STATEMENT OF LESLIE V. NORWALK, ACTING DEPUTY ADMINISTRATOR, CENTERS FOR MEDICARE & MEDICAID SERVICES

October 16 is just 35 days away, and all covered entities should be actively working with their trading partners on outreach, testing and contingency planning.  This deadline is the law and we all have to deal with it. It’s not something that can be ignored or brushed aside.

Our real challenge now is to help all the entities covered by HIPAA to become compliant as quickly as possible and to plan for the problems that may arise after October 16.

As we face the challenge of HIPAA, we should all keep in mind that in the long run HIPAA is going to make things a lot better for everybody. For one thing, it is expected to result in significant savings for the health care industry – and the taxpayer --- over the first ten years, above and beyond whatever start-up costs folks are facing now.

Once the electronic simplification provisions of HIPAA are implemented, processing and paying claims, and exchanging all sorts of medical information will be far easier than it is now. Doctors, hospitals, insurance plans and others will be able to communicate with each other with the same ease of someone from New York traveling in California doing business with his bank back home by going to an ATM that speaks the same language as all the other ATMs. That’s a goal worth all our efforts now.

As the largest HIPAA covered entity, we at Medicare do understand the difficulties in becoming compliant first hand. That’s why we’ve been working hard to help our HIPAA partners become compliant. We have held conferences, town hall meetings, and roundtables, provided a variety of outreach materials, conducted a national ad campaign, provided e-mail technical assistance and a toll-free telephone helpline, among many other efforts.

Now we are working on the possibility of Medicare implementing a contingency plan. And I urge other health plans to announce their contingency plans as soon as possible to allow their trading partners enough time to make any needed changes to their business operations to make sure any disruptions in their health care operations are minimal.

On July 24, 2003, the Department of Health and Human Services (HHS) issued guidance regarding the enforcement of the HIPAA transactions and code set standards after October 16, 2003. Industry support remains strong for the HIPAA transaction and code set standards. However, we are not confident that providers are ready or that they have enough time for adequate testing.

HHS recognizes that transactions often require the participation of two covered entities and that noncompliance by one covered entity may put the second covered entity in a difficult position. The Departmental guidance clarified that covered entities, which made a good faith effort to comply with HIPAA transaction and code set standards, may implement contingencies to maintain operations and cash flow.

While Medicare will be able to accept and process HIPAA compliant transactions, the Centers for Medicare & Medicaid Services (CMS) is actively assessing the readiness of its trading partners to make sure that cash flow to Medicare fee-for-service providers will not be disrupted. Last week, CMS shared Medicare’s fee-for-service contingency plan with the provider community so that they could be prepared to work with the Agency should CMS deploy it.

Medicare’s contingency plan is to continue to accept and process transactions that are submitted in legacy formats while their trading partners work through issues related to implementing the HIPAA standards. Medicare will make a decision on whether to deploy this contingency no later than September 25, 2003.

In reviewing its trading partner readiness and whether to deploy its contingency, Medicare will assess the number of Medicare submitters who are testing and in production with our contractors. If Medicare deploys this contingency, it will be for all Medicare fee-for-service contractors. Medicare will continue its active outreach and testing efforts to bring its trading partner community into compliance in the days before and, if necessary, after October 16, 2003.