CMS Delays HIPAA 5010 Enforcement

The Centers for Medicare & Medicaid Services' Office of E-Health Standards and Services (OESS) won’t enforce compliance with the HIPAA 5010 transaction set until March 31, 2012, the agency announced November 17. The 90-day delay will not affect the implementation date for the ICD-10-CM/PCS coding systems, CMS said. That date remains October 1, 2013.

CMS did not change the actual implementation date of HIPAA 5010. Providers must still comply with the 5010 transaction standards by January 1, 2012. Small health plans have until January 1, 2013. OESS simply decided it will not take any enforcement actions until March 31, 2012.

OESS decided to delay enforcement because most covered entities would not be ready to comply by January 1, 2012. Many covered entities are still waiting for software updates, according to OESS.

However, OESS will still accept complaints related to compliance between January 1 and March 30, 2012. Covered entities will have to provide evidence that they are complying or are making a good faith effort to comply with the new HIPAA standards during the 90-day period if asked by OESS.

All HIPAA-covered entities and their business associates are required to switch to HIPAA 5010 in preparation for the conversion to ICD-10-CM/PCS. Failure to comply with the HIPAA 5010 requirement means covered entities might not be paid for their services.