Skip to main content Back to Top


HIPAA Compliance Date for Electronic Transactions Extended

Kate Traynor

A recently enacted law gives certain health care professionals an extra year to comply with the portions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) that regulate electronic transactions and code sets.

The Administrative Simplification Compliance Act (PDF) describes a "compliance plan" that health care providers, health plans, and health care clearing-houses can submit to extend by one year the October 16, 2002, deadline for complying with HIPAA’s electronic standards. The compliance plan must be submitted to the secretary of the Department of Health and Human Services (HHS) before October 16, 2002. Health care providers and companies that do not submit a compliance plan must comply with the HIPAA transaction standards by the original deadline.

The new act exempts small entities from having to submit their Medicare claims in electronic format only. These small entities are defined in the act as providers of services with fewer than 25 full-time-equivalent (FTE) employees and small suppliers, facilities, and physician practices with fewer than 10 FTE employees.

According to the act, the compliance plan must include the following elements:

  • An analysis describing the extent of the noncompliance and the reasons for it,  
  • A budget, work plan, schedule, and implementation strategy for becoming compliant,  
  • An indication of whether a contractor or other vendor will be used to achieve compliance, and  
  • A deadline of April 16, 2003, for testing the transaction process.

The act instructs HHS to make available by March 31 a "model form" that health care professionals can use to prepare their compliance plan.

A portion of the compliance plans received by HHS will be analyzed by the National Committee on Vital Health Statistics (NCVHS). The act instructs NCVHS to prepare reports describing the most common and challenging compliance problems and how they were solved. NCVHS must make the reports readily available to the public so that the information can be used by as many health care professionals as possible to achieve compliance with the transaction standards.

The deadline extension does not apply to small health plans, which already had an October 16, 2003, compliance deadline. The HIPAA privacy standards that are set to go into effect on April 14, 2003, are not affected by the recently passed act.

CMS Webcast Offers Glimpse of HIPAA

The Centers for Medicare & Medicaid Services (CMS) aired a webcast January 22 that discussed portions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and described the benefits of complying with it.

The webcast focused on Title II of HIPAA, which regulates the electronic exchange of data in the health care system. Under HIPAA, all health care providers, health plans, payers, and clearing-houses that conduct business electronically must use standard transaction codes when they exchange health care data. Exceptions for small entities were made in a recently enacted law.

When the electronic standards requirement is fully in effect, all claims for services and supplies provided to Medicare beneficiaries must be submitted to CMS electronically using standard coding. When a claim does not involve CMS, health care providers and businesses can choose to exchange paper documents instead of interacting electronically. But if electronic data is exchanged, the transaction must use the HIPAA-specified coding, even if the services involve a patient who is not a Medicaid or Medicare beneficiary.

CMS Deputy Administrator Ruben King-Shaw acknowledged during the webcast that implementing the HIPAA regulations is an "enormous task" for the health care industry. About 400 proprietary claims-submission formats are available, he said, and HIPAA will greatly simplify the process of filing claims.

The webcast said little about HIPAA’s privacy standards, which permit the controlled use of patients’ personal information during treatment and regulate the sharing of personal information used to process claims.