Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF NOVEMBER 12, 2009 FBO #2910
MODIFICATION

R -- RFI - Monitoring of Compliance with the Transactions and Code Sets, National Provider Identifier and Unique Employer identifier Rules

Notice Date
11/10/2009
 
Notice Type
Modification/Amendment
 
NAICS
541720 — Research and Development in the Social Sciences and Humanities
 
Contracting Office
Department of Health and Human Services, Centers for Medicare & Medicaid Services, Office of Acquisition and Grants Management, 7500 Security Blvd., C2-21-15, Baltimore, Maryland, 21244-1850
 
ZIP Code
21244-1850
 
Solicitation Number
CMS-RFI-100177a
 
Archive Date
12/2/2009
 
Point of Contact
Denise Buenning,
 
E-Mail Address
OESSRFI@cms.hhs.gov
(OESSRFI@cms.hhs.gov)
 
Small Business Set-Aside
N/A
 
Description
Request for Information: Monitoring of Compliance with the Transactions and Code Sets, National Provider Identifier and Unique Employer Identifier Rules Summary: Six years have elapsed since the first effective date of mandatory compliance under the Administrative Simplification provisions of the Health Insurance and Portability Act of 1996 (HIPAA). While the total number of complaints related to Transactions and Code Sets, National Provider Identifier, and Unique Identifier is small in comparison to the size of the industry; some industry representatives believe that the extent of non-compliance is higher than the figures represented in CMS' complaint statistics. In advance of the January 1, 2012 compliance date for the updated X12 version 5010, and NCPDP Version D.0, and 3.0 standards, and the October 1, 2013 compliance deadline for ICD-10 code sets as set forth in the final rules published on January 16, 2009, it is important for CMS to ensure that the industry is in compliance with the current versions of the transactions and code sets. Thus, we are proactively looking at options to improve and enhance the current enforcement process. We have prepared this Request for Information (RFI) to secure industry input on specific topics to help us to refine future strategies for the HIPAA enforcement process. Background for HIPAA Regulations: The final rule, Health Insurance Reform: Standards for Electronic Transactions (TCS), was published on August 17, 2000, and the subsequent Modifications to the HIPAA Electronic Transaction Standards rules were published on February 20, 2003 and January 16, 2009 (final rules). These rules require covered entities (CEs) (health plans, health care clearinghouses, and certain health care providers) to implement standards and code sets for certain electronic transactions, including: health care claims/encounters; health care payment and remittance advice; coordination of benefits (COB); eligibility inquiry and response; health care claim status and response; enrollment and dis-enrollment in a health plan; referral certification and authorization inquiry and response; and health plan premium payments. On May 31, 2002, the final rule, Health Insurance Reform: Standard Unique Employer Identifier was published and it became effective in July 2002. The rule adopted the Employer Identification Number (EIN) as the standard unique employer identifier and requires CEs to use the EIN in all standard transactions that require an employer identifier to identify a person or entity as an employer. On January 23, 2004, the HIPAA Administrative Simplification: Standard Unique Health Identifier for Health Care Providers final rule was published. It became effective in May 2005, and compliance was required by May 23, 2008. It adopted the National Provider Identifier (NPI) as the standard identifier for all covered health care providers, and requires all CEs to use (send and receive) this identifier in standard transactions. On February 16, 2006, HHS published the final Enforcement Rule governing the investigation of noncompliance with the HIPAA regulations, and made such investigations and penalties applicable to all of the Administrative Simplification rules, rather than exclusively to the HIPAA privacy standards. Enforcement strategy to date: Enforcement of the HIPAA rules is complaint driven. CMS receives complaints from the public, other government agencies, and covered entities. Each complaint is investigated, typically through a request for additional information or documentation from the complainant, as well as documentation, proof of compliance or a corrective action plan from the filed against entity (FAE). The results of each investigation have often resulted in contract changes, and/or modification to trading partner agreements, procedures or technologies, as appropriate. In some cases, following an entity's immediate steps to mitigate a particular issue, that entity finds other vulnerabilities or procedural issues which are also rectified. In some cases a longer term corrective action plan is developed and is monitored by CMS over an agreed upon period of time. The 2006 Enforcement Rule also gave CMS the authority to conduct compliance reviews, and in 2007, CMS invoked that authority with respect to the Security Rule. Eleven comprehensive compliance reviews of assorted covered entity types have been conducted to date. Based on the findings, CMS has provided technical assistance and guidance to each of the covered entities. Prevalence of TCS and Unique Identifier complaints: We have received over 600 TCS complaints since 2005, and 43 NPI complaints since 2008 (but no complaints related to the EIN). We are not certain if these complaints are truly representative of industry's compliance challenges, particularly since more than half of the complaints dealt with the issue of negotiating very specific trading partner agreements. Therefore, additional information about the HIPAA compliance environment could be invaluable in helping CMS better understand the scope of non-compliance issues to better target our approach to both outreach and enforcement. Nature of current complaints: Though the CMS complaint volume is small, the nature of the allegations we have received lead us to believe that there may still be some challenges with respect to effective implementation of the rules, in spite of the time that has passed since the mandatory compliance date. Examples of some of the complaints we continue to receive are: • Failure to implement the full suite of transactions (e.g. COB, eligibility, referrals and authorizations); • Non-compliance with format or content requirements from the Implementation Guides; • Use of companion guides with requirements that conflict with implementation guides; • Code sets and/or code set rule violations - non-compliant use or non-compliant instructions for uses; • Continued use of legacy provider numbers; • Excessive fees charged by clearinghouses. We hope that the feedback from this RFI will help us determine if the complaints about compliance are a result of ongoing technical issues with X12 4010 or NCPDP 5.1, or if they are the result of other organizational operational challenges. Possible barriers to complaints: We understand that some providers have alleged that they would not file a complaint against a health plan for rejecting a compliant transaction, because they fear the health plan will slow or reduce their payment rates, or take other harmful actions. We do not have evidence of such, but would be interested in hearing from the industry if there have in fact been instances of retaliation for such communication. We recognize that some complainants wish to remain anonymous. While there are times when this can be accommodated, there are certain situations in which anonymity is a barrier to resolution, since the name of the affected entity and a sample transaction can assist in researching the complaint. We would like to solicit input on alternative complaint filing processes to create a more conducive environment for complainants. Future enforcement strategy: Based on the substantive findings of the Security compliance reviews, CMS believes there could be similar benefits from reviews to assess compliance with the requirements of the Transactions, Code Sets and Unique Identifier rules. Possible benefits might include an increase in the use of certain transactions, a decreased reliance on companion guides, and/or an increase in efficiency and compliance. We believe that a compliance review program would help us to understand and target the major contributing factors to non-compliance. Such information could be instructive in identifying issues related to standards development, implementation planning and execution for future versions of the standards. It could also identify educational gaps, program opportunities and outreach activities for Medicare, Medicaid, and the private sector. In conclusion, we are soliciting input from the industry to help us to fine-tune the current complaint-driven enforcement process. We are requesting industry input and insight on possible improvements to the current enforcement process as well as the usefulness and structure of a compliance review program. In this RFI, we've outlined a number of topics about which we would like feedback and creative recommendations as follows: 1. Information about the extent of the industry's noncompliance. Describe: (i) key problem areas (technical vs. business); (ii) prevalence of specific TCS, NPI and EIN non-compliance; (iii) patterns of non-compliance among specific transaction types and entity types; and (iv) the extent of implementation of the TCS, NPI and EIN standards. 2. Comments on barriers to complaints being filed, and how to eliminate those barriers. 3. Comments on the strength and weakness, with explanation, of the current complaint process. 4. The usefulness of compliance reviews in identifying: (i) problem implementation areas specific to certain covered entity types (ii) problem implementation areas specific to certain transaction types; and (iii) challenges with the standards. 5. The methods that could be employed to execute the compliance reviews, including the process for identifying entities for review. 6. Recommendations for the logistics for conducting compliance reviews. 7. Any alternative enforcement strategies. Instructions for submittal of Comments: Comments must be submitted as Microsoft word documents, using Version 2007. Each topic should be clearly delineated with an appropriate heading as noted above, and all recommendations should include specific examples. The submission shall be no more than 6 single-sided, single-spaced pages (excluding the cover page), and use a minimum font of 12 point (Time New Roman). Submissions must be electronic, and to be sent via email to Denise Buenning at OESSRFI@cms.hhs.gov by 5:00 p.m., Tuesday, December 01, 2009. CMS will use the information submitted in response to this RFI at its discretion and will not provide comments to any vendor's submission. However, responses to the RFI submitted may be reflected in a final solicitation. CMS reserves the right to contact any vendor that responds to this RFI for the sole purpose of enhancing CMS' understanding of your RFI submission. This notice is for informational purposes only and does not constitute a solicitation or Request for Proposal. This RFI is not to be construed as a commitment by the Government. The Government will not pay for any information provided as a result of this RFI and will not recognize or reimburse any cost associated with any RFI submissions.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/HHS/HCFA/AGG/CMS-RFI-100177a/listing.html)
 
Place of Performance
Address: 7500 Security Blvd., Baltimore, Maryland, 21244, United States
Zip Code: 21244
 
Record
SN02002071-W 20091112/091111000216-cc99947c562a98aa705525554ba349e2 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.