This is an archive page. The links are no longer being updated.
FOR IMMEDIATE RELEASE
October 15, 2002
Contact: CMS Press Office
CMS NAMED TO ENFORCE HIPAA TRANSACTION AND CODE SET STANDARDS
HHS Office for Civil Rights To Continue To Enforce Privacy Standards
HHS Secretary Tommy G. Thompson announced today that the Centers for
Medicare & Medicaid Services (CMS) will be responsible for enforcing the
transaction and code set standards that are part of the administrative
simplification provisions of the Health Insurance Portability and
Accountability Act of 1996 (HIPAA).
"HIPAA administrative simplification is going to streamline and standardize
the electronic filing and processing of health insurance claims, save money
and provide better service for providers, insurers and patients," Thompson
"To accomplish this will require an enforcement operation that will assure
compliance and provide support for those who file and process health care
claims and other transactions," Thompson said. "CMS is the agency best able
to do this."
CMS will continue to enforce the insurance portability requirements of
HIPAA. The HHS Office for Civil Rights (OCR) will enforce the HIPAA privacy
standards. CMS and OCR will work together on outreach and enforcement and
on issues that touch on the responsibilities of both organizations - such as
application of security standards or exception determinations.
Ruben J. King-Shaw Jr., CMS deputy administrator and chief operating
officer, said CMS will create a new office to bring together its
responsibilities under HIPAA, including enforcement.
"Concentrating these CMS responsibilities in a new office with a single
mission will give us the most efficient operation possible, while providing
strong support for all our partners in the health care community," King-Shaw
The new CMS office will establish and operate enforcement processes and
develop regulations related to the HIPAA standards for which CMS is
responsible. These standards include transactions and code sets, security,
and identifiers for providers, insurers and employers for use in electronic
transactions. The office will report directly to the deputy administrator.
The office also will conduct outreach activities to HIPAA covered entities
such as health care providers and insurers to make sure they are aware of
the requirements and to help them comply.
Federal law requires most health plans, clearing houses, and those providers
that conduct certain transactions electronically to be compliant with the
HIPAA transactions standards by Oct. 16, 2002, unless they file on or before
Oct. 15 for a one-year extension. Those who are not compliant and have not
filed for the extension may be subject to statutory penalties.
(The law gives certain small health plans until Oct. 16, 2003 to comply).
Enforcement activities will focus on obtaining voluntary compliance through
technical assistance. The process will be primarily complaint driven and
will consist of progressive steps that will provide opportunities to
demonstrate compliance or submit a corrective action plan.
A fact sheet summarizing the administrative simplification standards
required by HIPAA is available at www.hhs.gov/news/press/2002pres/hipaa.html. More detailed
information about the standards is available at www.cms.hhs.gov/hipaa.
Note: All HHS press releases, fact sheets and other press materials are
available at www.hhs.gov/news.
Last Revised: October 15, 2002