The Health Insurance Portability and Accountability Act (HIPAA) comes with a large number of implementation regulations, some of which are not yet finalized and all of which are extremely complex. The administrative simplification regulations for HIPAA began phasing in October 16, 2002.
Communication from the Centers for Medicare and Medicaid Services (CMS) indicates that federal regulators continue to develop additional HIPAA regulations and refinements to current regulations. Under the circumstances, we are unable at the present time to provide a comprehensive, definitive statement. Nor, given the breadth and complexity of the regulations and the uncertainty still surrounding their implementation, can we provide assurances on any given timetable or specific compliance factor. However, we can advise you as follows:
- We have conducted awareness and education sessions with our board of directors, senior management and staff and hosted a statewide educational forum on HIPAA for both providers and employers. We also have addressed HIPAA regulatory issues in numerous publications distributed to our employees and customers.
- We have appointed a HIPAA privacy officer and security officer and established an organizational structure for implementing HIPAA that clearly designates project accountabilities and allows for timely status reporting to our board of directors and senior management.
- We have completed our operational assessment for transactions and code sets, standard identifiers, privacy and security. We have implemented appropriate policies and procedural changes necessary to meet privacy and security mandates.
- We have applied for the ASCA extension and have received our confirmation number.
- We have been ready to accept transactions ASC X12N 837i, 837p, 270/271, and 276/277 version 4010 since October 16, 2002. Transactions are facilitated through Availity. We are also ready to generate 835 transactions and are ready to accept 834 and 820 transactions from employers.
- We are currently partner testing HIPAA-compliant transactions with providers using the latest mandated version, 4010A1.