On March 17, 2009, the Final Rules for Modifications to the Health Insurance Portability and Accountability Act (HIPAA) become effective. HIPAA.com has available for download the final rules for 5010/D.0 as published in the Federal Register on January 16, 2009 (pp.3295-3328). The effective date is “the date that the policies set forth in this final rule take effect, and new policies are considered to be officially adopted.” [p.3302]. All covered entities are to be in compliance with 5010/D.0 on January 1, 2012. Testing can occur “from the date of the final rule until the compliance date for Versions 5010 and D.0.” [p. 3306]
The Final Rules outline two levels of testing that covered entities are expected to undergo. Today, we focus on Level 1 internal testing, which would commence March 17, and be completed no later than December 31, 2010. Tomorrow, March 3, we will outline Level 2 external testing.
We abstract here issues related to testing, particularly Level 1 testing.
“The Level 1 testing period is the period during which covered entities perform all of their internal readiness activities in preparation for testing the new versions of the standards with their trading partners [Level 2 testing]. When we [U.S. Department of Health and Human Services, hereinafter “HHS”] refer to compliance with Level 1, we mean that a covered entity can demonstrably create and receive compliant transactions, resulting from the completion of all design/build activities and internal testing. When a covered entity has attained Level 1 compliance, it has completed all internal readiness activities and is fully prepared to initiate testing of the new versions in a test or production environment, pursuant to its standard protocols for testing and implementing new software or data exchanges.” [p.3302]
“During Level 1 and Level 2 testing periods, either version of the standards may be used in production mode—Version 4010/4010A and/or version 5010, as well as Version 5.1 and/or Version D.0—as agreed to by trading partners. Covered entities should be prepared to meet Level 1 compliance by December 31, 2010…. On January 1, 2012, all covered entities … must be fully complaint in using Versions 5010 and D.0 exclusively…. We [HHS] anticipate that, since there was support for a phased-in schedule, health plans and clearinghouses will make every effort to be fully compliant on January 1, 2012. Covered entities are urged to begin preparations now, to incorporate effective planning, collaboration and testing in their implementation strategies, and to identify and mitigate any barriers long before the deadline. While we have authorized contingency plans in the past, we do not intend to do so in this case, as such an action would likely adversely impact ICD-10 implementation activities. HIPAA gives us [HHS] authority to invoke civil money penalties against covered entities who do not comply with the standards, and we have been encouraged by industry to use our authority on a wider scale.” [p.3303]
HIPAA.com encourages covered entities to begin now to prepare for Level 1 testing, commencing on March 17, 2009. If you use a software vendor to handle your HIPAA standard transactions, ask the vendor to provide you with a written statement of how the vendor is prepared to implement Level 1 testing during the March 17, 2009-December 31, 2010, Level 1 testing period and what are its implementation timelines and milestones. Do the same if your HIPAA standard transactions are conducted via an internal information technology (IT) application. Also, in either instance, ask your trading partners to respond in writing with their plans to implement Level 1 testing during that period.
Tomorrow, Tuesday, March 3, we will outline Level 2 testing to be conducted during the period January 1-December 31, 2011.