CMS Delays Start Of HIPAA Enforcement Actions For Operating Rules Until March 31, 2013

The Center for Medicare and Medicaid Service’s (CMS) Office of E-Health Standards and Services (OESS) will not begin enforcement actions against HIPAA covered entities that are not in compliance with the operating rules adopted for transactions related to eligibility for a health plan and health care claim status, as mandated by the Patient Protection and Affordable Care Act (ACA), until March 31, 2013. The compliance date for using the operating rules remains Jan. 1, 2013.

This discretionary application of enforcement authority does not prevent HIPAA covered entities that are prepared to implement the adopted operating rules from doing so, the CMS noted. CMS encourages all covered entities to examine their ability and readiness to start using the operating rules and if necessary, do what is needed to become fully compliant. OESS will start accepting complaints associated with compliance with the operating rules beginning Jan. 1, 2013. Covered entities that receive complaints must produce evidence of either compliance or a good faith effort to become compliant with the operating rules during the 90-day period, if requested to do so by the OESS.

CMS is offering several guidance documents including a FAQ on the application of Eligibility and Claims Status Operating rules, a copy of the interim final rule and implementation tools information at In addition, the Council for Affordable Quality Healthcare’s website has posted the operating rules for the eligibility for a health plan and health care claim status transactions, as well as a video to help providers save time and administrative cost by reducing duplicative paperwork.

Visit our News Library to read more news stories.