HIPAA Contingency Basic Guidelines
HIPAA Contingency plan was implemented by Medicare on October 16, 2003. HIPAA Contingency allowed providers and other electronic billers to temporarily continue to send pre-HIPAA electronic format claims, claim status requests, and beneficiary eligibility requests, and for CMS to continue temporarily sending remittance advice, claim status responses, beneficiary eligibility responses, and coordination of benefit transactions to other payers in pre-HIPAA electronic formats.
The Medicare HIPAA inbound claim contingency plan was terminated by CMS effective October 1, 2005. All electronic claims sent to Medicare fee-for-service carriers, durable medical equipment regional carriers, or fiscal intermediaries on and after that date that do not comply with the implementation guides adopted as national standards under HIPAA are rejected back to the sender. You should contact your Medicare carrier, durable medical equipment regional carrier, or fiscal intermediary if you would like to further discuss requirements for submission of claims to them electronically that comply with the HIPAA standards.
Termination dates have not yet been announced for transactions other than inbound electronic claims, but announcements are expected shortly and will be posted here as soon as possible. If you are still using one or more pre-HIPAA electronic formats, you are encouraged to transition to full usage of the HIPAA standards as soon as possible to avoid loss of electronic access for submission of data to Medicare or receipt of transaction data from Medicare.
The seventh Administrative Safeguard Standard of the HIPAA Administrative Simplification Security Rule has five implementation specifications: Data backup plan; Disaster recovery plan; Emergency mode operation plan; Testing and revision procedures; and Applications and data criticality analysis. The first three are required; the last two are addressable. Addressable does not mean optional. Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. Further, as HIPAA.com has noted earlier, business associates also will be required to comply with the Security Rule standards, effective February 17, 2010.