HIPAA Resource Center

PrivaPlan Publishes National Provider Identifier Toolkit
Next year, physicians will no longer have to keep track of and use multiple identification numbers assigned to them by health plans. [Posted 04/13/06]

National Provider Identifier—Are You Ready?
Next year, physicians will no longer have to keep track of and use multiple identification numbers assigned to them by health plans. Effective May 23, 2007, physicians will instead use a single “national provider identifier” (NPI). [Posted 01/26/06]

Health Plans Have Stopped Subsidizing Electronic Clearinghouses; Avoid Per-Claim Charges by Using CMA’s Clearinghouse Partner
When the HIPAA electronic transactions rule first took effect, many clearinghouses offered their services to physicians free.
[Posted 10/13/05]

CMS Ends HIPAA Contingency Plan; Noncompliant Electronic Claims Will Be Rejected Effective Oct. 1
The Centers for Medicare & Medicaid Services (CMS) have announced that effective October 1, Medicare carriers will reject electronic claims that don’t meet the HIPAA transaction and code sets standards.
[Posted 09/29/05]

HIPAA Enforcement Is on the Rise; Keep Your Compliance Efforts on Track with CMA’s HIPAA Toolkit
With identity theft on the rise, so is HIPAA enforcement activity. [Posted 06/02/05]

Physicians Can Apply for National Provider Identifiers May 23
Physicians can apply for national provider identifiers (NPIs) beginning Monday, May 23. [Posted 05/12/05]

The HIPAA Security Rule Is Here: Are You Ready?
The third and final HIPAA deadline has arrived. The security rule, which took effect Wednesday (April 20), requires physicians to have in place policies and procedures to prevent unauthorized access to patients’ protected health information. [Posted 04/21/05]

HHS Publishes HIPAA Enforcement Plan
Enforcement of the security rule—like the privacy rule—will be complaint-driven, according to a proposed rule published this week in the Federal Register. [Posted 04/21/05]

It’s Time to Prepare for the HIPAA Security Rule
Physicians should now be preparing for the HIPAA security rule, which goes into effect April 20. The rule requires most physicians to implement policies and procedures to prevent unauthorized access to patients’ protected health information (PHI) and to detect, contain, and correct security violations. [Posted 01/06/05]

Things to Consider When Selecting an EMR
Many CMA physicians have received sales pitches for “HIPAA compliant” electronic medical records (EMR) systems. Physicians should be aware that software itself cannot be compliant. It should, however, have certain features that allow your practice to maintain HIPAA compliance. [Posted 01/06/05]

Identity Theft in the Computer Age
In this digital age, identity theft has reached epidemic proportions. If your office is online, make sure that you have proper safeguards in place and that your employees are aware of some common identity theft schemes. One such scheme is “phishing.” [Posted 09/30/04]

Performing a Risk Analysis
Many physician offices have been told they need to hire a computer consultant to perform a HIPAA “risk analysis.” While the HIPAA security rule does require covered entities to complete a risk analysis, the regulations do not require the use of an outside company to complete the analysis. [Posted 09/16/04]

Don’t Be Fooled into Buying
“HIPAA Compliant” Office Equipment
Many physicians have received sales pitches from unscrupulous companies selling “HIPAA compliant” office equipment.
[Posted 08/26/04]

Disposing of Electronic PHI
The HIPAA security rule, which takes effect April 16, 2005, requires physician offices to take appropriate steps to assure the security and confidentiality of their patients' electronic medical records and other protected health information.
[Posted 08/05/04]

Selecting a Security Official
It’s time to start preparing for the next HIPAA hurdle—the security rule. The first and most practical step in any HIPAA security rule compliance program is to designate a security official.
[Posted 07/15/04]

Medicare Orders Slowing
of Noncompliant Claims
CMS has reiterated that effective July 1, Medicare carriers will slow the payment of electronic claims that don't meet the HIPAA transaction and code sets standards. [Posted 05/06/04]

It's Time to Start Preparing
for the HIPAA Security Rule
Physicians should begin preparing for the HIPAA security rule, which goes into effect April 21, 2005. The rule requires covered physicians to develop policies and procedures to prevent unauthorized access to patients' protected health information and to detect, contain, and correct security violations.
[Posted 04/01/04]

Business Associate
Contracts Must Be in Place by Apr. 14
The HIPAA privacy rule, which went into effect in April 2003, requires covered physicians to enter into “business associate agreements” with individuals and companies with whom they share their patients’ protected health information, such as billing services, clearinghouses, medical transcriptionists, etc.
[Posted 03/18/04]

Help Us Help You with HIPAA Billing Problems
The number of calls CMA is receiving from physicians having HIPAA-related billing problems is increasing. If your practice files claims electronically and does not use a billing service, please take a few minutes to fill out a brief questionnaire so that CMA can better understand the extent of these problems and develop tools to assist physician offices during this HIPAA transition period. [Posted 11/20/03]

How to Report HIPAA-Related Payment Hassles
Physicians having trouble with health plans, clearinghouses, or others who are not yet in compliance with HIPAA's transactions and code sets rule can file an anonymous complaint through AMA's online HIPAA Complaint Form. [Posted 10/30/03]

The HIPAA Electronic Transactions
Deadline Is Here. Now What?
The HIPAA Transactions and Code Sets Rule deadline has finally arrived. Is your practice ready to begin submitting HIPAA-compliant standard transactions? If not, you're not alone.
[Posted 10/16/03]

Medicare Contingency Plan Does Not Mean
Physicians Can Relax HIPAA Compliance Efforts
The Centers for Medicare & Medicaid Services announced last week that it will continue to accept noncompliant electronic transactions after the October 16 deadline. [Posted 10/02/03]

New Medi-Cal Procedure
Codes Took Effect Sept. 22
Medi-Cal providers should have begun using Medi-Cal’s new procedure codes on September 22, as part of phase one of the program’s HIPAA implementation plan. The previous local codes have been discontinued. [Posted 10/02/03]

15 Working Days Until Next HIPAA Deadline:
Physicians Already Reporting Cash Flow Disruption
Is your practice ready for HIPAA’s transactions and code sets deadline? Are you sure? Your cash flow is in jeopardy if you are not certain that your practice is ready to make the transition to HIPAA-compliant billing systems. The danger is not hypothetical. [Posted 09/25/03]

Debunking the "County Doctor" Exemption
Many people are touting the "Small Practice" or "Country Doctor" exemption as a way for providers to escape HIPAA compliance. Please note – THERE IS NO SUCH EXEMPTION. [Posted 08/28/03]

New Member Benefit: HIPAA-Compliant Claims Submission
CMA has partnered with Infinedi, a Tulsa, Okla., electronic clearinghouse, to ensure your practice’s cash flow is not interrupted by new HIPAA mandates, which take effect, October 16. [Posted 07/24/03]

Download CMA's HIPAA Transactions Checklist
Do you currently send electronic claims to a clearinghouse? Does your billing service send electronic claims to a clearinghouse or directly to a payer on your behalf? If you answered "yes" to either of these questions, do you know if the company submitting your claims has been certified by nationally recognized firms specializing in evaluating HIPAA transactions compliance, such as Claredi or Edifecs? [Posted 07/31/03]

CMS Offers HIPAA Transactions
Guidance, Holds to Deadline
Responding to the health care industry’s concern about HIPAA readiness, the Centers for Medicare & Medicaid Services (CMS) this week issued its "Guidance on Compliance with HIPAA Transactions and Code Sets." [Posted 07/31/03]

CMA's Transactions and
Code Sets HIPAA Workshop
Do you have questions about HIPAA’s transactions and code sets rule? Will your practice be prepared to transmit HIPAA-compliant claims by the October 16 deadline? Get the answers to these and other HIPAA questions at CMA’s Transactions and Code Sets HIPAA Workshop. [Posted 07/17/03]

HIPAA Transaction Rule Primer for Physicians
CMA ON-CALL Document #1606, "HIPAA Electronic Transaction Rule," provides a step-by-step guide so that physician offices can prepare to send HIPAA-compliant claims by the October 16 deadline.[Posted 07/10/03]

HIPAA Transactions: 10 Steps to Compliance
HIPAA's administrative simplification requirements will revolutionize the business of health care. Are you ready to take the next hurdle? [Posted 06/05/03]

Confused About HIPAA's Transaction Requirements?
If you’re not up to speed on HIPAA’s electronic transactions and code sets rule, you’re not alone. Fifty-three percent of CMA members responding to our HIPAA survey do not understand what they need to do to transmit HIPAA-compliant claims by the October 16 deadline; 24 percent have not communicated with their software vendor or billing service about their ability to conduct electronic transactions by the deadline; and 21 percent were unaware that health plans may reject noncompliant claims after October 16. [Posted 05/29/03]

Will You Get Paid After October 16?
CMA is receiving reports of physicians paying large fees to upgrade their billing systems, only to be told that they still have to use a clearinghouse whose transaction charges have increased. This is because many billing systems vendors own (or are owned by) clearinghouses. It is important that physicians carefully evaluate new or upgraded billing systems before making a decision that could have a huge financial impact on their practices. [Posted 05/22/03]

CMS Hosts HIPAA Conference Call on May 29
The Centers for Medicare & Medicaid Services (CMS) is holding another "HIPAA Implementation Roundtable" conference call on Thursday, May 29, from 11 a.m. to 12:30 p.m. Pacific time. The purpose of the call is to exchange information on HIPAA’s administration-simplification provisions, specifically electronic transactions and code sets, and security. [Posted 05/22/03]

Hospital Staff Training Requirements
Physicians who have privileges at several hospitals complain that they are being required to complete the same HIPAA training at each hospital. The privacy rule is somewhat ambiguous as to the relationship between medical staff members and their hospitals. [Posted 05/14/03]

Survey: Help Us Help You With HIPAA
As more HIPAA deadlines approach, CMA will be ready to help physicians prepare for and comply with all HIPAA requirements. To help CMA best meet your educational and informational needs, please complete and return this brief survey. [Posted 05/14/03]

Do Not Procrastinate: Start Testing HIPAA Transactions Now
NHIC, California’s Medicare carrier, reports that 25 percent of California physicians are sending in their Medicare claims using the new HIPAA-compliant standard transaction formats. As of October 16, all physician practices that employ 10 or more full-time-equivalent employees (including physicians) must bill Medicare electronically. Those electronic billings must be HIPAA-compliant or Medicare will reject them. [Posted 05/08/03]

Appeals Court Rules: HIPAA Is Constitutional
On April 25, the federal Fourth Circuit Court of Appeals in Richmond, Va., upheld a trial court’s ruling that the 1996 HIPAA legislation did in fact give the U.S. Department of Health & Human Services (HHS) the proper authority to create and enforce health care privacy regulations. [Posted 05/08/03]

HIPAA Tip: Privacy and Workers' Comp
Congress excluded workers’ comp carriers, including self-insured employers and administrative agencies, when it passed the Health Insurance Portability and Accountability Act (HIPAA). Even so, physicians covered by HIPAA must still safeguard the protected health information of their workers’ comp patients when transmitting it to entities that are not covered by HIPAA. [Posted 05/01/03]

Don't Let the Next HIPAA Deadline Disrupt Your Cash Flow
The next HIPAA deadline is fast approaching. Physicians have less than six months to prepare for compliance with HIPAA’s electronic transactions and code-sets rule, which standardizes claims submission, processing, and payment. Physicians’ billing system upgrades should already be well under way. [Posted 05/01/03]

The Privacy Rule and Public Health Reporting
To protect the public from the spread of infectious, contagious, and communicable diseases, physicians are required by law to report such diseases to their local health department. HIPAA’s privacy rule does not eliminate these public health surveillance requirements.  [Posted 04/24/03]

HIPAA Resources for CMA Members
As you all know, Monday was the deadline to comply with HIPAA’s privacy rule. If you haven’t yet brought your practice into compliance, don’t panic. It’s not too late to get started. [Posted 04/17/03]

CMA's HIPAA-Privacy-Rule Training Manual for Physician-Office Staff
HIPAA requires that all medical office staff be trained on how to comply with HIPAA’s privacy rules. A Commitment to Privacy: The HIPAA Privacy Rule Training Manual —a joint effort of CMA, CAP-MPT, and PrivaPlan Associates, Inc.—provides the general training and overview necessary for office staff to fulfill that requirement. [Posted 04/17/03]

CMA's HIPAA-Compliant Business
Associates Agreement with Members
As CMA members know, the HIPAA privacy rule takes effect on April 14. After that date, members who are covered by HIPAA will no longer be able to send any of their patients’ "protected health information" (PHI) to CMA in the absence of a HIPAA-compliant business associate agreement. [Posted 04/10/03]

Notice of Privacy Practices Template Available in Spanish Next Week
A Spanish-language version of PrivaPlan’s Notice-of-Privacy-Practices template will be available free to members through CMA’s ON-CALL system (document #1604) in the next few days. [Posted 04/10/03]

CMS to Host HIPAA Conference Call April 30
The Centers for Medicare & Medicaid Services (CMS) is holding another "HIPAA Implementation Roundtable" conference call on Wednesday, April 30, from 11:00 a.m. to 12:30 p.m. Pacific time. [Posted 04/10/03]

Notice of Privacy Practices
HIPAA requires that beginning April 14, all physicians with "direct treatment relationships" provide their patients with a written notice of the privacy practices they use to protect patients’ health information. [Posted 04/03/03]

FAQ About OHCAs
My hospital says I am in its "OHCA." What does that mean? An OHCA, or organized health care arrangement, is an administrative construct under HIPAA that allows information sharing between a hospital and its medical staff, between a health plan and its contracted providers, and between an IPA and its contracted providers. [Posted 03/20/03]

April 14 IS the Compliance Deadline
"I have heard that the security rule was just finalized, and I don’t need to comply with HIPAA for two years. Is that true?" This question has come up repeatedly at recent HIPAA workshops. HIPAA has three specific compliance areas, each with their own compliance date.

"Escaping" HIPAA: A Reality Check
Many physicians have received flyers advising them to "Escape HIPAA" and "Stop HIPAA dead in its tracks." Please be aware that CMA attorneys, and legal experts across the country, agree that physicians are not going to stop HIPAA. The law will go into effect on April 14. It will not be delayed; it will not be stopped. Physicians who deliberately refuse to comply with HIPAA will invite government scrutiny. [Posted 02/06/03]

Free "Notice of Privacy Practices" Template Available Online
HIPAA’s privacy rule requires that physicians inform each patient of their privacy practices in a written notice. CMA members can get PrivaPlan’s "notice of privacy practices" template free at the CMA members-only website. Members can download the template, which is included in ON-CALL document #1603. [Posted 02/06/03]

Chart Cabinets
"Does HIPAA require that patient charts be filed in locked cabinets?" This is one of the most commonly asked questions at CMA’s Total HIPAA workshops. [Posted 01/30/03]

How Sharp Are Your HIPAA Tools?
A number of physicians in California have received a blast fax from a source claiming to be the "Department of HIPAA-Assessment and Compliance" and offering "the complete and revised 2003 HIPAA law and instructions from the Federal Register" for $85. Be advised that the sender of this fax is in no way associated with or endorsed by the federal government. [Posted 01/17/03]

Security Rule Delay
Physicians may have heard that the government delayed the publication of HIPAA’s final security rule. This delay will not, however, affect a physician’s duty to take appropriate security measures by April 14, when the privacy rule goes into effect. [Posted 01/09/03]

Using Patient Names
Contrary to rumors, HIPAA’s privacy rules do not prohibit the use of patients’ names when calling them from the waiting room to see a physician. [Posted 12/12/02]

Using Reminder Postcards
HIPAA does not preclude the use of appointment reminder postcards. The postcard, however, should contain no more information than time and date of appointment and the physician’s name and contact number. [Posted 12/05/02]

Total HIPAA: CMA's No-Nonsense HIPAA Compliance Workshop
 Do you have questions about HIPAA Compliance? Are you not sure what to do now that you have filed (or not filed!)a one year compliance extension deadline? Sign up for CMA's TOTAL HIPAA Compliance Workshop today and get the answers you need. 

HIPAA Compliance Toolkit on CD-ROM
CMA members can place their orders now for CMA's comprehensive HIPAA compliance program on an interactive CD-ROM. The compliance toolkit, which meets the needs of California’s solo and small to mid-size practices

Inpatient/Outpatient Privacy Notice Requirements Differ
Physicians who are members of a hospital medical staff that has formed an "Organized Health Care Arrangement" do not have to present each patient they see in the hospital with a privacy notice, as they are covered by the hospital’s notice of privacy practices.

The Extension Deadline Has Passed—Now What?
Physicians who are covered entities under the HIPAA who did not file a compliance plan with the Centers for Medicare & Medicaid Services by the October 15 deadline are now prohibited from using electronic transactions that are not compliant with the HIPAA transaction rules.