• E-mail
• Print
• RSS

Voluntary compliance policy to remain for security, NPI rules

Ambulatory Surgery Reimbursement Update, June 20, 2006

CMS will "for the foreseeable future" continue to seek voluntary compliance with the security and national provider identifier (NPI) rules, says Stanley Nachimson, senior technical advisor for the Office of E-Health Standards and Services, the CMS office responsible for enforcing all of HIPAA's administrative simplification provisions except privacy, according to the July issue of HIPAA Security Compliance Insider.

Although the final enforcement rule formalized the process for assessing civil money penalties (CMPs), it has not changed CMS' enforcement outlook, Nachimson says. CMS has not yet recommended a CMP in response to a security complaint, though it remains in the agency's enforcement arsenal.

With the compliance deadline for the NPI less than a year away, CMS is working closely with the industry on enumeration and testing. However, it is too early to tell whether these efforts will be successful, Nachimson says. The latest reports indicate that HHS is assigning 5,000-6,000 NPIs per day.

CMS will "absolutely" hold the same voluntary compliance policy as it does for the other HIPAA standards, Nachimson adds.

• E-mail to a Colleague
• Print
• RSS
• Archive