Alan S. Goldberg's Law, Technology & Change Home Page

Welcome to Alan S. Goldberg's Law, Technology & Change Home Page sm

[Last Updated June 21, 2008]

Copyright © 2008 Alan S. Goldberg All Rights Reserved

This Web site provides general educational information only & should not substitute for professional advice on your specific legal situation. Neither access to this Web site nor communication via this Web creates an attorney-client relationship.

This is Alan S. Goldberg's personal Web site for lawyers & law and other students for educational use only. This is NOT a law firm Web site & this is NOT a law or other school Web site.

New York law requires you to be reminded that this website is ATTORNEY ADVERTISING.

By entering this Web site, you agree to my >Disclaimer

>HEALTHLAWYERBLOG

PartDlaw

www.healthlawyer.com

canspamlaw

*hipaanotice*

ecommercelaw

*hipaalaw*

brownfieldslaw

HEALTHLAWYERBLOG

compliancelaw

healthfraud

housinglaw

telemedicinelaw

ucitalaw

esignlaw

Welcome from Alan S. Goldberg, Webmaster

> Internet eMail

> CV

> Selected Publications

By viewing this Web site, you agree to my >Disclaimer

Alan S. Goldberg is a member of the bars of: >*Commonwealth of Virginia* (2006)*, >State of New York* (2003), >District of Columbia (2002), >State of Florida (1984), & >Commonwealth of Massachusetts (1967)**

>*HEALTHLAWYER BLOG*

6845 Elm Street - Suite 205

McLean, Virginia 22101

(703) 915-4790

>goldberg.law.pro

>LexAlert sm

>LexAnalysis sm

The Webmaster was an Adjunct Professor of Law at >Suffolk University Law School teaching >eHealth
via >distance learning

and was an Adjunct Professor at
>University of Maryland School of Law teaching
>eHealth & at
>Boston College Law School teaching land finance

and now is an Adjunct Professor at George Mason University College of Health & Human Services teaching Health Law

Please read our Year 2000 Readiness Disclosure for this Web site

This Web site may be construed to contain attorney advertising, although advertising is not intended; prior results do not guarantee a similar outcome.

Please read my Privacy Policy

Citizens v. Leavitt
Plaintiffs seek invalidation of those parts of the HIPAA AdminSimp final privacy rule eliminating any requirement for consent to be obtained prior by a covered entity prior to using or disclosing protected health information for treatment, payment, or health care operations.
>Amended Complaint
>Citizens for Health et al. vs. Tommy G. Thompson, Complaint for Declaratory and Injunctive Relief April 10, 2003 USDC ED PA

>Citizens v. Thompson Memorandum & Order of April 2, 2004 USDC ED PA

>3rd Circuit Court of Appeals Decision
>Petition for Rehearing

NOTE: Centers for Medicare & Medicaid Services has changed the CMS web site & links that used to work don't work anymore & there appears to be no cross-walk feature. Please tell me if any of my links are no longer working. I regret any inconvenience. My >http://www.PartDlawyer.com/ will have updated links as soon as possible. In the meantime, some links to materials that have been moved or removed appear below.

>New CMS web site
>http://www.cms.hhs.gov/default.asp?

>Stark Law HCFA-AO-98-01 >Stark Law HCFA-AO-98-02 >Stark Law CMS-AO-2005-08-01

>Webmaster's LeadingLinks (sm)

More Webmaster's LeadingLinks (sm)

>ABA HLS >AHLA >FDLI >HIPAA SUMMIT >HIT SUMMIT >FREIVOGEL ON CONFLICTS
>CMS Web Site for Medicare Modernization Act Prescription Drug Benefit / Medicare Advantage Programs Rules & More
>Kaiser Family Foundation Resources on the Medicare Prescription Drug Benefit >HHS National Health Information Infrastructure >OCR HIPAA AdSi >CMS HIPAA AdSi TCS >CMS HIPAA AdSi Privacy >HRSA HIPAA >TRICARE HIPAA >SSA HIPAA >FTC Gramm-Leach-Bliley Privacy Initiatives
>US VetAdmin OGC HIPAA >US VetAdmin RESEARCH HIPAA >CMS Physician Focused Quality Initiative >VetAdmin VISTA Computerized Patient Record System (CPRS) Demonstration System
>Federal Register >Code of Federal Regulations >United States Code >Thomas

>Florida Bar Health Law Section Web Site

Opinion of June 1, 2005 from DOJ to HHS regarding HIPAA AdSi Crimes Enforcement

http://world.std.com/~goldberg/hipaaopinioncrimes.pdf

HIPAA AdSi Proposed Enforcement Rule Filed April 14, 2005 To Be Published in Federal Register
As published in Federal Register April 18, 2005

American Health Information Community	>*NHII NHIN RFI materials for legal review purposes* >GAO July 2004 Report on NHII >*Proposed Rule HHS CMS ePrescribing October 11, 2005 Stark .pdf* >Proposed Rule HHS OCR ePrescribing October 11, 2005 Anti-Kickback .pdf >Proposed Rule HHS CMS ePrescribing October 11, 2005 Stark.html >Proposed Rule HHS CMS ePrescribing October 11, 2005 Anti-Kickback.html
>Federal Register: November 15, 2004 (Volume 69, Number 219) Page 65599-65601 in .html format >*Federal Register: November 15, 2004 (Volume 69, Number 219) Page 65599-65601 in .pdf format* >HHS NHIN FAQs Nov. 17, 2004 .html >HHS NHIN FAQs Nov. 17, 2004 2004 .pdf

>CMS Web Site for Medicare Modernization Act Prescription Drug Benefit / Medicare Advantage Programs General Information (Including Regulations)

>Final Rule Prescription Drug Plan January 28, 2005

>Final Rule Medicare Advantage January 28, 2005

>Proposed ePrescribing Rule Published by HHS
>Proposed ePrescribing Rule Federal Register February 4, 2005

>Senate Bill 1262 Senators Clinton, Frist, et al.

See the unofficial text and miscellaneous other materials below:
>http://world.std.com/~goldberg/s1262.pdf
>http://frist.senate.gov/_files/HealthITFristClintonOnePager.pdf
>http://www.healthcareitnews.com/NewsArticleView.aspx?ContentID=3182
>http://www.modernhealthcare.com/news.cms?newsId=3947&potId=FS [reg. req.]
>http://frist.senate.gov/_files/HealthITSectionbySection.pdf
>http://www.washingtonpost.com/wp-dyn/content/article/2005/06/16/AR2005061600413.html
>http://frist.senate.gov/index.cfm?FuseAction=PressReleases.Detail&PressRelease_id=1961

>The Office of the National Coordinator for Health Information Technology
Federal Register: August 19, 2005 Volume 70, Number 160 Notices Page 48718-48720

>Comments of David Brailer, MD, Ph.D., National Coordinator for Health Information Technology, on February 17, 2005 in Dallas regarding NHII
>Collaborative ONCHIT RFI Response
Collaborative Response submitted by: American Health Information Management Association (AHIMA), American Medical Informatics Association (AMIA), American National Standards Institute-Healthcare Informatics Standards Board (ANSI HISB), Center for Information Technology Leadership (CITL), Connecting for Health (CFH), eHealth Initiative (eHI), HIMSS EHR Vendor Association (EHRVA), Healthcare Information and Management Systems Society (HIMSS), Health Level Seven, Inc. (HL7), Integrating the Healthcare Enterprise (IHE), Internet2, Liberty Alliance, National Alliance for Health Information Technology (NAHIT)
>HHS National Health Information Infrastructure
>The Decade of Health Information Technology: Delivering Consumer-centric and Information-rich Health Care Framework for Strategic Action July 21, 2004


>HEALTHLAW BLOG

>DOJ FTC Report - Health Care Antitrust - 2004

>DC Bar Health Law Section -- The Patients Rights Manual Copyright 2004 DC Bar. All Rights Reserved A companion manual for legal practitioners will soon be available. Contact DC Bar Sections Office (202) 626-3463

>IRS HIPAA AdSi cc-2004-034

HIPAA AdSi Security Rule Educational Materials

>HIPAA SUMMIT ELEVEN & HIT SUMMIT TWO September 7-9, 2005 Renaissance Washington DC Hotel Washington, DC

>University of Colorado Hospital Authority v. Denver Publishing Co., No. 03-WM-1977 (D. Colo. Aug. 2, 2004) HIPAA AdSi Is No Basis for Hospital Claim Against Newspaper For Alleged Privacy Violations

American Health Information Community	>*NHII NHIN RFI materials for legal review purposes* >GAO July 2004 Report on NHII >*Proposed Rule HHS CMS ePrescribing October 11, 2005 Stark .pdf* >Proposed Rule HHS OCR ePrescribing October 11, 2005 Anti-Kickback .pdf >Proposed Rule HHS CMS ePrescribing October 11, 2005 Stark.html >Proposed Rule HHS CMS ePrescribing October 11, 2005 Anti-Kickback.html
>Federal Register: November 15, 2004 (Volume 69, Number 219) Page 65599-65601 in .html format >*Federal Register: November 15, 2004 (Volume 69, Number 219) Page 65599-65601 in .pdf format* >HHS NHIN FAQs Nov. 17, 2004 .html >HHS NHIN FAQs Nov. 17, 2004 2004 .pdf

>HRSA Reorganization Federal Register September 21, 2004	>HHS Office of Inspector General Health care programs; fraud and abuse: Healthcare Integrity and Protection Data Bank; data collection reporting requirements Federal Registser September 21, 2004

First HIPAA Administrative Simplification subtitle criminal action, US v. Gibson

AUG. 21, 1996 HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 Public Law 104-191 104th Congress, Criminal Enforcement Provisions

WRONGFUL DISCLOSURE OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION SEC. 1177. (a) OFFENSE.--A person who knowingly and in violation of this part-- (1) uses or causes to be used a unique health identifier; (2) obtains individually identifiable health information relating to an individual; or (3) discloses individually identifiable health information to another person, shall be punished as provided in subsection (b). (b) PENALTIES.--A person described in subsection (a) shall-- (1) be fined not more than $50,000, imprisoned not more than 1 year, or both; (2) if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and (3) if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both.

>*HIPAA AdSi Statutory Enforcement Provisions - Civil & Criminal*

>US v. Gibson, W.D. Wash. No.CR04-0374RFM, Seattle, US Att'y HIPAA AdSi Criminal Information

>US v. Gibson, W.D. Wash. No.CR04-0374RFM, Seattle, US Att'y HIPAA AdSi Criminal Plea of Defendant

Class Actions Against Health Care Facilities >Complaint vs. HCA >Complaint vs. HMA >Complaint vs. UHS

Miscellaneous US Government & Other Links

>HHS National Health Information Infrastructure >OCR HIPAA AdSi >CMS HIPAA AdSi TCS >CMS HIPAA AdSi Privacy >HRSA HIPAA >TRICARE HIPAA >SSA HIPAA >FTC Gramm-Leach-Bliley Privacy Initiatives
>US VA OGC HIPAA >US VA RESEARCH HIPAA
>Federal Register >Code of Federal Regulations >United States Code >Thomas

Miscellaneous CMS Links

>Medlearn Matters >Medlearn Learning Network Publications >Archives of Medlearn Matters NIH >Online Manual System >Medicare Modernization >Prescription Drug and Other Assistance Programs >Drug Discount Cards Quick Search >HIPAA Administrative Simplification Medicare Notice of Privacy Practices >HIPAA Administrative Simplification

Centers for Medicare & Medicaid Services PROPOSED RULES published August 3, 2004 in Federal Register >Medicare: Medicare Advantage Program; establishment, 46865–46977 >Medicare Prescription Drug Benefit Program, 46631–46863

>HEALTH LAW BLOG

This Web site provides general educational information only and should not substitute for professional advice on your specific legal situation. Neither access to this Web site nor communication via this Web site creates a lawyer-client relationship. By entering this Web site, you agree to our >Disclaimer

Please read our Year 2000 Readiness Disclosure for this Web site

By viewing this Web site, you agree to our Disclaimer

Please read our Privacy Policy

>Comptroller General Disclosure under Medicare Program 42 USC 1395(v)(1)(I)

>Complaint in California Consumer Health Care Council vs. Kaiser Foundation Health Plan, Inc. et al. under Business & Professions Code re: alleged privacy violations. dated March 12, 2004

US v. Green & Related Decisions: US Sentencing Guidelines Unconstitutional, June 18, 2004

STARK II INTERIM FINAL RULE
>Stark II Interim Final Rule March 25, 2004 - Before Publication in Federal Register
>Stark II Interim Final Rule Federal Register March 26, 2004 (requires correction below)
>Stark II Interim Final Rule 69 Federal Register Page 17933 et seq. Correction dated April 6, 2004
>Stark II Interim Final Rule Correction (.html version)
>Stark II Interim Final Rule Federal Register March 26, 2004 (Rule without Preamble)
>Stark II Interim Final Rule (.html version)

American Bar Association Health Law Section Audioconference May 19, 2004 >The (Un)Common Law of HIPAA Administrative Simplification

>HHS OIG Compliance Program Guidance for Hospitals 2.23.98
>Compliance Guidance HHS OIG web site

VA CLE- >HIPAA Transactions - Privacy and Security (For the Non-Health Lawyer)

There are about 300,000,000 patients in the U.S. and millions of health care providers. They all care about HIPAA, so shouldn’t you? Co-sponsored by the Virginia Bar Association Health Law Section Program Level: Intermediate COURSE PURPOSE HIPA? HIPPA? HIPPAA? HIPAA? HIPPO? If you can’t spell it you don’t know it, so this is the seminar for you. Learn about HIPAA Administrative Simplification, which is anything but simple and affects much more than health care, including employers who provide employee health care benefits, companies who do business with health care providers and payors, and their lawyers who don’t concentrate in health care law, but might have to enter into HIPAA business associate contracts with their clients. Also, learn about obtaining medical records and how subpoenas are handled in Virginia under HIPAA.

FDA & SEC Cooperation >*FDA Web Site Announcement* >SEC Web Site Announcement >FDA letter to SEC >SEC letter to FDA >Opinion: Dismissal of Count 9 in Martha Stewart et al. Criminal Proceedings

>DC Bar Health Law Section -- The Patients Rights Manual Copyright 2004 DC Bar. All Rights Reserved A companion manual for legal practitioners will soon be available. Contact DC Bar Sections Office (202) 626-3463

*Can-Spam Act* "This Act may be cited as the `Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003', or the `CAN-SPAM Act of 2003'..." "SEC. 16. EFFECTIVE DATE. The provisions of this Act, other than section 9, shall take effect on January 1, 2004."

>Direct Marketing Association Can-Spam Act chart >Direct Marketing Association Anti-Spam Documents Web Site

Massachusetts Law Materials

January 2004 >AN ACT TO PROMOTE THE FINANCIAL INTEGRITY OF PUBLIC CHARITIES proposed by the Attorney General of the Commonwealth of Massachusetts

Massachusetts - .html format >Chapter 127 of the Acts of 2003 - AN ACT ESTABLISHING A NEW BUSINESS CORPORATION ACT - Chapter 156D .doc format >Chapter 127 of the Acts of 2003 - AN ACT ESTABLISHING A NEW BUSINESS CORPORATION ACT - Chapter 156D >Mass.gov site version

Attorney General of the Commonwealth of Massachusetts
>Summary of An Act to Promote the Financial Integrity of Public Charities
January 2004

>Web site "Charities" for The Office of Massachusetts Attorney General Tom Reilly

>Commonwealth of Massachusetts Executive Department Legal Counsel Web Site

>Massachusetts ePrescription Law >*Governor's Statement on Law* >UETA

>*Massachusetts Proposed Department of Public Health Regulation - ePrescription*

Centers for Medicare & Medicaid Services Medicare Reform Web Site
>Medicare Prescription Drug, Improvement, and Modernization Act of 2003

>CMS Drug Card Search Site
>Kaiser Family Foundation Resources on the Medicare Prescription Drug Benefit

>HR1 Joint Explanation
>House Committee on Ways & Means HR1 Web Site

Medicare Program; Medicare Prescription Drug Discount Card; >*Interim Rule and Notice Federal Register* December 15, 2003 (Volume 68, Number 240)] Rules and Regulations Page 69839-69927

>"HIPAA Compliance & Marketing Provisions Teresa DeCaro" of CMS >December 18 & 19 2003 CMS Presentation on Medicare Prescription Drug, Improvement, and Modernization Act of 2003

>HIPAA Administrative Simplification Subtitle -- Excerpts from Medicare Prescription Drug, Improvement, and Modernization Act of 2003 & Medicare Program Prescription Drug Discount Card Interim Rule & Notice [Note: reference should always be made to the official US government versions for complete accuracy & contextual understand.]

>HR1 Joint Explanation Microsoft Word for Windows
>HR1 Joint Explanation Corel WordPerfect
>HR1 Joint Explanation HTML
[Note: these version, which are large files & might take longer than most to open, were created using features in Adobe Acrobat, Microsoft Word for Windows, WordPerfect for W indows, & Conversions Plus (registered products & marks of Adobe Systems Incorporated, the Microsoft Corporation, Corel Corporation, &DataViz, Inc. , respectively) & are not official versions; reference should always be made to the official US government version for complete accuracy.]

HR1 adds more "covered functions" and another HIPAA Administrative Simplification Subtitle "covered entity" -- "a prescription drug card sponsor is a covered entity...."

"(h) QUALIFICATION OF PRESCRIPTION DRUG CARD SPONSORS AND ENDORSEMENT OF DISCOUNT CARD PROGRAMS; BENEFICIARY PROTECTIONS- `(1) PRESCRIPTION DRUG CARD SPONSOR AND QUALIFICATIONS- `(A) PRESCRIPTION DRUG CARD SPONSOR AND SPONSOR DEFINED- For purposes of this section, the terms `prescription drug card sponsor' and `sponsor' mean any nongovernmental entity that the Secretary determines to be appropriate to offer an endorsed discount card program under this section, which may include-- `(i) a pharmaceutical benefit management company; `(ii) a wholesale or retail pharmacy delivery system; `(iii) an insurer (including an insurer that offers medicare supplemental policies under section 1882); `(iv) an organization offering a plan under part C; or `(v) any combination of the entities described in clauses (i) through (iv)... (6) CONFIDENTIALITY OF ENROLLEE RECORDS- `(A) IN GENERAL- For purposes of the program under this section, the operations of an endorsed program are covered functions and a prescription drug card sponsor is a covered entity for purposes of applying part C of title XI and all regulatory provisions promulgated thereunder, including regulations (relating to privacy) adopted pursuant to the authority of the Secretary under section 264(c) of the Health Insurance Portability and Accountability Act of 1996[emphasis supplied] (42 U.S.C. 1320d-2 note). `(B) WAIVER AUTHORITY- In order to promote participation of sponsors in the program under this section, the Secretary may waive such relevant portions of regulations relating to privacy referred to in subparagraph (A), for such appropriate, limited period of time, as the Secretary specifies...."

THE CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENT RECORDS REGULATION AND THE HIPAA PRIVACY RULE: IMPLICATIONS FOR ALCOHOL AND SUBSTANCE ABUSE PROGRAMS
U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES Substance Abuse and Mental Health Services Administration Center for Substance Abuse Treatment
SAMHSA HIPAA AdSi Web Site
"Introduction
In the early 1970’s, Congress recognized that the stigma associated with substance abuse and fear of prosecution deterred people from entering treatment and enacted legislation that gave patients a right to confidentiality. For the almost three decades since the Federal confidentiality regulations (42 CFR Part 2 or Part 2) were issued, confidentiality has been a cornerstone practice for substance abuse treatment programs across the country. In December, 2000, the Department of Health and Human Services (HHS) issued the “Standards for Privacy of Individually Identifiable Health Information” final rule (Privacy Rule), pursuant to the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 45 CFR Parts 160 and 164, Subparts A and E.1 Substance abuse treatment programs that are subject to HIPAA must comply with the Privacy Rule.2 3 Substance abuse treatment programs that already are complying with Part 2 should not have a difficult time complying with the Privacy Rule, as it parallels the requirements of Part 2 in many areas. Programs subject to both sets of rules must comply with both, unless there is a conflict between them. Generally, this will mean that substance abuse treatment programs should continue to follow the Part 2 regulations. In some instances, programs will have to establish new policies and procedures or alter existing policies and practices. In the event a program identifies a conflict between the rules, it should notify the Substance Abuse and Mental Health Services Administration of HHS immediately for assistance in resolving the conflict...."

`Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003', or the `CAN-SPAM Act of 2003'

"(b) CONGRESSIONAL DETERMINATION OF PUBLIC POLICY- On the basis of the findings in subsection (a), the Congress determines that-- (1) there is a substantial government interest in regulation of commercial electronic mail on a nationwide basis; (2) senders of commercial electronic mail should not mislead recipients as to the source or content of such mail; and (3) recipients of commercial electronic mail have a right to decline to receive additional commercial electronic mail from the same source...."

>HIPAA Terms: An Annotated Glossary
A glossary of Administrative Simplification terms from certain of the rules promulgated under the
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
By Alan S. Goldberg, Esq., Steven J. Snyder, Esq., Bradley G. Allen, Esq., and Elizabeth C. Myers, Esq.
"This glossary of Administrative Simplification terms from certain of the rules promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is intended to provide an easily accessible educational reference for understanding the Transactions and Code Sets Rule, the Privacy Rule, and the Security Rule. In addition, this title includes a copy of portions of the 1998 proposed Security Rule (63 Fed. Reg. 43,242, 43,271-77 [August 12, 1998]). Although not contained in any final rule, this material provides definitions of terms, a list of acronyms, and a bibliography that continue to be useful to the practitioner working with HIPAA."
>See Sample Page from Glossary

Miscellaneous US Government HIPAA AdSi Links

>OCR HIPAA AdSi >CMS HIPAA AdSi TCS >CMS HIPAA AdSi Privacy >HRSA HIPAA >TRICARE HIPAA >SSA HIPAA
>US VA OGC HIPAA >US VA RESEARCH HIPAA >FEDREG
>FTC Gramm-Leach-Bliley Privacy Initiatives

"...This Notice discusses the effect of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Regulations, 45 C.F.R. parts 160 and 164, when the Service requests protected health information from a taxpayer or third party. Under these regulations, the Service will generally have additional burdens when requesting protected health information from a “covered entity” or a covered entity’s business associate. There are three exceptions that allow the Service to obtain protected health information while enforcing the Internal Revenue Code: the consent of the taxpayer, the law enforcement exception, and the administrative and judicial proceedings exception. This Notice discusses the standards for applying these exceptions...."
>IRS HIPAA AdSi cc-2004-034

CMS & HIPAA AdminSimp
>HIPAA AdSi TCS >HIPAA AdSi Privacy

CMS Guidance of July 24, 2003 - Compliance

>Administrator's Letter to Health Care Providers Regarding Contingency Plans of September 22, 2003

>MCS - March 14, 2003 FROM: Director Survey and Certification Group - Review of Protected Health Information and Applicability of Business Associate Agreements Under the Health Insurance Portability and Accountability Act (HIPAA) for the Purposes of Survey and Certification

>CMS - Program Memorandum Department of Health & Human Services (DHHS) Intermediaries/Carriers Centers for Medicare & Medicaid Services (CMS) Transmittal AB-03-034 Date: FEBRUARY 28, 2003 - Medicare Fee for Service Contractor Guidance on the HIPAA Privacy Rule

>CMS HIPAA AdSi Glossary

[Federal Register: August 22, 2003 (Volume 68, Number 163)] [Rules and Regulations] [Page 50717-50722]
>"Medicare Program; Electronic Submission of Cost Reports AGENCY: Centers for Medicare & Medicaid Services (CMS), HHS. ACTION: Final rule. SUMMARY: This final rule amends regulation by requiring that, for cost reporting periods ending on or after December 31, 2004, all hospices, organ procurement organizations, rural health clinics, Federally qualified health centers, community mental health centers, and end- stage renal disease facilities must submit cost reports currently required under the Medicare regulations in a standardized electronic format. This rule also allows a delay or waiver of this requirement when implementation would result in financial hardship for a provider. The provisions of this rule allow for more accurate preparation and more efficient processing of cost reports. DATES: Effective Date: The provisions of this final rule are effective September 22, 2003. Applicability Date: The provisions of this final rule are effective for cost reporting periods ending on or after December 31, 2004...."

>HIPAA AdSi ASCA Interim Final Rule August 14, 2003
"SUMMARY: This interim final rule with comment period implements the statutory requirement that claims for reimbursement under the Medicare Program be submitted electronically as of October 16, 2003,except where waived. This rule identifies those circumstances for which mandatory submission of electronic claims to the Medicare Program is waived. DATES: Effective date: October 16, 2003. These regulations are applicable for Medicare claims submitted on or after October 16, 2003. Comment date: Comments will be considered if we receive them at the appropriate address, as provided below, no later than 5 p.m. on October 14, 2003...."

HIPAA Administrative Simplification - Enforcement (HIPAA Transaction and Code Set Complaint Information)

>*Revised Disclosure Desk Reference for Call Centers (Program Memorandum AB-03-077)*

>Thomas A. Scully, CMS Administrator, Letter of July 18, 2003 to Medicare Providers "Effective October 16, 2003, all electronic transactions covered by HIPAA must comply with these standards for format and content...."

From CMS: "National Provider Identifier (NPI) Final Rule Published - The Final Rule adopting the HIPAA standard unique health identifier for health care providers was published in the Federal Register on January 23, 2004. Health care providers can begin applying for NPIs on the effective date of the final rule, which is May 23, 2005. All health care providers are eligible to be assigned NPIs; health care providers who are covered entities must obtain and use NPIs. All HIPAA covered entities must use NPIs by the compliance dates (May 23, 2007 for all but small health plans; May 23, 2008 for small health plans)...."

American Hospital Association et al. ask Congress NOT to delay HIPAA electronic transactions standards rule enforcement date
Letter of September 26, 2001

"...Any legislative delay of the electronic transactions standards would unfairly penalize hospitals and health systems that have made the significant commitment of financial and staff resources necessary to meet the current October 2002 compliance deadline for those requirements. In enacting HIPAA, Congress deliberately sought predictability and ways to reduce the costs and burden of meeting the widely different health care claims form and content requirements of many different payers. According to HHS, there are some 400 different formats for electronic claims processing. HIPAA's electronic transactions standards are intended to standardize these formats and thus significantly reduce hospitals' administrative burden over time...The nation's hospital community strongly urges that HHS and Congress work together to develop an administrative policy that provides appropriate incentives for the entire health care field to expedite implementation of the electronic transactions standards, and that allows flexibility for those hospitals that might need some additional time to achieve full compliance by the October 2002 deadlines...."

/s/ American Hospital Association, Association of American Medical Colleges, Cleveland Clinic Foundation, Federation of American Hospitals, Premier, Inc., & VHA Inc.

>ACLA, AHCA, AHA, AMA, Premier, Inc., VHA letter of July 1, 2003 to Secretary Thompson "...We believe it is essential for HHS to take the following steps to prevent the impending 'train wreck' on October 16th [2003]...."

>NCVHS letter of June 25, 2003 to Secretary Thompson
"...Despite the diversity of representation of the groups who provided testimony and letters, there was overall agreement that the Federal government should permit operational compliance, as opposed to strict technical compliance, for a limited period of time following the October 16 deadline. This would allow for the necessary trading partner testing to take place across the industry, as well as mitigate any potential unintended adverse consequences to provider cash flow and patient care...."

>American Association of Health Plans letter of June 6, 2003 to Tom Scully, Administrator, CMS, regarding TCS rule compliance

>American Hospital Association letter of April 17, 2003 to Tom Scully, Administrator, CMS, regarding enforcement

"...AAHP does not support a delay in the October 16, 2003 compliance date of the TCS rule. An implementation delay could penalize those covered entities that have invested the time, resources and commitment to implement the HIPAA standards. At the same time, we do believe that CMS should provide a smooth transition from the current electronic transaction standards used by health plans, health care providers, and health care clearinghouses to the standards that will be required when the TCS rule goes into effect. We urge CMS to adopt the WEDI recommendations to achieve this goal. We appreciate your work to simplify administrative procedures and we are eager to work...."

>WEDI letter of April 15, 2003 to CMS "The issue at hand is how does the industry make the short-term transition from its current state to a successful implementation, given a substantial degree of noncompliance in October 2003, and thus avoid the so-called train wreck that will result from reversion to paper claims or stoppage of cash (payment) flows."

>AHA letter of May 19, 2003 to CMS "...[W]e propose development of a system-wide implementation plan that clearly outlines remedial actions that every health plan must take to ensure that an adequate level of cash flows to hospitals is maintained as the field transitions to HIPAA standardized claims."

>American Hospital Association letter of June 16, 2003 to CMS regarding civil monetary penalties, health care claims, & privacy "...We look forward to working with you to make sure that the efforts related to HIPAA enforcemennt appropriately encourage improvements in hospitals' compliance programs...."

American Hospital Association letter of June 25, 2003 to Secretary Thompson regarding transactions codes"...At the TCS implementation date approaches, hospitals are growing increasingly concerned about the potential for disruption in the current claims submission and payment cycles that might result from poor, improper or incomplete implementation of the HIPAA standard transactions...."

DHHS Office for Civil Rights HIPAA AdminSimp Privacy Rule Site
Miscellaeous OCR Materials

>OCR/HIPAA Privacy/Security/Enforcement Rules Text August 2003 Compiled Unofficial Version >Superceded Unofficial Version October 8, 2002

OCR Letters Responding to HIPAA AdminSimp Inquiries

>OCR letter dated April 25, 2003 to Social Security Administration
Form SSA-827 & Privacy Rule Authorizations

>Nine OCR HIPAA AdSi Response Letters

OCR Letters Responding to HIPAA AdminSimp Inquiries

>Letters dated 12/09/02 to OCR & 4/01/03 from OCR about state board of pharmacy inspections & HIPAA AdminSimp accountings for disclosures

>Letter from OCR to Ely Lily & Company dated 4.15.03 - Institutional Review Boards & Authorizations under HIPAA AdminSimp

Human Research - HIPAA AdminSimp & Beyond

>NIH Publication 03-5388 (undated) HIPAA AdminSimp Privacy & Research - Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule

>NIH HIPAA Web Site - The HIPAA Privacy Rule and Research >US Department of Health & Human Services Office for Human Research Protections

>*Department of Health and Human Services OFFICE OF INSPECTOR GENERAL May 2003 Report* To determine if Medicare Part A providers expect to comply with the electronic data transaction standards and code sets mandated by the Health Insurance Portability and Accountability Act (HIPAA) by October 2003.

www.hipaanotice.com

>Readability of HIPAA Privacy Notices Mark Hochhauser, Ph.D., Readabi