HIPAA Electronic Certification Rules Withdrawn

Proposed rules issued January 2, 2014 would have required certain health plans (including self-insured health plans) to certify compliance with three of the HIPAA rules relating to electronic transactions. These certification requirements were viewed as fairly onerous, particularly for self-insured plans that rely on their third party administrators for such transactions. More specifically, these rules would have required controlling health plans to demonstrate compliance with the electronic standard transactions related to eligibility for the health plan, health care claims status and health care electronic fund transfers (such as payment) and remittance advice (such as EOBs). Penalties would have been assessed for failing to certify compliance.

In a Federal Register notice, the above proposed rules requiring certification of compliance were withdrawn last week.  Compliance with the standard transaction rules continues to be required.

Latest Thinking

View more Insights
Insights Center
Knowledge assets are defined in the study as confidential information critical to the development, performance and marketing of a company’s core business, other than personal information that would trigger notice requirements under law. For example,
The new study shows dramatic increases in threats and awareness of threats to these “crown jewels,” as well as dramatic improvements in addressing those threats by the highest performing organizations. Awareness of the risk to knowledge assets increased as more respondents acknowledged that their