HIPAA Security Standard and Modifications to the Transaction and Code Set Standard
The CMS published in the Federal Register the HIPAA Security Standard and Modifications to the Transaction and Code Set Standard on February 20, 2003.

The CMS Web site advises:

• Reviewing your office's business operations and identify exactly which HIPAA electronic transactions apply to you.
  
  
• Assign a HIPAA Point Person who will be responsible for making your organization HIPAA compliant. Make sure the individual has the authority and ability to make decisions for your organization.
  
  
• Identify your HIPAA partners - health plans, software vendors, billing services, etc. Contact your partners and ask them about their HIPAA plans. Some questions you should ask include:
  
  
  • What is their timeframe for compliance?
    
    
  • Will they be making changes to products or services and at what cost?
    
    
  • How do they plan to implement the changes with providers and payers?
    
    
  • When can you expect to test any changes to their software?

  Document responses that you receive and get all commitments in writing. It is a good idea to have a legal review of your contracts and agreements to fully understand your rights and responsibilities, as well as those of your partners.

• Test with your health plans and payers. This includes testing with Medicare, your commercial payers and your clearinghouse. Continually monitor their progress until you are satisfied that you are compliant with the standards. Changes to your practice management software may also affect your internal office procedures.
  
• Test your internal office systems (patient scheduling, registration system and practice management systems) and be certain to train your staff on any changes.

For more information consult the AANS HIPAA Compliance Manual Diskette through the AANS Online Marketplace or visit the CMS Web site.