May 24, 2007, was the date when most entities covered by the Health Insurance Portability and Accountability Act (HIPAA), including health care providers that bill or transmit health information electronically, should have begun using their National Provider Identifiers (NPI) for billing and payment transactions. The NPI is now supposed to be the only provider number used to submit electronic claims to governmental and non-governmental payors.
The question of the day is will the Centers for Medicare and Medicaid Services (CMS) penalize covered entities that are not in compliance with the NPI standard?
The answer is, not necessarily. CMS has announced that it will not actively enforce the NPI standard, absent a complaint that leads to an investigation.
Furthermore, should a covered entity be investigated and found not to be compliant, CMS may grant that covered entity an NPI compliance "grace period" that could extend to May 23, 2008, if the non-compliant covered entity has a reasonable reason for non-compliance, and can demonstrate that it has made a good faith effort to comply.
Even though CMS has taken this industry-friendly enforcement approach, a covered entity not currently in compliance should make immediate efforts to become compliant, to avoid an investigation and to justify the granting of a grace period if investigated.
CMS also announced that it would not impose monetary penalties until May 23, 2008, in regard to non-compliant covered entities that process and pay claims. This process and payment grace period is only available to covered entities that are diligently trying to achieve compliance, and have adopted contingency plans that ensure proper payment.