Although October 16, 2002 is probably not a date that will live in infamy, it is an important date for marriage and family therapists in California, as well as for all health care providers in the United States. Why? Because October 16, 2002 is the deadline for health care providers to be compliant with the Transaction and Code Set Standards ("Transaction Standards") of the Health Insurance Portability and Accountability Act ("HIPAA"). The Transaction Standards set forth the requirements for the electronic formatting of bills submitted to insurance carriers, the remittance advice providers receive from payors, and the use of national code sets (CPT, ICD-9) by providers and payors. The Transaction Standards will create a national standard for the electronic formatting of certain administrative and billing activities; right now we have a patchwork of individual procedures and formats. The good news is that because of the difficulty that many health care providers, and other "covered entities," have had in trying to comply with the Transaction Standards, Congress passed legislation late last year, which President Bush signed, granting an additional year to come into compliance with the Transaction Standards.

In order to qualify for this extension, "covered entities" must submit a compliance plan to the Centers for Medicare and Medicaid Services ("CMS") by October 15, 2002. That's right, if you file a compliance plan with CMS by October 15, 2002, you can delay compliance with the Transaction Standards for one year; conversely, if you are a "covered entity" and you do not file the requisite plan by October 15, 2002, you must be compliant with the Transaction Standards on October 16, 2002. Fortunately, CMS has made it easy to submit the requisite plan by creating an on-line Model Compliance Plan, which can be submitted to CMS electronically or by mail. The purpose of this article is to enable you to determine if you are a "covered entity" and if you need to submit the Model Compliance Plan and then, if you do, to inform you of how to make such filing.

Am I a Covered Entity and Do I Need to Submit to CMS a Model Compliance Plan for Complying With the Transaction Standards?

Since "covered entities" must submit the Model Compliance Plan by October 16, 2002, the threshold question is whether you, as a provider of mental health services, are a "covered entity" for HIPAA's purposes?

HIPAA defines a "covered entity" as a "health care provider" who "transmits health information in electronic form" in connection with any "transaction"¹. Notice that the definition of a "covered entity" includes three sub-definitions that we must understand to answer the specific question of whether you are a "covered entity." Those three concepts are: "health care provider," "transmitting information electronically," and "transaction." Each of these concepts is discussed in turn.

First, a "health care provider" is any person who furnishes, bills, or is paid for health care in the regular course of their business.² This is a very broad definition, which includes marriage and family therapists.

Second, transmitting information electronically means to use computer-based technology to transmit and store health information.³ For instance, using the Internet, an Extranet, leased lines, dial-up lines, private networks and those transmissions that are physically moved from one location to another using magnetic tape, disk, or compact disk media come within the meaning of the definition.⁴ Some commentators believe that sending information via facsimile is not considered to be transmitting information electronically;⁵ others, however, believe that it is.⁶ We are hopeful that the Department of Health Services will clarify this issue in the coming months. However, until the issue is clarified, the safest course to follow is to assume that facsimile transmissions are electronic communications.

Third, a "transaction," for HIPAA's purposes, involves transmitting information between two parties to carry out financial or administrative activities related to health care.⁷ Such activities include making health care claims; seeking health care payment and remittance advice; determining health care claim status; determining eligibility for a particular health plan; and, seeking referral certification and treatment authorizations.

With these definitions in mind, we can now return to our threshold question, which is whether you, as a marriage and family therapist, are a "covered entity?"

Assuming you render mental health services to clients, you are a health care provider, and, assuming you bill for your services, you do carry out certain administrative and financial activities attendant to such billing. The key question, however, is whether you submit those activities to others electronically. If you do, you are a "covered entity;" if you do not, you are not. Stated another way, if you do not accept any forms of insurance, i.e., meaning you accept only cash paying patients, or if you submit your insurance claims by mail, or if you give the insurance forms to your patients so that they can mail them to their carriers, you are not a "covered entity" and you do not have to file the Model Compliance Plan with CMS.

In fact, if you only accept cash payments from patients, or if you or your patients submit the insurance claims by mail, you do not fall within HIPAA's purview. However, as attractive as that sounds, the position does come with some consequences. First of all, the rest of the country is going to leave you "in the dust" as we rely more and more on technology in the health care milieu. Second, even if you plan on submitting your insurance claims by mail, you will probably have to contract with a health care clearinghouse to translate the information from your bill into the format mandated by the Transaction Standards, which may result in an additional cost to you. In terms of HIPAA, you can run, but you can't hide; one of its tentacles will undoubtedly find you.

How Do I Submit a Model Compliance Plan to CMS?

Submitting the Model Compliance Plan is quite easy. The first step is to go to the compliance plan section of CMS's website, which is found at:
http://cms.hhs.gov/hipaa/hipaa2/TCSFormInstructions.asp. There you will find the general instructions for submitting the Model Compliance Plan and the actual plan itself. Once you have accessed the Model Compliance Plan, the computer will "walk" you through a list of 26 questions. The plan will give you options for answering each question. Once you have finished answering these questions, it will allow you to submit the form electronically. You will then receive an electronic confirmation number, which will serve as your proof that the Model Compliance Plan was filed. I can testify that the plan is very user-friendly because I actually completed one myself. The questions are clear, and the plan includes help for answering the questions if you need it. And, most important of all, there are no wrong answers! You simply complete the form and submit it. Again, compliance plans submitted electronically to CMS must be received by CMS no later than October 15, 2002.

In terms of the questions themselves, some of them will ask for estimated completion dates for conducting certain activities pertaining to HIPAA compliance, i.e., awareness, assessment, and development and testing. Unless you have more certain dates for such activities, I have been encouraging members to use dates late in to next summer for such questions. Consequently, feel free to put July 2003, August 2003, or September 2003 for such questions. Again, there are no right or wrong answers; your responses will be used for statistical purposes, which may result in the adoption of certain policies. The only question that you will use a different date for is question 25, which calls for a date no later than April 2003.

If you cannot file the Model Compliance Plan electronically, but you can print the form, please print it, complete it, and then mail it to Model Compliance Plans, Centers for Medicare and Medicaid Services, P.O. Box 8040, Baltimore, Maryland 21244-8040. CMS will not acknowledge receipt of compliance plans submitted by mail, and such plans must be postmarked no later than October 15, 2002.

Please keep in mind that filing the Model Compliance Plan affects only the Transaction Standards of HIPAA; it has nothing to do with your compliance with the Privacy Rule, another aspect of HIPAA, which will be the subject of future articles in The Therapist. The date set for complying with the Privacy Rule remains April 14, 2003.

Why Should I File the Model Compliance Plan?

CAMFT encourages all marriage and family therapists to file the Model Compliance Plan so as to get the extension, and we encourage you to make such filing as soon as possible. Remember that the deadline for submitting the Model Compliance Plan electronically is October 15, 2002, and if you submit the plan by mail, your correspondence must be postmarked by October 15, 2002. Our research indicates four reasons for making the filing:

1. Filing the form is simple and cheap. You do not need an attorney to do this for you and it does not cost you anything to make the filing, so save yourself some time and money by doing it yourself.
2. To date, CMS has not published proposed modifications to the Transaction Standards as promised, and it is possible that its modifications could change the data that needs to be submitted. Hence, getting the extension by filing the Model Compliance Plan buys you some time to wait and see how extensive the modifications will be.
3. Everybody else will probably be getting the extension so you might as well get it, too.
4. There are no wrong answers. So long as you submit a properly completed compliance plan, you will not be turned down.

The information contained in this article is intended to provide guidelines for addressing difficult legal dilemmas. It is not intended to address every situation that could possibly arise, nor is it intended to be a substitute for independent legal advice or consultation. When using such information as a guide, be aware that laws, regulations, and technical standards change over time, and thus one should verify and update any references or information contained herein.

Added by the iBHEALTH Editorial Staff: 
This article appeared in the September/October 2002 issue of The Therapist, the publication of the California Association of Marriage and Family Therapists, headquartered in San Diego, California. This article is reprinted with permission of the California Association of Marriage and
Family Therapists.

1. 45 C.F.R. 164.104
2. 45 C.F.R. 160.103
3. 45 C.F.R. 160.103
4. 45 C.F.R. 160.103
5. "The Federal Health Privacy Rule," The Therapist, page 34
6. http://www.hipaadvisory.com/action/faqs/FAQ_General.htm, page 2 (click here to view the external site)
7. 45 C.F.R. 160.103

Click on the note to return to the corresponding cite.