MGMA calls for CMS to enforce health plans’ HIPAA compliance

Telemedicine doctor
The MGMA wants to see CMS enforce administrative simplification requirements on health plans. (shironosov/Getty)

While physician practices can complain about a health plan’s failure to comply with HIPAA and Affordable Care Act requirements, the Centers for Medicare and Medicaid Services has yet to issue a single enforcement fine.

In a letter sent to CMS Wednesday, the Medical Group Management Association (MGMA) urged CMS to step up enforcement of HIPAA and ACA administrative simplification requirements related to mandated transactions, operating rules, national identifiers and code sets.

“MGMA members have reported many occurrences of noncompliance on the part of health plans (including commercial plans, state Medicaid agencies and Veterans Affairs-contracted payers). With no enforcement fines to date levied against a covered entity for noncompliance, there is little reason to submit a complaint on the part of a provider and little incentive to be compliant on the part of a health plan,” wrote Anders Gilberg, senior vice president of government affairs.

The MGMA sent the letter in response to a request for comments about the HIPAA administrative simplification complaint form, using it as a chance to raise issues with the current enforcement process.

The MGMA contrasted CMS’ enforcement efforts with those of the Office for Civil Rights, which enforces HIPAA privacy rules and has levied fines and reached numerous settlement agreements with noncompliant covered entities.

CMS is mandated to enforce health plan compliance with requirements intended to reduce the administrative burden on medical group practices. MGMA raised concerns that some health plans do not support standards such as electronic funds transfer for payment, the electronic insurance eligibility verification transaction and the electronic prior authorization transaction, and noted the lack of enforcement.

MGMA urged CMS to revise the form that providers would use to lodge complaints, to better preserve anonymity and to initiate health plan HIPAA compliance audits to help ensure health plans meet requirements.