Get your Practice Analysis done free of cost. Please call 888-720-8884

CMS’s New Compliance Review Program

The Centers for Medicare & Medicaid Services (CMS) Division of National Standards, on behalf of the Department of Health and Human Services (HHS), have launched the Compliance Review Program. All HIPAA-covered health plans and other entities must comply with Administrative Simplification rules in order to reap the benefits of standardized transactions and reduced administrative costs. Transactions can include claims and encounter information, eligibility, enrollment and dis-enrollment, and referrals and authorizations.

Common standards for formats and content accelerate the flow of information between providers and health plans, which can help inform patients about coverage, benefits, and out-of-pocket costs. Administrative Simplification Enforcement and Testing Tool (ASETT) enables individuals and organizations to file a HIPAA or ACA complaint against an entity for potential non-compliance with transactions, code sets, unique identifier, or operating rules standards.

The compliance reviews will assess whether HIPAA -covered entities are in compliance with the standards:


A transaction is an electronic exchange of information between two parties to carry out financial or administrative activities related to health care. For example, a health care provider will send a claim to a health plan to request payment for medical services.

Electronic transactions are being used in health care to increase efficiencies in operations, improve the quality and accuracy of the information, and reduce the overall costs to the system. Under HIPAA, HHS adopted certain standard transactions for the electronic exchange of health care data. These transactions include:

  • Claims and encounter information
  • Payment and remittance advice
  • Claims status
  • Eligibility
  • Enrollment and dis-enrollment
  • Referrals and authorizations
  • Coordination of benefits
  • Premium payment


Under HIPAA, HHS adopted specific code sets for diagnoses and procedures used in all transactions. They inform diverse health care functions, from billing to tracking public health.  Code sets outlined in HIPAA regulations include:

•    ICD-10 – International Classification of Diseases, 10th edition

•    Health Care Common Procedure Coding System (HCPCS)

•    CPT-Current Procedure Terminology

•    CDT – Code on Dental Procedures and Nomenclature

•    NDC – National Drug Codes


HIPAA establishes and requires unique identifiers for:

  • Health plans – HPID, or Health Plan Identifier, is a standard, unique identifier for health plans
  • Employers – EIN, or Employer Identification Number, is issued by the Internal Revenue Service and is used to identify employers in electronic transactions
  • Providers – NPI, or National Provider Identifier, is a unique 10-digit number used to identify health care providers
  • Patients – There is no adopted standard to identify patients. NPIs and EINs must be used on all HIPAA transactions.

We know that having an effective compliance program that closely adheres is part of client commitment to quality patient care. Hence, we are here to help you to ensure HIPAA compliance, which can successfully reduce the cost for your healthcare organizations, simplify processes, minimize administrative burdens, and improve the privacy and security of your patient’s health information.

Share this post