CMS announced a 90-day grace period for HIPAA 5010 compliance on Nov. 17, 2011. While CMS did not offer a deadline extension on the HIPAA 5010 compliance date of January 1, 2012, they will not “initiate enforcement action” before March 31, 2012. What does this mean?
It’s certainly not a free pass, but it does offer leniency on full compliance until March 31, 2012. During the grace period, CMS’ Office of E-Health Standards and Services (OESS) will continue to accept complaints regarding non-compliance for Version 5010, NCPDP D.0, and NCPDP 3.0 transaction standards, but will not take enforcement action as long as the covered entities that complaints were filed against can “produce evidence of either compliance or a good faith effort to become compliant with the new HIPAA standards during the 90-day period.”