----- Somewhat Edited Original Message -----
From: Nancy Spector
Sent: Thursday, May 21, 2009 2:01 PM
Subject: Survey: Timeframe to rollout possible revised 1500 claim form

The National Uniform Claim Committee (NUCC) is researching the needs for
a possible revised 1500 claim form.  No decision has been made yet about
whether or not we will revise the form, but we need to know if we do
revise it, when would be the best time to roll it out, with the 5010 and
ICD-10 work going on.

We want to make sure that we get the provider perspective on when would
be the best time to roll out a revised form.

The following is a link to a survey asking about the best timeframe to
rollout a revised form.

http://www.surveymonkey.com/s.aspx?sm=E6dM98zYy8EsJp4v_2fqC6hg_3d_3d

Please distribute this link to your constituents and encourage them to
complete the survey.  The deadline for completing the survey is close of
business Wednesday June 10th.

Thanks,

Nancy

Nancy Spector, RN MSC
Director, Electronic Medical Systems
American Medical Association
515 N. State St
Chicago, IL 60654
Phone: 312-464-4059

This email is being sent to you from the OCR-Privacy-list listserv, operated by the Office for Civil Rights (OCR) in the US Department of Health and Human Services.

This is an announce-only list, a resource to distribute information about the HIPAA Privacy Rule. For additional information on a wide range of topics about the the Privacy Rule, please visit the OCR Privacy website at www.hhs.gov/ocr/hipaa/. You can also call the OCR Privacy toll-free phone line at (866) 627-7748. Information about OCR's civil rights authorities and responsibilities can be found on the OCR home page at www.hhs.gov/ocr

If you believe that a person or organization covered by the Privacy Rule (a "covered entity") violated your health information privacy rights or otherwise violated the Privacy Rule, you may file a complaint with OCR. For additional information about how to file a complaint, see the Fact Sheet "How to File a Health Information Privacy Complaint," available at http://www.hhs.gov/ocr/privacyhowtofile.htm .

To subscribe to or unsubscribe from the list serv, please go to: http://list.nih.gov/cgi-bin/wa?SUBED1=ocr-privacy-list&A;=1

In the Final Rule adopting X12 version 005010 Type 3 Technical Reports
for HIPAA {Federal Register, Vol. 74, No. 11, 16 January 2009, page
3298, middle of second column and top of third column}, CMS wrote,

     "After publication of the final rule, all of the technical comments
      reviewed by the X12 workgroup, with the dispositions, will be
      posted on the CMS Web site ... as well as on the X12 portal [sic]
      ... ."

X12N's original of this report -- 239 pages -- is now posted at
http://www.x12.org/x12org/subcommittees/X12N/N0221_X12Responses_to_Tech.pdf

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

-----Original Message-----
From: compsecpubs@... [mailto:compsecpubs@...] On Behalf Of
Patrick O'Reilly
Sent: Friday, March 20, 2009 4:55 PM
To: Multiple recipients of list
Subject: NIST Announces the Release of Draft Special Publication 800-16
Revision 1


NIST announces the release of the Initial Public Draft (IPD) of
Special Publication 800-16, Revision 1, Information Security Training
Requirements: A Role- and Performance-Based Model. This publication
is now available for public comment.

The comprehensive training methodology provided in this publication
is intended to be used by federal information security professionals
and instructional design specialists to design (1) role-based
training courses or modules for personnel who have been identified as
having significant responsibilities for information security, and (2)
a basics and literacy course for all users of information systems.

We encourage readers to pay special attention to the Notes to
Reviewers section, as we are looking for feedback on the many changes
we have made to this document.

Comments will be accepted until June 26, 2009. Comments should be
forwarded via email to 800-16comments@....

URL to Draft SP 800-16 Rev. 1:
http://csrc.nist.gov/publications/PubsDrafts.html#800-16-rev1


Quick update - in the email sent to list on March 3, the NIST IR 7536
2008 Computer Security Division Annual Report was released.  We have
updated the PDF file for this document.  We now have a final layout
version available which includes charts, graphics, etc.  The text
inside this report did not change.  For those interested in viewing
the final printed version can find the updated PDF file here:

It is a PDF file and depending on your Internet speed, it may take a
couple extra seconds to load - PDF file is about 3.9 MB.
http://csrc.nist.gov/publications/nistir/ir7536/NISTIR-7536_2008-CSD-Annual-
Report.pdf

The official updated HIPAA transactions and code sets regulations
including X12 Version 005010,  ICD-10-CM,  ICD-10-PCS,  and various
NCPDP standards are now in effect as of 3/17/2009.  The online Code of
Federal Regulations (CFR) was updated last night, 3/18/2009, to
incorporate the modifications published in the Federal Register on
1/16/2009.  These most recent complete regulations may be viewed at
http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&tpl=/ecfrbrowse/Title45/45c\
fr162_main_02.tpl
starting at Subpart I -- General Provisions for Transactions.


Copies of X12's Type 3 Technical Reports (TR3s) incorporated by
reference into the updated regulations may be obtained via the
following link:
         http://store.X12.org .

As CMS is no longer subsidizing X12 for these documents, it will cost
you directly to have them downloaded or shipped.  Note, though, that
there is a single price for a package of all nine of the adopted version
005010 TR3s, and significant discounts are available to X12 members.

The first page of an online X12 membership application, including a dues
schedule, is located at
https://www.disa.org/apps/memberservices/x12/X12MembershipSection1.cfm


A summary of the changes between the current X12 version 004010 and
004010A1 Implementation Guides and the newly adopted version 005010 TR3s
is available at
http://www.x12.org/x12org/subcommittees/X12N/N0221_WEDI-X12-V5010_file.pdf.
Additionally, playbacks of webinars about the adopted X12 version 005010
TR3s can be arranged via
         http://www.x12.org/webinars/5010.cfm.
Topics covered in these webinars include:
   + the business justification for solutions included in version 005010
   + examples of how the implementation of version 005010 transactions
      addresses industry-requested requirements
   + specific answers to some of the questions from public comments to
      the Notice of Proposed Rule Making (NPRM)
   + details of changes across all affected transactions, including the
      explanatory, technical and structural modifications
   + details of how version 005010 is improved compared to version
      004010 and 004010A1
   + insight from original subject matter experts.
Again note that X12 members receive a discount on webinar fees.


Researched questions regarding the contents of any of X12's version
005010 TR3s for health care, as well as the current HIPAA-adopted 004010
and 004010A1 Implementation Guides, may be submitted to X12's Insurance
Subcommittee Interpretations Portal at www.x12n.org/portal .  Responses
to prior questions -- approximately 575 to date -- are easily located
via the Portal's search feature, and links to other useful sites are
also provided.  The Portal is open to all, and there is no charge for
using it.


Happy implementing to all.  Contact me should you have any questions or
desire any additional information.  And keep in mind that work on the
next iteration, presently version 005050, of the nine HIPAA-adopted X12
TR3s is already in progress.

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

-----Original Message-----
From: compsecpubs@... [mailto:compsecpubs@...] On Behalf Of
Patrick O'Reilly
Sent: Friday, February 27, 2009 5:33 PM
To: Multiple recipients of list
Subject: NIST Releases 2 Draft Documents and Mark-up Copy of SP 800-53 Rev.
3


NIST Computer Security Division released 2 draft publications
(Special Publication & NIST Interagency Report) today and 1 Mark-up
Copy of Draft SP --

1. Mark-up copy of Draft Special Publication (SP) 800-53 Revision 3
2. Draft Special Publication 800-81 Revision 1
3. Draft NIST Interagency Report (IR) 7517

1. Draft SP 800-53 Rev. 3: Recommended Security Controls for Federal
Information Systems and Organizations
The following document provides a line-by-line (mark-up copy)
comparison between SP 800-53, Revision 2 and Draft SP 800-53,
Revision 3. It should also be noted that the section of the
publication addressing scoping considerations for scalability, was
inadvertently omitted from the public draft and will be reinstated in
the final publication.

URL: http://csrc.nist.gov/publications/PubsDrafts.html#800-53_Rev3

******

2. Draft SP 800-81 Rev. 1: Secure Domain Name System (DNS) Deployment Guide
NIST has drafted a new version of the document "Secure Domain Name
System (DNS) Deployment Guide (SP 800-81)". This document, after a
review and comment cycle will be published as NIST SP 800-81r1. There
will be two rounds of public comments and this is our posting for the
first one. Federal agencies and private organizations as well as
individuals are invited to review the draft Guidelines and submit
comments to NIST by sending them to SecureDNS@... before March
31, 2009. Comments will be reviewed and posted on the CSRC website.
All comments will be analyzed, consolidated, and used in revising the
draft Guidelines before final publication.

Reviewers of the draft revised Guidelines should note the following
differences and additions:
    (1) Updated Recommendations for all cryptographic operations
relating to digital signing of DNS records, verification of the
signatures, Zone Transfer, Dynamic Updates, key Management and
Authenticated Denial of Existence.
    (2) The additional IETF RFC documents that have formed the basis
for the updated recommendations include: DNNSEC Operational Practices
(RFC 4641), Automated Updates for DNS Security (DNSSEC) Trust Anchors
(RFC 5011), DNS Security (DNSSEC) Hashed Authenticated Denial of
Existence (RFC 5155) and HMAC SHA TSIG Algorithm Identifiers (RFC 4635).
    (3) The FIPS standards and NIST guidelines incorporated into the
updated recommendations include: The Keyed-Hash Message
Authentication Code (HMAC) (FIPS 198-1), Digital Signature Standard
(FIPS 186-3) and Recommendations for Key Management (SP 800-57P1 & SP
800-57P3).
    (4) Illustration of Secure configuration examples using DNS
Software offering NSD, in addition to BIND.

URL: http://csrc.nist.gov/publications/PubsDrafts.html#800-81-rev1

******

3: DRAFT The Common Misuse Scoring System (CMSS): Metrics for
Software Feature Misuse Vulnerabilities
Draft NIST Interagency Report (IR) 7517, The Common Misuse Scoring
System (CMSS), is now available for public comment. This report
proposes a specification for CMSS, a set of standardized measures for
the severity of software feature misuse vulnerabilities. NISTIR 7517
also provides examples of how CMSS measures and scores would be
determined. Once CMSS is finalized, CMSS data can assist
organizations in making security decisions based on standardized,
quantitative vulnerability data.

NIST requests comments on Draft NISTIR 7517 by April 3, 2009. Please
submit comments to IR7517comments@... with "Comments IR 7517" in
the subject line.

URL: http://csrc.nist.gov/publications/PubsDrafts.html#nistir-7517

-----Original Message-----
From: compsecpubs@... [mailto:compsecpubs@...] On Behalf Of
Patrick O'Reilly
Sent: Tuesday, February 17, 2009 1:15 PM
To: Multiple recipients of list
Subject: NIST Releases 2 Draft Special Publications


You may already have seen these 2 new drafts from Feb. 5-6 on CSRC website.
If not, please review the announcement below --

Document #1:  Draft Special Publication 800-85A-1 "PIV Card
Application and Middleware Interface Test Guidelines (SP800-73-2
compliance)"

NIST has a revised version of NIST Special Publication SP 800-85A
"PIV Card Application and Middleware Interface Test Guidelines
(SP800-73 compliance)". The revised document is titled Draft SP
800-85A-1 "PIV Card Application and Middleware Interface Test
Guidelines (SP800-73-2 compliance)" and is posted on the Computer
Security Resource Center Web site (www.csrc.nist.gov). The revisions
include the additional tests necessary to test some of the optional
features added to the PIV Data Model and Card Interface as well as
the PIV Middleware through specifications SP 800-73-2 Parts 1, 2 and
3. A short summary of the changes is available here. This document,
after a review and comment period, will be published as NIST SP
800-85A-1. Federal agencies and private organizations including test
laboratories as well as individuals are invited to review the draft
Guidelines and submit comments to NIST by sending them to
PIVtesting@... with "Comments on Public Draft SP 800-85A-1" in
the subject line. Comments should be submitted using the comment
template (Excel spreadsheet). The comment period closes at 5:00 EST
(US and Canada) on February 28, 2009. All comments will be analyzed,
consolidated, and used in revising the draft Guidelines before final
publication..

URL to this Draft document:
http://csrc.nist.gov/publications/PubsDrafts.html

--------------

Document #2: Draft Special Publication 800-53 Rev. 3 Recommended
Security Controls for Federal Information Systems and Organizations

NIST announces the release of the Initial Public Draft (IPD) of
Special Publication 800-53, Revision 3, Recommended Security Controls
for Federal Information Systems and Organizations. This is the first
major update of Special Publication 800-53 since its initial
publication in December 2005. We have received excellent feedback
from our customers during the past three years and have taken this
opportunity to provide significant improvements to the security
control catalog. In addition, the changing threat environment and
growing sophistication of cyber attacks necessitated specific changes
to the allocation of security controls and control enhancements in
the low-impact, moderate-impact, and high-impact baselines. We also
continue to work closely with the Department of Defense and the
Office of the Director of National Intelligence under the auspices of
the Committee on National Security Systems on the harmonization of
security control specifications across the federal government. And
lastly, we have added new security controls to address
organization-wide security programs and introduced the concept of a
security program plan to capture security program management
requirements for organizations. The privacy-related material,
originally scheduled to be included in Special Publication 800-53,
Revision 3, will undergo a separate public review process in the near
future and be incorporated into this publication, when completed.
Comments will be accepted until March 27, 2009. Comments should be
forwarded via email to sec-cert@....

URL to Draft SP 800-53 Rev. 3
http://csrc.nist.gov/publications/PubsDrafts.html

This email is being sent to you from the OCR-Privacy-list listserv, operated by the Office for Civil Rights (OCR) in the US Department of Health and Human Services.

This is an announce-only list, a resource to distribute information about the HIPAA Privacy Rule. For additional information on a wide range of topics about the the Privacy Rule, please visit the OCR Privacy website at www.hhs.gov/ocr/hipaa/. You can also call the OCR Privacy toll-free phone line at (866) 627-7748. Information about OCR's civil rights authorities and responsibilities can be found on the OCR home page at www.hhs.gov/ocr

If you believe that a person or organization covered by the Privacy Rule (a "covered entity") violated your health information privacy rights or otherwise violated the Privacy Rule, you may file a complaint with OCR. For additional information about how to file a complaint, see the Fact Sheet "How to File a Health Information Privacy Complaint," available at http://www.hhs.gov/ocr/privacyhowtofile.htm .

To subscribe to or unsubscribe from the list serv, please go to: http://list.nih.gov/cgi-bin/wa?SUBED1=ocr-privacy-list&A;=1

Hello,

iTech Workshop (iTech), a Data Integration for Healthcare company announces the availability of expEDIum Claim Browser (eCB) tool that supports electronic EDI 837P claim file browsing as a free download. This utility is aimed at the healthcare market participants that use HIPAA EDI. This tool is available at http://www.itechws.com/downloads.shtml

Loken Singh

Inside Sales - Support Executive

www.itechws.com

As part of the sixty day Congressional Review Period for major final
rules, the Government Accountability Office (GAO) recently published its
reviews of the procedural steps taken by the Department of Health and
Human Services (HHS) in preparing the final rules for updated HIPAA
transactions and code sets.  These reviews are for the final rules
published in the Federal Register on 1/16/2009.  Copies of the GAO's
reviews may be obtained at following links:
      Transactions:  X12 and NCPDP
             http://www.gao.gov/decisions/majrule/d09331r.pdf
      Code Sets:  ICD-10-CM and ICD-10-PCS
             http://www.gao.gov/decisions/majrule/d09335r.pdf

For both final rules, the GAO has determined "that HHS complied with the
applicable [procedural steps] requirements."

The GAO procedural reviews are the last required step necessary for the
updated HIPAA transactions and code sets regulations to become
effective.  If no further -- negating -- actions are taken by Congress
or the Executive Branch, these regulations will take effect on
3/17/2009 -- as published in the Federal Register.

In other words, these new regulations will now automatically go into
effect unless somebody explicitly does something to stop them in the
next six weeks.

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

Here's a link to the actual memorandum discussed in the article I
referenced on Wednesday.

http://ombwatch.org/regs/midnightregfreezememo.pdf

Feinberg Note:  As I quickly read the memorandum, it appears there is a
small possibility the HIPAA TCS regulations effective date could be
impacted.

----- Original Message -----
From: "David A. Feinberg, C.D.P." <dafeinberg@...>
Sent: Wednesday, January 21, 2009 8:52 AM
Subject: White House Stops Pending Bush Regulations for Review

http://news.yahoo.com/s/nm/20090121/pl_nm/us_obama_regulations

Feinberg Note:  As I understand the processes, the new HIPAA TCS
regulations published last week are not "pending".

http://news.yahoo.com/s/nm/20090121/pl_nm/us_obama_regulations

Feinberg Note:  As I understand the processes, the new HIPAA TCS
regulations published last week are not "pending".

Based on today's report from the Office of the Federal Register (OFR),
Official Final Rules -- including formal Federal Regulations -- adopting
updated HIPAA transactions and code sets are scheduled for publication
tomorrow, 1/16/2009, in the Federal Register.

Based on today's OFR report, the Transactions Final Rule has a small
repeating glitch in it.  Assuming I read the 'glitched' materials
correctly, version 005010 TR3s will become mandated on the effective
date of the Final Rule ... approximately 3/16/2009, and the current
version 004010+A1 IGs will become un-mandated on 12/31/2011.  The
OFR reported Final Rule for ICD-10-CM and ICD-10-PCS shows a compliance
date of 10/01/2013.  We'll know for certain regarding these dates when
the Final Rules are formally published in the Federal Register.  I'll
send another message once links are available.

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

From the Final Rule adopting ICD-10-CM and ICD-10-PCS published in the
Federal Register on 1/16/2009: page 3355, column 3.
     "We have stated publicly, and reiterate once again, that we will not
     consider implementing a new HIPAA standard for claims attachment
     transactions until after the compliance date for ICD-10."
This is somewhat at odds with the statements elsewhere in the same rule
and the Final Rule for updated transactions, also published on
1/16/2009, that state,
     "We appreciate and will consider the commenters' concerns for not
     wanting to have to implement the electronic health care claims
     attachment standards at the same time as Versions 5010, D.0 and 3.0,
     and ICD-10."

The intriguing part of the above occurs with a historical reference to
the original HIPAA statute.  Section 1174(a) called for adopting of
claims attachments standards not later than 30 months after enactment of
the law.  August, 1996, plus 30 months, equals February, 1999 -- ten
years ago as I write this ... almost to the month.

                     Dave Feinberg
                     Rensis Corporation
                     206-617-1717
                     DAFeinberg@...

Official Final Rules -- including formal Federal Regulations -- adopting
updated HIPAA transactions and code sets were published today,
1/16/2009, in the Federal Register.  They may be obtained at the
following links:
      Transactions:  X12 and NCPDP
             http://edocket.access.gpo.gov/2009/pdf/E9-740.pdf
      Code Sets:  ICD-10-CM and ICD-10-PCS
             http://edocket.access.gpo.gov/2009/pdf/E9-743.pdf

The initial compliance date for the updated X12 transactions (005010) is
3/17/2009 [potentially a mistake], and the sunset date for current X12
transactions (004010 and 004010A1) is 12/31/2011.
The compliance date for use of ICD-10-CM and ICD-10-PCS and sunset date
for ceasing use of ICD-9-CM volumes 1,2 and 3 is 10/01/2013.

An interesting newly added provision of the transactions rule is 45 CFR
162.925(a)(6):
     "During the period from March 17, 2009, through December 31, 2011, a
     health plan may not delay or reject a standard transaction, or
     attempt to adversely affect the other entity or the transaction, on
     the basis that it does not comply with another adopted standard for
     the same period."


Copies of X12's Type 3 Technical Reports (TR3s) incorporated by
reference into the transactions Final Rule may be obtained via the
following link:
         http://store.X12.org .

As CMS is no longer subsidizing X12 for these documents, it will cost
you directly to have them downloaded or shipped.  Note, though, that
there is a single price for a package of all nine of the adopted version
005010 TR3s, and significant discounts are available to X12 members.

The first page of an online X12 membership application, including a dues
schedule, is located at
https://www.disa.org/apps/memberservices/x12/X12MembershipSection1.cfm


A summary of the changes between the current X12 version 004010 and
004010A1 Implementation Guides and the newly adopted version 005010 TR3s
is available at
http://www.x12.org/x12org/subcommittees/X12N/N0221_WEDI-X12-V5010_file.pdf.
Webinars about the adopted X12 version 005010 TR3s can be arranged via
         http://www.x12.org/webinars/5010.cfm.
Topics covered in these webinars include:
   + the business justification for solutions included in version 005010
   + examples of how the implementation of version 005010 transactions
      addresses industry-requested requirements
   + specific answers to some of the questions from public comments to
      the Notice of Proposed Rule Making (NPRM)
   + details of changes across all affected transactions, including the
      explanatory, technical and structural modifications
   + details of how version 005010 is improved compared to version
      004010 and 004010A1
   + insight from original subject matter experts.
These webinars will be given live during February, and will be available
for on-demand playback thereafter.  Again note that X12 members receive
a discount on webinar fees.


The final step in this HIPAA transactions and code sets adoption process
is clearing the Congressional Review period on or about 3/16/2009.
After that, if Congress takes no action -- the expected outcome -- the
regulations go into effect.

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

-----Original Message-----
From: compsecpubs@... [mailto:compsecpubs@...] On Behalf Of
Patrick O'Reilly
Sent: Tuesday, January 13, 2009 3:05 PM
To: Multiple recipients of list
Subject: NIST Released 2 Draft Publications


NIST Announces the release of 2 Draft documents: (1) DRAFT Special
Publication 800-122, Guide to Protecting the Confidentiality of
Personally Identifiable Information (PII) and (2) DRAFT NIST IR 7497
Draft Security Architecture Design Process for Health Information
Exchanges (HIEs)

(1)  NIST announces that draft Special Publication (SP) 800-122,
Guide to Protecting the Confidentiality of Personally Identifiable
Information (PII), is now available for public comment. SP 800-122 is
intended to assist Federal organizations in identifying PII and
determining what level of protection each instance of PII requires,
based on the potential impact of a breach of the PII's
confidentiality. The publication also suggests safeguards that may
offer appropriate protection for PII and makes recommendations
regarding PII data breach handling.

NIST requests comments on draft SP 800-122 by March 13, 2009. Please
submit comments to 800-122comments@... with "Comments SP
800-122" in the subject line.

URL to Draft SP 800-122 on Drafts page:
http://csrc.nist.gov/publications/PubsDrafts.html#800-122

(2)  NIST Interagency Report (IR) 7497, Draft Security Architecture
Design Process for Health Information Exchanges (HIEs), is intended
to provide a systematic approach to designing a technical security
architecture for the exchange of health information that leverages
common government and commercial practices and that applies them
specifically to the HIE domain. This publication assists
organizations in ensuring that data protection is adequately
addressed throughout the system development life cycle, and that
these data protection mechanisms are applied when the organization
develops technologies that enable the exchange of health information.

Please submit your comments to draft-nistir7497-comments@....
The comment period for draft NIST IR 7497 closes on Friday March 13, 2009.

URL to Draft NIST IR 7497:
http://csrc.nist.gov/publications/PubsDrafts.html#nistir-7497

This email is being sent to you from the OCR-Privacy-list listserv, operated by the Office for Civil Rights (OCR) in the US Department of Health and Human Services.

This is an announce-only list, a resource to distribute information about the HIPAA Privacy Rule. For additional information on a wide range of topics about the the Privacy Rule, please visit the OCR Privacy website at www.hhs.gov/ocr/hipaa/. You can also call the OCR Privacy toll-free phone line at (866) 627-7748. Information about OCR's civil rights authorities and responsibilities can be found on the OCR home page at www.hhs.gov/ocr

If you believe that a person or organization covered by the Privacy Rule (a "covered entity") violated your health information privacy rights or otherwise violated the Privacy Rule, you may file a complaint with OCR. For additional information about how to file a complaint, see the Fact Sheet "How to File a Health Information Privacy Complaint," available at http://www.hhs.gov/ocr/privacyhowtofile.htm .

To subscribe to or unsubscribe from the list serv, please go to: http://list.nih.gov/cgi-bin/wa?SUBED1=ocr-privacy-list&A;=1

From http://www.reginfo.gov/public/do/eoReviewSearch published on
1/10/2009.


AGENCY: HHS-CMS                    RIN: 0938-AM50
TITLE: Updates to Electronic Transactions (Version 5010) (CMS-0009-F)
STAGE: Final Rule
ECONOMICALLY SIGNIFICANT: Yes
RECEIVED DATE: 12/12/2008
LEGAL DEADLINE: None
COMPLETED: 01/09/2009
COMPLETED ACTION: Consistent with Change
http://www.reginfo.gov/public/do/eAgendaViewRule?ruleID=290717


AGENCY: HHS-CMS                   RIN: 0938-AN25
TITLE: Revisions to HIPAA Code Sets (CMS-0013-F)
STAGE: Final Rule
ECONOMICALLY SIGNIFICANT: Yes
RECEIVED DATE: 12/12/2008
LEGAL DEADLINE: None
COMPLETED: 01/09/2009
COMPLETED ACTION: Consistent with Change
http://www.reginfo.gov/public/do/eAgendaViewRule?ruleID=290720


Expect Final Rules publication in the Federal Register within a week or
so; although, the Government Printing Office will place the Final Rules
on public display prior.  Effective and compliance dates will be known
once the Final Rules are viewable.

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

Accredited Standards Committee X12 has posted new prices for their Type
3 Technical Reports (TR3s) ... including those proposed for adoption
under HIPAA.  The new prices include discounts for X12 members.

The new prices can be found starting at http://store.x12.org/

The X12 membership application starts at
https://www.disa.org/apps/memberservices/x12/X12MembershipSection1.cfm

Note that the Final Rule for adopting nine version 005010 TR3s as
replacement HIPAA implementation specifications is presently, 1/09/2009,
in review at the Office of Management and Budget.

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

Today, Friday 11/21/2008, is sixty days prior to 1/20/2009:  the start
of the new Obama "Administration".  Prior to most Federal Final Rules
taking effect, Congress gives itself a sixty day Review Period to
determine whether or not they wish to disapprove any Final Rule.  {5 USC
Chapter 8} This sixty day period typically commences with the
publication of a Final Rule in the Federal Register; although, there are
some 'wrinkles' that extend the Review Period end date at the
adjournment of Congressional sessions -- such as will be occurring
shortly.

As of today, the publication of an Updated HIPAA Transactions Final Rule
hasn't happened.  Thus, barring something weird, any new Updated HIPAA
Transactions Final Rule would become effective -- i.e., modified and new
transactions adopted -- during the Obama Administration; no earlier than
mid-March 2009, even if a Final Rule is published this year.  Ditto for
any Final Rule for the ICD-10-CM and ICD-10-PCS code sets.

Note that March, 2009, effective dates do support compliance dates
contained in the Notices of Proposed Rule Making published on 8/22/2008.

Happy Thanksgiving, all.

                     Dave Feinberg
                     Rensis Corporation  [A Consulting Company]
                     206-617-1717
                     DAFeinberg@...
                     Author of  "Understanding HIPAA Communications"

P.S.    A little bit of background on the 'why' of this message can be
found at http://www.ombwatch.org/regs/PDFs/BoltenMemo050908.pdf .

                     DAF

• Submit a change request to X12 via the Designated Standards Maintenance Organizations (DSMO) change request web site at http://www.hipaa-dsmo.org/Main.asp
  
  
• Attend future X12 Trimester Meetings listed at www.x12.org/x12org/meetings/x12trimt/index.cfm