Go-to-Guidance | Guidance Letters
“Go-to-Guidance” is the short name for HIPAA Administrative Simplification Guidance Letters. These Guidance Letters include important guidance about NSG’s interpretation of the HIPAA Administrative Simplification laws and regulations, and current thinking on how to apply these. Guidance Letters do not include any new mandates, requirements or prohibitions, and are not legally binding upon covered entities. Although Guidance Letters themselves are not legally binding, they may refer to statute and regulation which is legally binding. Guidance Letters do not supersede policy found in statute or regulation. Though not legally binding, Guidance Letters may be taken into consideration by Administrative Law Judges and other adjudicators.
Guidance Letter
- Statement of Enforcement Discretion for Referral Certification and Authorization Transaction Standard (PDF) - announces an enforcement discretion for HIPAA covered entities that implement FHIR-based Prior Authorization APIs as described in the CMS Interoperability and Prior Authorization final rule (CMS-0057-F).
- Guidance on National Provider Identifier (NPI) Enumeration (PDF) - clarifies the prohibition at 45 CFR § 162.412(b) that a health plan may not require a health care provider that has been assigned an NPI to obtain an additional NPI.
- Guidance on Health Plans’ Payment of Health Care Claims Using Virtual Credit Cards (VCCs) (PDF)- clarifies the use of Virtual Credit Cards (VCCs) and adopted HIPAA standards for Health Care Electronic Funds Transfers (EFT) and Remittance Advice (ERA) transactions; 45 Code of Federal Regulations; 45 CFR §§ 162.1601 and 162.1602(d).
- Guidance on HIPAA Covered Entities’ Responsibility for Business Associates’ Compliance (PDF) - clarifies Covered Entities’ obligation to require that Business Associates comply with Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations; 45 CFR § 162.923(c).
- Guidance on Direct Data Entry (DDE) and use of Automated Tools for Entering Data (PDF) - clarifies the definition of direct data entry at 45 CFR § 162.103 and the direct data entry exception at 45 CFR § 162.923(b).
- Guidance on Requests for Exceptions from Standards to Permit Testing of Proposed Modifications (PDF) - clarifies the process for requesting and conducting an exception to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) transaction and code set standards.
Feedback
NSG has created a special mailbox to receive questions, comments and feedback on Guidance Letters, Bulletins, and FAQs, and any other related matters. The address for that mailbox is AdministrativeSimplification@cms.hhs.gov.
Keep Up to Date!
Sign up for Administrative Simplification Email Updates and follow us on Twitter