Form CMS-10662 ASETT_Assessment_Combined_Assessment_Package_Docs_v_1.2_

Administrative Simplification HIPAA Compliance Review (CMS-10662)

CMS-10662_ASETT_Assessment_Combined_Assessment_Package_Docs_v_1.2_Final_508

Compliance Review

OMB: 0938-1390

Document [pdf]
Download: pdf | pdf
Department of Health & Human Services
Centers for Medicare & Medicaid Services
7500 Security Boulevard, Mail Stop S2-26-17
Baltimore, Maryland 21244-1850
Notice of Assessment
Date of Notice: FULLDATE
CONTACTNAME
JOBTITLE
CENAME
ADDRESS1
ADDRESS2
CITY, ST ZIP
Re: Assessment Number XXXXX
Dear TITLE LASTNAME:
The purpose of this letter is to inform you that the Department of Health and Human Services
(HHS), Division of National Standards (DNS) within the Centers for Medicare & Medicaid
Services’ (CMS), has randomly selected  to be the subject of a Health
Insurance Portability and Accountability Act of 1996 (HIPAA) and Affordable Care Act (ACA)
Operating Rules provisions assessment. This assessment is set to begin on (month, day, year) and
is scheduled to take approximately 30 days.
DNS is responsible for promoting compliance of the HIPAA Administrative Simplification
requirements in 45 CFR Part 162, specifically as it relates to transactions, code sets, unique
identifiers, and operating rules. As part of this promotion, and in support of the health care industry,
assessments are conducted as a compliance review activity, and is part of the compliance review
process in 45 CFR Part 160.308. Additional information pertaining to compliance can be found at:
CMS Regulations and Guidance.
Further in this letter, there are additional components detailing specific information to be provided
by you (see Parts B, C, and D) and the steps you must take in order to facilitate the assessment
process. Information requested within this letter must be received by this office no later than
(month, day, year (within 10 business days)). We will review the information you provide, and
will notify you if it is satisfactory, or if we need additional information. Please be assured that we
will protect sensitive and/or confidential information received to the full extent required by federal
law.
Using the previously provided login information, please upload all requested artifacts in this letter
to your secure portal site.
Transactions should be in a text format (TXT), and all other documentation should be in Microsoft
Word, Excel or in a PDF format.

If at any time you are unable to serve as the designated contact person for the  assessment, please notify us immediately, in writing, and provide a replacement contact
name, address, telephone number, and email address.
When corresponding with this office, please include the assessment number located at the top of
this letter.
Sincerely,
Madhu Annadata, Director
Division of National Standards
Office of Information Technology
Enclosures – Parts A, B, C, D

Part A -Assessment Objectives, Scope, and Review Process
Assessment Objectives
The objective of the HIPAA Administrative Simplification Optimization program is to conduct
assessments and identify whether a covered entity is compliant with the HIPAA - adopted standards, and
administrative simplification. In addition, the objectives include the opportunity for a covered entity to
correct noted deficiencies, allowing the covered entity to address compliance issues before they result in
a complaint.
Assessment Scope
The scope of the assessment consists of the following actions:
•
•

Random selection of a covered entity
Notification to the covered entity

•
•
•
•
•
•
•
•

Artifact request from the covered entity
Artifacts provided by the covered entity
Assessment review conducted
Assessment outcome reported to covered entity
Covered entity reviews assessment outcome
Covered entity responds to assessment outcome
Assessment finalized
If necessary, covered entity referred for a corrective action

Assessment Review Process
The assessment review is conducted to determine if the selected covered entity is compliant with
electronic standards, including HIPAA transactions, unique identifiers, code sets, and operating rules,
hereinafter referred to as standards. The determination is made by reviewing the following:
•
•
•
•
•
•

HIPAA mandated electronic transactions
EDIFECS XEngine validation tool results, which is accessed through the Administrative
Simplification Enforcement and Testing Tool (ASETT)
Implementation guides (TR3s)
Applicable code sets
Applicable operating rules and attestations, and
Applicable companion guides

Part B - Entity Information
This section is intended to collect organization and contact information. It must be completed by
a qualified member of the organization. Complete all applicable sections.
Section 1. Organization and Point of Contact Information
Organization Information
Organization
Name:
Contact Name:

DBA1:
Title:

Telephone:

E-mail:

Business
Address:
State/Province:

City:
Country:

Zip:

URL:
Assessment Point of Contact Information
Organization
Name:
Assessment
Contact Name:
Telephone:
Business
Address:
State/Province:

Title:
E-mail:
City:
Country:

Zip:

URL:

Section 2. Type of Covered Entity (check all that apply)

☐ Large Health Plan2

☐ Large Provider3

☐ Large Institution

☐ Small Health Plan4

☐ Small Provider5

☐ Small Institution

☐ Clearinghouse

☐ Business Associate

☐ Other (please specify):

1 DBA (Doing Business As…)
2 annual receipts >$5 million
3 provider with more 25 or more full-time employees, or a physician, practitioner, facility, or supplier with 10 or
more full-time equivalent employees
4 annual receipts ≤ $5 million
5 provider with less than 25 full time employees, or a physician, practitioner, facility, or supplier with less than 10
full time equivalent employees

Section 3. Operating Rule Certification
Has your organization obtained a voluntary Operating Rule seal from CORE? If so, when was it obtained? (To
answer yes, certificate status must be current and not revoked.)

☐ YES ☐ NO
Date of Certificate:

Section 4. Business Relationships
Does your organization have a relationship with one or more third-party agents (clearinghouses, vendors, etc.) that
conduct transactions or operating rules (ORs) on your behalf? ☐ Yes ☐ No
Please provide company name(s) and points of contact for each third-party relationship:
Company Name

Contact Name

Transaction/OR

Section 5. Acknowledgments
By signing below, I attest that the information provided as part of this questionnaire is true and accurate to the best of
my knowledge.
Please manually sign or double click the “X” to e-sign.
Date: Click to enter a date.
X

Contact Person Name:

Title:

Part C - Artifact Request
Entity Type: Choose an item.
DUE DATE: Click or tap to enter a date.
Please provide the artifacts selected below by using one of the methods in the above cover letter:
Documentation
☐ Completed Assessment Package Form (this form, Parts B and D)
☐ Companion Guides for transactions marked below
☐ Completed Operating Rule Attestation for the following transaction(s): 270, 271, 276, 277,
835, EFT
☐ Other: _______________________________________________________________
Transactions
☐ 270 Health Care Eligibility Verification Request
o Starting with the __ day of month, provide first XX requests. This may consist of one file
or multiple files.
☐ 271 Health Care Eligibility Verification Response
o Starting with the __ day of month, provide first XX responses. This may consist of one
file or multiple files.
☐ 276 Health Care Claim Status
o Starting with the __ day of month, provide first XX requests. This may consist of one file
or multiple files.
☐ 277 Health Care Claim Status Response
o Starting with the __ day of month, provide first XX responses. This may consist of one
file or multiple files.
☐ 278 Health Care Services Review - Request
o Starting with the __ day of month, provide first XX requests. This may consist of one file
or multiple files.
☐ 278 Health Care Services Review - Response
o Starting with the __ day of month, provide first XX responses. This may consist of one
file or multiple files.
☐ 835 Health Care Claim Payment/Advice Transactions
o Starting with the __ day of month, provide first XX remitted claims. This may consist of
one file or multiple files.
☐ 837 Health Care Claim- Institutional
o Starting with the __ day of month, provide first XX claims. This may consist of one file
or multiple files.
☐ 837 Health Care Claim- Professional

o Starting with the __ day of month, provide first XX claims. This may consist of one file
or multiple files.
☐ 837 Health Care Claim- Dental
o Starting with the __ day of month, provide first XX claims. This may consist of one file
or multiple files.
☐ 820 Premium Payment
o Starting with the __ day of month, provide first XX premium payments. This may consist
of one file or multiple files.
☐ 834 Benefit Enrollment
o Starting with the __ day of month, provide first XX enrollments. This may consist of one
file or multiple files.
☐ NCPDP D.0 Pharmacy Claim
o Starting with the __ day of month, provide first XX remitted claims. This may consist of
one file or multiple files.

Part D - Trading Partner Identification
In the table below, provide the requested information to identify your organization’s most frequent
trading partners, not to exceed 25. The list should account for 50% of your transactions for the past
90 days. As part of our assessment initiative, we reserve the right to select entities at random to
contact and confirm the information provided.
Company Name

Contact Person/Role

Ex. ABC Health Plan

John Doe/Director

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

Phone
(999)999-9999

Email
[email protected]

Transaction
Volume (%)
10%

In accordance with the Paperwork Reduction Act (1995), no persons are required to respond to a collection of information, unless it
displays a valid Office of Management and Budget (OMB) control number. The valid OMB control number for this information
collection is 0938-XXXX (Expires XX/XX/XXXX). The time required to complete this information collection is estimated to average
[10 hours] per response (4 forms x 60 minutes/form), including the time to review instructions, search existing data resources,
gather the data needed, and complete and review the information collection. If you have comments concerning the accuracy of the
time estimate(s) or suggestions for improving this form, please write to:
Centers for Medicare & Medicaid Services
Attn: PRA Reports Clearance Officer, Mail Stop C4-26-05
7500 Security Boulevard
Baltimore, Maryland 21244-1850
Please do not send applications, claims, payments, medical records or any documents containing sensitive information to the PRA
Reports Clearance Office. Any correspondence not pertaining to the information collection burden approved under the associated
OMB control number listed on this form will not be reviewed, forwarded, or retained. If you have questions or concerns regarding
where to submit your documents, please contact: Cecily Austin at [email protected] or Kevin Stewart at
[email protected] .


File Typeapplication/pdf
File TitleAssessment Package
AuthorCMS
File Modified2019-11-04
File Created2019-10-28

© 2024 OMB.report | Privacy Policy