

Administrative Simplification HIPAA Compliance Review (CMS-10662)


OMB: 0938-1390

Document [pdf]
Download: pdf | pdf
Department of Health & Human Services
Centers for Medicare & Medicaid Services
7500 Security Boulevard, Mail Stop S2-26-17
Baltimore, Maryland 21244-1850
Notice of Draft Findings
Date of Report: FULLDATE
Re: Assessment Number XXXXX
On (month, day, year), the Department of Health and Human Services (HHS), Division of
National Standards (DNS) within the Centers for Medicare & Medicaid Services’ (CMS)
finalized the  administrative simplification assessment.
The assessment process included a review of transactions, code sets, unique identifiers, and
operating rules. It was comprised of employing a validation software tool to determine whether
HIPAA transactions were compliant with the applicable 5010 ASC X12 standards and
implementation guides. In addition, it included a manual review of companion guides and
operating rule attestations.
The validation tool report(s) contain(s) detailed information pertaining to the violations found
during the assessment. If a unique violation occurred multiple times within the report(s), they
were considered one violation for assessment purposes. In addition, “Warning” or
“Informational” violations were not considered. See the validation error report(s) located in the
assessment secure site for .
This draft report is to inform you that the assessment findings for 
demonstrates noncompliance in the following areas: transactions, code sets, unique identifiers,
and operating rules. The enclosed violations summary report includes a list of violations cited for
assessment purposes. Each violation includes the unique error number from the validation error
report, if applicable, and a reference to the pertinent Technical Report (TR3) and/or Operating
Rule. In addition, the validation error report contains the description of the violation, if
applicable, and the corresponding business message.

 has the option of providing a response to each violation cited in the
enclosed violations summary report. In addition, if  disagrees with any
violation cited, you must provide the basis for disagreement and all applicable references. All
violation responses must be received by this office no later than (month, day, year (10 business
As a courtesy, we have provided a “Covered Entity Response” section in the enclosed violations
summary report. If you choose to respond using the “Covered Entity Response” section, please
append “Response” to the file name and upload for DNS review by the response due date above.
DNS will include the  response(s) as well as a DNS reply in the final
assessment report. You can expect the final assessment report no later than (month, day, year).
DNS considers your compliance to be an essential part in preventing administrative
simplification burdens to industry trading partners and covered entities. Therefore, DNS expects
your full cooperation and that  will correct all violations cited within
this violations summary report.
If you have any questions about this report, contact the HIPAA compliance team via email at
[email protected]. Please include the assessment reference number located at the top
of this report.
Madhu Annadata, Director
Division of National Standards
Office of Information Technology
Enclosure – Violations Summary Report

Violations Summary Report (Example)
File Name(s): Health_Plan_835_14.txt
Violation #1
Validation Error ID: 0x3938eda
Assessment Category: Transaction
Violation Description: 835 transaction does not balance at the transaction level.
Reference: 005010X221A1, Section Transaction Balancing
Covered Entity Response

DNS Reply to Covered Entity (DNS Only)

Violation #2
Validation Error ID: 0x39393b5
Assessment Category: Unique ID
Violation Description: 835 transaction contains an invalid NPI number.
Reference: 005010X221A1, 1000B, N1 Payee Identification, N103 Identification Code Qualifier XX,
External Code Source 537, N104 Payee Identification Code
Covered Entity Response

DNS Reply to Covered Entity (DNS Only)

Violation #3
Validation Error ID: 0x3938bbe
Assessment Category: Code Set
Violation Description: 835 transaction contains a claim(s) with a second iteration of a CAS

segment, with the same group code, before exhausting the first trio of the first CAS segment.

Reference: 005010X221A1, Section Claim Adjustment and Service Adjustment Segment Theory
Covered Entity Response

DNS Reply to Covered Entity (DNS Only)

Operating Rules
Violation #4
Reference: Operating Rule 360, Requirement 4.1.2
Assessment Category: Operating Rule
Violation Description: Attestation indicates health plan has not mapped their CARC/RARC/CAGC
crosswalk to their internal codes since 2014, and is out of alignment with the current code
Covered Entity Response

DNS Reply to Covered Entity (DNS Only)

