Skip to content

CMS Issues HIPAA Administrative Simplification Compliance Review Findings and Fact Sheet on EFT/ERA Payment Reassociation


· 5 minute read


· 5 minute read

CMS: 2021 Compliance Review Program Findings (May 2022); EFT and ERA: Payment Remittance Reassociation Basics (June 2022)


Fact Sheet

The CMS National Standards Group (NSG) has issued a report summarizing updated findings from its administrative simplification compliance review program. The program, which aims to promote compliance with HIPAA administrative simplification rules for electronic health care transactions, was launched in April 2019 (see our Checkpoint article). This report notes that, since the program’s inception, NSG has initiated 39 compliance reviews with 35 health plans and four clearinghouses. As of April 2022, 19 of the 39 participants had successfully completed their reviews. In July 2021, NSG released its first compliance review findings report summarizing common violations identified in the 15 compliance reviews completed between April 2019 and March 2021. The updated report reflects findings from an additional 19 compliance reviews completed between April 2021 and March 2022.

According to NSG, the specific violations identified in the updated report vary slightly from those identified in the July 2021 report, but the transaction types experiencing the most violations remained constant: health care claim payment/advice, health plan eligibility response, and health care claim status response. For each transaction, the report explains key deficiencies and why they matter, with references to implementation guides. In addition, NSG identifies common violations of operating rules and notes the prevalence of violations related to electronic funds transfers (EFT) and electronic remittance advice (ERA) reassociation.

Shortly after the report was released, CMS issued a fact sheet addressing the EFT and ERA reassociation operating rules. CMS explained that, when health plans initiate payment of a health care claim, they generally send the EFT and the ERA transmissions in different electronic formats. Because health care providers often receive an EFT and its corresponding ERA at different times, providers must “reassociate” the ERA with the payment that it describes to reconcile the amount paid, post the payment to its accounts receivable system, and update patient accounts. The fact sheet emphasizes key requirements of the relevant operating rules to facilitate reassociation and provides a flow chart illustrating the EFT and ERA transaction.

EBIA Comment: CMS indicates that it is sharing these updated insights to inform and educate the health industry, encourage widespread compliance, and assist covered entities with preparing for compliance reviews. With regard to preparation, covered entities—particularly health plans—may wish to review CMS’s resources, including its What to Expect: Q&As and its list of Prep Steps. For more information, see EBIA’s HIPAA Portability, Privacy & Security manual at Section XXXII (“Electronic Transactions and Code Sets”).

Contributing Editors: EBIA Staff.

More answers