Building Healthier Communities Together
Members Providers About CHNCT Community Connections

arrow HIPAA

Compliance Statement arrow

EDI Guides arrow

EDI Transactions arrow

HIPAA Links arrow

HIPAA Timeline arrow

HIPAA Glossary arrow

What Is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) was signed into federal law in 1996 (PL 104-191). The purpose of this law is to improve the portability and continuity of health insurance coverage using national standards for electronic data interchange for certain administrative and financial transactions. HIPAA also mandates strict standards for ensuring the privacy, confidentiality and security of health care information utilized in such transactions.

What are the Standards?

Privacy (Effective 4/2003):
The HIPAA Privacy Rule establishes national standards to protect individuals medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

Security (Effective 4/2005):
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for the security of electronic health care information.  The final rule adopting HIPAA standards for security was published in the Federal Register on February 20, 2003. This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications.

Transaction and Code Sets (Effective 10/16/2003 with extension):
In August 2000, HHS issued final electronic transaction and code sets standards to streamline the processing of health care claims, reduce the volume of paperwork and provide better service for providers, insurers and patients. HHS adopted modifications to some of those standards in final regulations published on Feb. 20, 2003. Overall, the regulations establish standard data elements, codes and formats for submitting electronic claims and other health care transactions.

The following transactions, when performed electronically, must adopt the HIPAA standards.

  • Submitting claims for payment and remittance
  • Enrolling and dis-enrolling an individual in a health plan
  • Paying health care premiums
  • Checking eligibility for health care benefits and coverage
  • Requesting authorization for services
  • Responding to requests for additional information to support a claim.
  • Coordinating the processing of a claims across different insurance companies
  • Notifying the provider about the payment of a claim.

The medical code sets that must be used for the transactions listed above are:

  • International Classification of Diseases (ICD-9-CM), for reporting diagnosis and inpatient hospital procedures.
  • Health Care Financing Administration Common Procedure Coding System (HCPCS) and the Current Procedure Terminology (CPT-IV), for provider and other medical services including outpatient hospital procedures.
  • National Drug Codes (NDC) for drugs and biologics
  • The American Dental Association's Codes on Dental Procedures and Nomenclature for dental services.

Unique Identifiers:
The Health Insurance Portability & Accountability Act of 1996 (HIPAA) requires that employers have standard national numbers that identify them on standard transactions. The Employer Identification Number (EIN), issued by the Internal Revenue Service (IRS), was selected as the identifier for employers and was adopted effective July 30, 2002.

The National Provider Identifier (NPI) is a Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification Standard. The NPI is a unique identification number for covered health care providers. Covered health care providers and all health plans and health care clearinghouses must use the NPIs in the administrative and financial transactions adopted under HIPAA. The NPI is a 10-position, intelligence-free numeric identifier (10-digit number). This means that the numbers do not carry other information about healthcare providers, such as the state in which they live or their medical specialty. The NPI must be used in lieu of legacy provider identifiers in the HIPAA standards transactions.

As outlined in the Federal Regulation, The Health Insurance Portability and Accountability Act of 1996 (HIPAA), covered providers must also share their NPI with other providers, health plans, clearinghouses, and any entity that may need it for billing purposes.

More Info can be obtained from www.hhs.gov and www.cms.hhs.gov
Copyright 2009 © Community Health Network of Connecticut, Inc. All rights reserved.