Search our
entire site
Enter your search
terms below, or visit
our search page

Search case
studies only
Enter your search
terms below:

For the table
of contents and
hyperlinks to
general topics
proceed to toc

1. Who must comply?

The HIPAA law was passed at the request of the health care industry, and the standards to be adopted by the Secretary (see FAQ 2) apply to the whole industry, not just Medicare and Medicaid.

All health plans, all payers, and all clearinghouses that process health data must comply. This is not optional (see FAQ 11). It applies for every transaction that these organizations conduct for which such a standard has been adopted. Health plans, payers, and clearinghouses must be able to send or receive the designated transactions in standard electronic form no later than 24 months after the standard is adopted by the Secretary (36 months for small plans). Health plans and payers that cannot perform these standard electronic transactions may comply by contracting with a clearinghouse to perform them. However, the responsibility for compliance remains with the primary entity.

All health care providers who elect to conduct these specific transactions electronically must conduct them according to the standards as well. Health care providers may also contract with a clearinghouse to conduct standard transactions for them.

When employers act in the roles of a health plan or a health care provider, they too must comply with the standards and may contract with a clearinghouse or third party administrator (TPA) to conduct the standard transactions for them.

Health plans may not refuse to accept standard transactions submitted electronically (on their own or through clearinghouses). Further, health plans may not delay payment because the transactions are submitted electronically in compliance with the standards.

There are a few exceptions:

Non-standard transactions. The standards for the designated transactions apply when those transactions are transmitted electronically, but not to transactions conducted by paper, telephone or personal interactive systems. Specific programs such as Medicare may elect to extend the standard requirements to paper-based transactions, but this is not required by HIPAA.

Transmissions within corporate entities. Clearly, electronic transmission of any of the specified transactions between corporate entities must comply with the standards adopted by the Secretary. However, transmissions of these transactions within a corporate entity are not required to comply with the standards. For example, a hospital that is wholly owned by a managed care company would not have to use the standards to pass encounter information back to the home office, but it would have to use the standard claim transaction to submit a claim to another payer.

Small health plans. HIPAA gives small health plans 36 months from the date of adoption of a standard to come into compliance. We are proposing to define a small plan as one with fewer than 50 participants.

Workers Compensation. The HIPAA definition of a health plan does not specifically include Workers Compensation programs or carriers. However, the list of designated transactions for which the Secretary must adopt standards for electronic transmission includes "First Report of Injury" which is the primary transaction used to initiate Workers Compensation actions. For this reason, the Secretary will be proposing a standard for First Report of Injury and will be considering different ways of achieving compliance with this standard.

Health Plan Sponsors. Health plan sponsors, including employers when they act in the role of  a sponsor, are not covered explicitly by the law but may benefit from the adoption of standards and electronic transactions. Sponsors may elect to use standard enrollment, disenrollment, and premium payment transactions, which must be accepted by all health plans when submitted electronically. Market forces may move health plans to require sponsors to use the standards for electronic transactions, although this is not mandated by the law.

TABLE OF CONTENTS