Search our
entire site
Enter your search
terms below, or visit
our search page

Search case
studies only
Enter your search
terms below:

For the table
of contents and
hyperlinks to
general topics
proceed to toc

HIPAA Overview

A. Goal: Standardize Transaction Sets

* Unify electronic data interchange (EDI) implementation guides within the healthcare industry.
* Provides an industry mandate for a single use of standards within the ASC X12 environment, the standards being ANSI standards.
* Protect security and privacy of transmitted information

Specifically, the new law mandates standard implementations for the following transactions:

* health claims or equivalent encounter information
* enrollment and disenrollment in a health plan
* eligibility for a health plan
* healthcare payment and remittance advice
* health plan premium payments
* health claim status
* referral certification and authorization
* health claim attachments, coordination of benefits
* first report of injury


ANSI ASC X12 Standards
* Health claims or equivalent encounter information
- Healthcare claim (837)
- Interactive healthcare Claim Encounter (IHCLME)*

* Health claim attachments
- Patient Information (275)

* Enrollment and disenrollment in a health plan.
- Benefit Enrollment and Maintenance (834)

* Eligibility for a health plan.
- Healthcare Eligibility / Benefit Inquiry (270)
- Healthcare Eligibility / Benefit Information (271)
- Interactive Healthcare Eligibility / Benefit Inquiry (IHCEBI)*
- Interactive Healthcare Eligibility / Benefit Response (IHCEBR)*
* Standard under development

* Healthcare payment and remittance advice
- Healthcare Claim Payment / Advice (835)

* Health plan premium payments
- Consolidate Service Invoice Statement (811)
- Payment Order / Remittance Advice (820)

* First report of injury
- Report of Injury, Illness or Incident (148)

* Health claim status
- Healthcare Claim Status Request (276)
- Healthcare Claim Status Notification (277)

* Referral certification and authorization
- Healthcare Service Review Information (278)

Unique Health Identifiers

* Individuals (Unknown yet)
* Employers (EIN / TIN)
* Health Plans (Payer ID - HCFA)
* Healthcare Providers (National Provider ID - HCFA)

NOTE: Each identifier must be able to handle multiple locations and specialty classifications.

    Code Sets

* Diagnoses: ICD-9-CM - The International Classification of Diseases, Clinical Modification
* Procedures: ICD-9-CM
- Volume 3 for inpatient care.
- CPT 4 for outpatient/physician care.
- HCFA's Health Care Common Procedure for equipment, supplies, injectible drugs, and other services.
- CDT-2 - The American Dental Association's Current Dental Terminology for dental care.
- NDC - The FDA's National Drug Code is the proposed code for pharmacy claims.

B. Timeline

* August 21, 1996 - Law signed
* August 1997 (12 months) - Secretary of Health and Human Services (HHS) submits privacy recommendations to Congress
* February 1998 (18 months) - HHS develops or makes use of existing implementation standards, except claims attachments
* After publication of final rules, the industry will have 24 months following the establishment of those standards to comply with that implementation, expected this year

C. Impact

* The providers, many of whom have been holding back their involvement in EDI, as well as holding back upgrading their own systems, must now go forward and adopt the use of EDI standards. All systems must be HIPAA complaint.
* Use of the same standards for all parties.
* Organizations within the industry must comply with these transaction sets or face heavy fines, i.e., $250,000 penalty per transaction set.

D. Privacy/Security Concerns

* HHS to develop security standards that will ensure confidentiality of medical data that may travel over the Internet.
* The Healthcare Finance Administration (HCFA) prohibits any Internet activities where an insurance plan provides individual information.
* HCFA intends to revisit Internet use when proper security measures and software becomes available.
* Standards that take into account:
- Technical capabilities
- Cost of security
- Training
- Value of audit trails
- Needs and capabilities of small providers
* Ensure all participants have policies and procedures in place.
* Not limited to the named standard transactions.
* Maintain reasonable and appropriate administrative, technical, and physical safeguards.
- Ensure integrity and confidentiality of information.
- Protect against threats or hazards.
- Unauthorized uses or disclosures.

E. Penalties for Non-compliance

* $100 for each violation, up to a maximum of $25,000 per year
* $250,000 and 10 years in prison for misusing medical data, wrongful and malicious disclosure of "individually identifiable" health information, or having obtained data inappropriately.

F. Benefits

* Uniform implementation procedures will help keep national standards true.
* Utilizing standards will lower the cost of healthcare and administrative costs.
* Uniform transmission of data that will be adjudicated in a more standardized way.
* Since insurance companies, and other healthcare payers can share some of this data will mean decreased paperwork between these groups and fewer cases of multiple payments for the same services made.
* Fraud and abuse will be easier to recognize.
* The error rate, which is currently high, will decrease enormously.

G. Steps to Take to Ensure HIPAA Compliance
    (Source: Health Data Management/September 1998)

* Study the law and the administrative regulations that will implement the law, paying particular attention to the applicability provisions.

* Conduct an inventory of information systems to determine which areas need modifications to carry out the standards mandates.

* Obtain a copy of the standard transaction set implementation guides and determine if the organization has the in-house resources to implement the standards or if it should contract with vendors or industry consultants.

* Develop a procedure to determine which vendors and consultants are best able to handle HIPAA-related projects. Many vendors and consultants remain unaware of the Federal mandates.

* Conduct compliance testing of HIPAA-mandated transactions.


HIPAA: Additional Resources
Administrative Simplification Web Site
http://aspe.os.dhhs.gov/admnsimp

Updates Relating to Administrative Simplification
listserv@list.nih.gov
NOTE: Send an email to the above address and leave the subject line blank. In the body of the message type: subscribe HIPAA-REGS (Your name)

X12N Home Page
http://www.disa.org/x12/x12n

X12N Insurance Industry Implementation Guides
http://www.wpc-edi.com

HHS Data Council Web Site
http://aspe.os.dhhs.gov/datacncl/

NCVHS Web Site
http://aspe.os.dhhs.gov/ncvhs/
* Transcripts of all hearings and written testimony.

Workgroup for Electronic Data Interchange (WEDI)
http://www.wedi.org
This site contains a list of resources, and, the "What's New" page, a series of issue papers that address HIPAA and the possible effects on the industry.

National Uniform Claims Committee (NUCC)
http://www.nucc.org
This site includes the data content identified by the NUCC to be used in a standardized messaging format to transmit data electronically for non-institutional claim and equivalent encounter information, as well as for coordination of benefits transactions to and from all health plans.

Electronic Healthcare Network Accreditation Commission (EHNAC)
http://www.ehnac.org
This site contains information about the accreditation of clearinghouses, and, forthcoming, the Standard Transaction Format Compliance System.

Department of Health and Human Resources (HHS)
http://aspe.os.dhhs.gov/admnsimp
This site focuses on the administrative simplification provisions of HIPAA and the text of the law Presentations that have been given regarding the law.

Date Interchange Standards Association (DISA)
http://www.disa.org/x12
This site lists all X12, subcommittee, task groups and work group meeting minutes. Pay particular attention to X12N, Insurance subcommittees. When workgroups test transactions proposed for HIPAA, the test conditions and results will be displayed at this site.

Healthcare Financing Administration (HCFA)
http://www.hcfa.gov/hcfainit.htm
Detailed information on National Provider Identifier and PAYERID.
TABLE OF CONTENTS