Frequently Asked Questions
What are the HIPAA "Administrative Simplification"
regulations?
- Administrative Simplification regulations:
Subtitle F of the Health Insurance Portability and
Accountability Act of 19961 is entitled "Administrative Simplification."2 It directs the U.S. Department of Health and Human
Services (DHHS) to publish several regulations relating
to electronic data interchange (EDI) and data protection
(discussed in more detail below). DHHS has also indicated
that it plans to publish a separate regulation relating
to enforcement of the HIPAA regulations.
- Electronic data interchange (EDI) regulations:
These EDI regulations are intended to standardize
electronic communications between and among health
care providers, health insurance plans and other players
in the health care industry in order to reduce administrative
burden.
Regulation |
General
Description |
Status |
| Transactions and Code Sets3 |
Establishes standards for the electronic communication
of health care information in transactions such
as filing insurance claims and verifying eligibility.
Also establishes standards for transmitting certain
types of health information, such as diagnosis codes
and procedure codes. |
Final regulations published in August 2000. Proposed
modifications published May 31, 2002. By October
2002, covered entities must either (1) comply with
the regulations or (2) submit a "compliance
plan" to DHHS's Centers for Medicare and Medicaid
Services in order to obtain a one-year extension.4 |
| Employer Identifier5 |
Establishes a standard unique identifier for employers
(EIN) |
Final regulation published 2002. Covered entities
must comply by July 2004. |
| Provider and Plan Identifiers6 |
Will establish standard unique identifiers for
health care providers and health plans |
No final regulations. |
| Claims Attachments7 |
Will establish a standard for transmitting claims
attachments |
No final regulations. |
- Data protection regulations: These
two regulations are intended to ensure the privacy
and security of individually identifiable health information
maintained by entities covered by HIPAA.
Regulation |
General
Description |
Status |
| Privacy8 |
Establishes a comprehensive framework
for the use and disclosure of identifiable health
information. Also establishes new individual rights. |
Final regulations published in December
2000. Proposed modifications published in March
2002. Covered entities must comply by April 2003. |
| Security9 |
Will require covered entities to establish
administrative, procedural and technical safeguards
to protect identifiable health information. |
No final regulations. |
Back to Top
1Pub. L. No. 104-191
242 U.S.C. § 1171 et
seq.
345 C.F.R. Parts 160; 162,
Subparts A, I-R; 65 Fed. Reg. 50,312 (Aug. 17, 2000).
Modifications to the transactions and code sets regulations
were proposed in May 2002. 67 Fed. Reg. 38,044 (May
31, 2002); 67 Fed. Reg. 38,050 (May 31, 2002). See also http://aspe.hhs.gov/admnsimp/bannertx.htm.
4The compliance form is
available electronically and may either be submitted
via the Internet or on paper. See http://www.cms.gov/hipaa/hipaa2/ascaform.asp).
545 C.F.R. Parts 160; 162,
Subparts A, F; 67 Fed. Reg. 38,009 (May 31, 2002).
6For a copy of the proposed
health care provider identifier regulation, see http://aspe.hhs.gov/admnsimp/
bannerid.htm. As of June 27, 2002, DHHS has not
issued a proposed regulation for the health plan identifier.
7As of June 27, 2002, DHHS
has not issued a proposed regulation governing claims
attachments.
845 C.F.R. Parts 160; 164;
65 Fed. Reg. 82,462 (Dec. 28, 2000). Modifications to
the privacy rule were proposed in March 2002. 67 Fed.
Reg. 14,776 (Mar. 27, 2002). See also http://www.hhs.gov/ocr/hipaa/.
9As of June 27, 2002, DHHS
has not issued a final security regulation. For a copy
of the proposed security regulation, see 63 Fed. Reg.
43,242 (Aug. 12, 1998) or http://aspe.hhs.gov/admnsimp/bannerps.htm#security.
Back to FAQs
|
