The Health Insurance Portability and Accountability Act (HIPAA) was signed into Federal Law on August 21, 1996 to improve the efficiency of health care delivery. HIPAA mandates standards for Electronic Data Interchange (EDI) transactions and code sets. It establishes uniform health care identifiers for providers, health plans, and employers. Compliance with HIPAA requires the use of ANSI ASC X12N (Version 4010) transaction standards and implementation guides. It also addresses privacy and security.
The final rules for transactions and code sets were published in the Federal Register on August 17, 2000, and the compliance date is October 16, 2002. However, President Bush signed a bill on December 27, 2001 (HR 3323) enabling covered entities to delay compliance with the transactions and codes sets rule by one year until October 16, 2003. To qualify for the extension, covered entities must submit a compliance plan to the Secretary of the Department of Health and Human Services by October 16, 2002. The plan must include a budget, schedule, work plan, and implementation strategy for achieving compliance. SynerMed is analyzing the appropriateness of filing for an extension.
The final rule for Privacy Standards was published in the Federal Register on December 28, 2000. The compliance date is April 14, 2003. This date is not affected by the extension granted for the final rules for transactions and code sets.
Covered entities will be subject to financial penalties, which will be defined under the pending Enforcement Regulation, if they do not comply with the dates mandated by the HIPAA rules and regulations.
HIPAA Applicability
Under the terms of HIPAA, the rules and regulations apply to health plans, health care clearinghouses, and health care providers who transmit any health information in any electronic form in connection with transactions covered under HIPAA, and who receive, maintain, or disclose individually identifiable health information in any form or medium. All covered entities must comply with the standards adopted by HIPAA by the applicable compliance dates. If a provider chooses to conduct a standard electronic transaction with a health plan, the health plan may not refuse to conduct, or delay such transactions. The modes of electronic transmission covered under HIPAA include the Internet, extranets, leased lines, dial-up lines, private networks, and those transmissions that are physically moved from one location to another using magnetic tape, disk, or compact disk media.
HIPAA Transaction Standards
The transactions that are required to use the HIPAA standards under this regulation are:
| Transaction Name A |
SC X12 Transaction |
NCPDP Transaction |
| Health Claims and Equivalent Information |
837 |
NCPDP 5.1/Batch1.0 |
| Enrollment and Disenrollment in a Health Plan |
834 |
|
| Eligibility Inquiry/Response for a Health Plan |
270/271 |
NCPDP 5.1/Batch1.0 |
| Health Care Payment/Remittance Advice (EFT/ERA) |
835 |
NCPDP 5.1/Batch 1.0 |
| Health Plan Premium Payments |
820 |
|
| Health Claim Status |
276/277 |
|
| Referral Certification and Authorization |
278 |
|
| Coordination of Benefits |
837 |
NCPDP 5.1/Batch 1.0 |
| Electronic Attachments * |
275/HL7/LOINC |
|
HIPAA Transactions Update to SynerMed E-Claims Providers
As of Oct. 16, 2003 health care providers who submit transactions electronically will be responsible for complying with a new set of federal standards for conducting electronic health care transactions. These transaction requirements came about as a result of the 1996 Health Portability and Accountability Act (HIPAA) passed by Congress. This law included the now well-known privacy protections for health care information, as well as other “Administrative Simplification” provisions that went into effect in October 2003.
The HIPAA standards require health care providers to collect more information than they have in the past in order to process a health care transaction electronically. The standards also require that electronic data be submitted in a specific format and encrypted (none other than the intended receiver can view the data).
The government agency charged with enforcement – the Center for Medicare and Medicaid Services (CMS) – recognized the massive effort required to transition an entire industry to new standards and the fact that many in the health care community will not be prepared to fully adopt the HIPAA standards. SynerMed similarly takes seriously our obligation to help ensure that the migration to the new HIPAA standards does not create unnecessary administrative burdens for our business partners or cause significant disruptions in health care payments and services. However, SynerMed does recognize that HIPAA is law and must take certain steps to be HIPAA compliant.
SynerMed will continue to actively and aggressively test and otherwise collaborate with providers wishing to transition to HIPAA standard transactions. Because of the wide variation in payer and provider readiness, this process must be carefully managed over a period of months. As part of our transition plan, SynerMed will continue to process claims and other transactions without the additional information requested by payers under the HIPAA standards. However, we must discontinue our direct receipt of electronic claims/other files that are not encrypted or not in HIPAA-compliant formats. These files must be submitted to established SynerMed Clearinghouses. Our EDI Department will be contacting you soon if you are not using one of our established Clearinghouses for E-Claims submission.
More information regarding SynerMed and HIPAA may be found at our website www.iSynerMed.com. If you have additional questions or concerns, please contact Craig Girard direct in the EDI department at (213) 437-4284.
HIPAA Code Sets
Under HIPAA, a "code set" is any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnosis codes, or medical procedure codes. Code sets for medical data are required for data elements in the administrative and financial health care transaction standards adopted under HIPAA for diagnoses, procedures, and drugs.
The following code sets have been adopted as the standard medical data code sets:
The combination of Health Care Financing Administration Common Procedure Coding System (HCPCS), as updated and distributed by the DHHS and Current Procedural Terminology, Fourth Edition (CPT-4), as updated and distributed by the American Medical Association for physician services and other health related services. International Classification of Diseases, 9th Edition, Clinical Modification (ICD-9-CM), Volumes 1 and 2 (including the Official ICD-9-CM Guidelines for Coding and Reporting), as updated and distributed by the DHHS. International Classification of Diseases, 9th Edition, Clinical Modification (ICD-9-CM), Volume 3 Procedures (including the Official ICD-9-CM Guidelines for Coding and Reporting), as updated and distributed by the DHHS. Drug and Biologic Codes - Currently under review by DHHS.
Dental Procedures and Nomenclature, As Updated and Distributed By the American Dental Association, for Dental Services
HIPAA Identifiers (Final Rules Pending) Following are the proposed HIPAA identifiers: National Provider Identifier (NPI): proposed to be a ten-position numeric identifier Employer Identification Number (EIN): proposed to be the nine-digit IRS Tax Identification Number Health Plan Identifier (PAYERID): not yet announced but likely to be a ten-digit number assigned to all health plans for the routing of electronic transactions.
How to Prepare for HIPAA
There is a wealth of information being published to keep the health care community informed of what is happening on the HIPAA front. The following government and health care organization Web sites are available for assistance with HIPAA implementation:
www.hipaa.org,
www.cms.hhs.gov/HIPAAGenInfo/ and
www.hipaadvisory.com.