The HIPAA Administrative Simplification Rules establish national standards for electronic transactions and code sets to maintain the privacy and security of protected health information (PHI). These standards are often referred to as electronic data interchange or EDI standards.
The regulations, detailed in 45 CFR 160, 45 CFR 162, and 45 CFR 164, aim to make health care systems more efficient and effective by streamlining paperwork associated with billing, verifying patient eligibility, and payment transactions.
HIPAA Administrative Simplification Standards
HIPAA regulation includes four standards covering transactions, identifiers, code sets, and operating rules. The HIPAA Administrative Simplification Rules illustrate how switching from paper to electronic transactions reduces paperwork burden and increases payment speed for health care organizations. Additionally, information can be exchanged faster and claim statuses can be checked more easily.
HIPAA covered entities (which include health care providers, health plans, health care clearinghouses) and HIPAA business associates must adopt these standards for transactions that involve the electronic exchange of health care data. Such transactions may include claims and checking claim status. Other such transactions may involve encounter information, eligibility, enrollment and disenrollment, referrals, authorizations, premium payments, coordination of benefits, and payment and remittance advice.
Unique identifiers, such as a Health Plan Identifier, Employer Identification Number, or National Provider Identifier, are required for all HIPAA transactions.
Code sets are standard codes that all HIPAA covered entities must adopt. These codes have been developed for diagnoses, procedures, diagnostic tests, treatments, and equipment and supplies. HIPAA details several code sets including: NDC national drug codes; CDT codes for dental procedures; CPT codes for procedures; the HCPCS health care common procedure coding system; and the code set for the international classification of diseases (ICD-10).
Updates to the HIPAA Administrative Simplification Rules
The HIPAA Administrative Simplification Rules were updated after the Affordable Care Act was passed in 2010 to include new operating rules specifying the information that must be included for all HIPAA transactions.
HIPAA covered entities must follow national standards, which were set to protect patients’ privacy (HIPAA Privacy Rule) and improve PHI security (HIPAA Security Rule), in addition to the HIPAA Administrative Simplification Rules. The Final Omnibus Rule, which was enacted in 2013, now includes HITECH Act standards in its HIPAA regulations; the standards added new requirements for breach notifications in the HIPAA Breach Notification Rule.
The Centers for Medicare & Medicaid Services both administers and enforces the HIPAA Administrative Simplification, whereas the Department of Health and Human Services’ Office for Civil Rights typically enforces the HIPAA Privacy, Security, and Breach Notifications Rules.
The HIPAA Administrative Simplification Regulations apply to all HIPAA covered entities and HIPAA business associates, not only those that work with Medicare or Medicaid.
Addressing the HIPAA Administrative Simplification Rules with Compliancy Group
Compliancy Group allows health care professionals and vendors across the industry to address the full extent of their HIPAA regulatory requirements, including HIPAA Administrative Simplification Rules, with our HIPAA compliance solution, The Guard. The Guard is a web-based HIPAA compliance app that allows users to confidently address their HIPAA compliance so they can get back to running their business.