DP Solutions - Healthcare Consulting, HIPAA Compliance, Healthcare EDI Solutions
Quick Links
 for providers
 for clearinghouses
 for payers
 for financial institutions
 for software vendors
 tools & demos
 HIPAA faq
 business case
Free 835 EDI Translation Demo
Try our 835 Payment & Remittance demo to translate 835 data to human-readable format.
HCCO Certified EDI Transactions
DP Solutions’ Translation Software, Mediverge™, has been certified by the HIPAA Conformance Certification Organization (HCCO)
Get Adobe Acrobat Reader
Some links are to PDF format files and require Adobe® Acrobat Reader® to view.
 Healthcare HIPAA EDI Transactions - FAQ
SOLUTIONS EVENTS CLIENTS ABOUT DPS CONTACT HOME

HIPAA Frequently Asked Questions

What is HIPAA?

The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996, was established by Congress to aid in administrative simplification and require a national standard for electronic healthcare claims transactions. The goals of HIPAA are:

  • Reduce administrative overhead via a national standard for electronic claims and financial transaction currently done manually on paper.
  • Provide greater privacy for patients by submitting claims over a secure connection, and limiting access to medical histories and conditions.
  • Improve portability and continuity of health insurance coverage in the group and individual markets.
  • Eliminate waste, fraud and abuse with regard to healthcare claims and healthcare delivery.

Back To Top

What are the HIPAA EDI Transactions?

  • 837P: Health Care Claim: Professional
  • 837I: Health Care Claim: Institutional
  • 837D: Health Care Claim: Dental
  • 835: Health Care Claim Payment/Advice
  • 270/271: Health Care Eligibility, Coverage or Benefit Inquiry and Information Response
  • 277/275: Health Care Claim Request for Additional Information and Response
  • 276/277: Health Care Claim Status Request and Response
  • 834: Benefit Enrollment and Maintenance
  • 820: Payroll Deducted and Other Group Premium Payment for Insurance Products
  • 278: Health Care Services Review - Request for Review and Response

Back To Top

What are the HIPAA EDI File Compliance Levels?

There are seven levels of testing/compliance that are defined within the WEDI SNIP white paper on Testing and Certification. The levels of EDI file testing are somewhat independent of each other. However, levels 1 and 2 are pre-requisites for the other levels. All levels are explained.

  • Level 1: Integrity Testing - involves testing for valid segments, segment order, element attributes, testing for numeric values in numeric data elements, validation of X12 syntax and compliance with X12 rules.
  • Level 2: Requirement Testing - involves testing for HIPAA Implementation- Guide-specific requirements, such as repeat counts, used and not used codes, elements and segments, required or intra-segment situational data elements (non-medical code sets as laid out in the Implementation Guide) and values noted via an X12 code list or table.
  • Level 3: Balancing - is testing the transaction for balanced field totals, record or segment counts, financial balancing of claims or remittance advice, and balancing of summary fields.
  • Level 4: Situational Testing - is the testing of specific inter-segment situations described in the HIPAA implementation guides such that: If A occurs, then B must be populated. This is considered to include the validation of situational fields given values or situations present elsewhere in the file. As an example, if the transaction is an inpatient claim, a date of admission must be present.
  • Level 5: Code Set Testing - is testing for valid implementation-guide-specific code set values. Examples are CPT, CDT3, NDC, ICD9, etc.
  • Level 6: Line of Business Testing (also known as line-of-business testing) - is specialized testing required by certain healthcare specialties, such as chiropractic, ambulance, durable medical equipment, etc.
  • Level 7: Trading Partner Testing - is edits in the HIPAA Implementation Guides that are unique and specific to a payer. Examples are edits for Medicare, Medicaid, or Indian Health Services.

Back To Top

What are the Rules Under HIPAA?

HIPAA's "Administrative Simplification" provision contains four parts:

  1. Standards for Electronic Transactions

    2. Electronic Transactions for healthcare include health claims, eligibility, enrollment, premium payments, claim status, and coordination of benefits.

    All health plans must adopt a single standard format for all healthcare transaction types that is intended to simplify and improve the efficiency of healthcare transactions nationwide.

  2. Unique Identifier Standards

    3. Prior to the Employer Identifier Standard, published in 2002, each healthcare organization had its own identification number format. This approach was error-prone, costly, and confusing. By adopting a national identifier based upon an employer's tax ID number or employer identification number (EIN), communication between providers and payers is greatly improved.

    In addition the National Provider Identifier, published in 2004, requires healthcare providers to get a unique identifier when filing electronic claims with all insurance programs public and private. Providers need only apply for an identifier once and keep it even if they relocate or change specialties.

  3. Security

    4. The HIPAA security rule provides for a homogeneous level of protection for all healthcare data that is stored or transmitted electronically pertaining to an individual. Covered entities must ensure confidentiality, integrity and availability of all protected health information that the covered entity creates, receives or transmits. Entities are also required to protect against any reasonable threats to the assurance of privacy to an individual's healthcare data.

    There are no specific technologies required for the implementation of security for healthcare information. However, all security solutions must be supported by a comprehensive security assessment and risk analysis.

  4. Privacy

    5. The HIPAA Privacy rule stipulates a "set of basic national privacy standards and fair information practices that provides all Americans with a basic level of protection and peace of mind that is essential to their full participation in their care." The following is a summary of the HIPAA privacy act:

    • Give patients new rights to access their medical records, restrict access by others, request changes, and to learn how they have been accessed
    • Restrict most disclosures of protected health information to the minimum needed for healthcare treatment and business operations
    • Provide that all patients are formally notified of covered entities' privacy practices
    • Enable patients to decide if they will authorize disclosure of their protected health information (PHI) for uses other than treatment or healthcare business operations
    • Establish new criminal and civil sanctions for improper use or disclosure of PHI
    • Establish new requirements for access to records by researchers and others
    • Establish business associate agreements with business parteners that safeguard their use and disclosure of PHI
    • Implement a comprehensive compliance program, including
      • Conducting an impact assessment to determine gaps between existing information practices and policies and HIPAA requirements
      • Reviewing functions and activities of the organization's business partners to determine where Business Associate Agreements are required
      • Developing and implementing enterprise-wise privacy policies and procedures to implement the Rule
      • Assigning a Privacy officer who will administer the organizational privacy program and enforce compliance
      • Training all members of the workforce on HIPAA and organizational privacy policies
      • Updating systems to ensure they provide adequate protection of patient data

Back To Top

Sources and Further Information:

Centers for Medicare & Medicaid Services
HIPAA Advisory
HIPAA.org

 

 
9160 Red Branch Road, Suite W-1, Columbia MD 21045