|  | Healthcare Industry | Health Insurance

HIPAA Administrative Simplification Rules

HIPAA's administrative simplification rules are designed to standardize and facilitate the electronic storage and management of personal health information (PHI) while providing rigorous security standards to maintain patient privacy. All health care organizations HIPAA defines as covered entities, including providers and insurers, are required by law to adhere to these standards.

  1. Required Code Sets

    • HIPAA rules mandate that healthcare providers use ICD-10 medical coding for all electronic billing and claims submission by October, 2011. ICD-10 codes cover more conditions and diagnoses than ICD-9 codes, allowing providers to provide more specific information on claim forms. All ICD-10 codes are alphanumeric, whereas ICD-9 codes are strictly numeric.

    EDI Standards

    • HIPAA rules require all covered entities to use ANSI X12 Version 5010 for their electronic PHI transactions by January 1, 2012. Version 5010 replaces Version 4010/4010A1, permitting a larger field size to be used for medical codes which can accommodate ICD-10's alphanumeric codes. Version 5010 also permits more diagnosis codes to be listed on an insurance claim. NCPDP Version D Release 0 will be the required EDI standard for medication and service claims as of January 1, 2012.

    Unique Identifiers

    • HIPAA requires that the employer identification number (EIN) assigned to employers by the IRS be used in all EDI transactions. Covered entities are assigned a National Provider Identifier (NPI) for EDI transaction use. The NPI is a 10-digit number that must be shared with any covered entities who require it for billing and claims purposes.

    Privacy

    • HIPAA rules ensure that PHI stored electronically is subject to the same privacy considerations as written and oral health information. Patients' rights include the right to view their health records and receive written documentation of how their PHI was used and with whom it was shared. HIPAA privacy rules allow covered entities to share PHI with other providers treating the patient, public health organizations, law enforcement and with the patient's family unless the patient objects. PHI may not be used for marketing purposes or be shared with a patient's employer.

    Security

    • Covered entities must design and implement administrative procedures to ensure that no unauthorized parties can access patients' PHI. The security and confidentiality policy must be disseminated throughout the organization to ensure that all employees understand and abide by security protocol. Covered entities must implement technological safeguards including password protection, firewalls and encryption to protect PHI. HIPAA rules also require physical safeguards of PHI, including restricting access to data storage facilities and measures that prevent PHI data removal from the facility.

Health Insurance - Related Articles