HIPAA - Health Insurance Portability and Accountability Act of 1996, P.L. 104-91.

Legislative Background

Congress enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As indicated by its name, the initial implementation of HIPAA addressed the portability of health insurance coverage; however, it is the Administrative Simplification subsection of HIPAA that impacts application development the most.

Administrative Simplification mandated development and use of:

  • National standards for electronic healthcare data transactions
  • Standards for code sets used in transactions
  • National standard identifiers for providers, employers, health plans and individuals
  • Security and privacy standards to assure the safety and confidentiality of healthcare data

Who Must Comply

The HIPAA requirements for Administrative Simplification apply to all health plans and clearing houses, and to those providers who choose to submit transactions electronically. Of the Covered Entities, providers alone have the choice to opt out by submitting only paper transactions. Health plans, on the other hand, must adopt the electronic standards for any covered business function they conduct, even if they currently perform that function in a paper environment. A health plan or a provider may employ a clearinghouse to convert transactions to and from HIPAA formats. While the HIPAA mandated do not directly apply to business associates of a Covered Entity, the Covered Entity must contractually require compliance by any business associate acting on its behalf.

Property/Casualty and workers' compensation insurers, and self-administered employee health benefit plans with fewer than 50 participants are exempt from HIPAA mandates.

HIPAA Regulatory Process

The Department of Health and Human Services (HHS) is charged with the responsibility to develop regulations to implement HIPAA. The regulatory process involves the following steps:

  1. HHS publishes a proposed rule in the Federal Register.
  2. Public comments are accepted for a period generally lasting 60 days.
  3. HHS reviews comments and revises proposed rule based on comments.
  4. HHS publishes final rule in the Federal Register.
  5. Rule takes effect following a 60-day review period.
  6. Mandatory compliance date is set for 24 months after effective date; small health plans, organizations with less than $5 million in annual receipts, are allowed 36 months to comply.

For further information regarding HIPAA Adminstrative Simplification please click here.

Select the following for EDI Companion Guides:

To view facts regarding SSAE 16 Audit  click here >>>