Administrative Simplification
The Administrative Simplification part of HIPAA aims to reduce administrative costs in the healthcare industry by mandating strict limits on how PPI can be used and disclosed, as well as through adopting and using standardized, electronic transmission of PPI.
Five Elements of Administrative Simplification
- Privacy
- Security
- Standardized Transactions
- Standardized Medical Code Sets
- Unique Identifiers
Privacy
HIPAA privacy regulations require compliance with standards that protect the privacy of PPI and grant individuals other rights, without creating obstacles to care and treatment. With limited exceptions, these rules mandate that no PPI may be used or disclosed without the signed authorization of the affected member.
HIPAA states that other federal and state laws that provide more stringent individual privacy protection still apply. Therefore, Premera must also consider: state patients' bills of rights and other insurance laws, state and federal public health laws, and state regulations implementing the federal Gramm-Leach-Bliley Act.
Security
HIPAA's Administrative Simplification provisions require compliance with security standards related to PPI that is transmitted or stored electronically. The regulations include requirements for physical, technical and procedural safeguards to keep electronic healthcare information secure.
Standardized Transactions
Covered healthcare providers, healthcare payers and healthcare clearinghouses must use "standard" formats to transmit healthcare transactions electronically.
The standard formats for HIPAA transactions are the American National Standards Institute (ANSI) ASC X12N, Version 4010A1. These formats apply to the following common business functions:
Transaction Name |
Number |
Healthcare Claims |
837 |
Healthcare Claim Payment/Advice |
835 |
Payroll Deducted and Other Group Premium Payment |
820 |
Benefit Enrollment and Maintenance |
834 |
Healthcare Services Review |
278 |
Healthcare Eligibility Benefit Inquiry and Response |
270/271 |
Healthcare Claim Status Request and Response |
276/277 |
Standardized Code Sets
Electronic data exchange will require using standard code sets. The medical code sets used to identify data include:
- ICD-9 for diseases*
- CPT-4 for services and procedures
- HCPCS for medical equipment, injectable drugs and transportation services
- NDC for prescription drugs and CDT-3 for dental services
The non-medical code sets include codes for place of service, revenue codes, relationship codes and more.
* The federal government requires all HIPAA-covered healthcare organizations to be compliant with the ICD -10 code sets beginning Oct. 1, 2013.
Unique Identifiers
There are standard national identifiers for providers and employers. Unique identifiers permit electronic data exchange and matching for all health insurance-related transactions.
The following list contains the unique identifiers that HIPAA requires to be standardized:
National Provider Identifier (NPI)
The NPI is a unique identification number assigned to healthcare providers to use with administrative and financial transactions. More on NPI at: nppes.cms.hhs.gov/NPPES/Welcome.do
National Employer Identifier (EIN)
The EIN is a unique identification number used to identify employers and employer groups. The final rule was published on May 31, 2002 with a compliance deadline of July 30, 2004. The employer tax identification number as assigned by the IRS was adopted as the EIN.
National Health Plan Identifier (HPIN)
The HPIN is a unique identification number used to identify health plans. For questions about HIPAA Transaction-related regulatory compliance (Transactions, Code Sets, National Identifiers, and Security) call the Centers for Medicare and Medicaid (CMS) at 866-282-0659.