The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

What are the HIPAA Administrative Simplification Regulations?

Posted By on Jan 2, 2024

The HIPAA Administrative Simplification Regulations, part of the Health Insurance Portability and Accountability Act, are a series of provisions designed to streamline healthcare transactions, ensure the security and privacy of health data, and standardize electronic data interchange (EDI) through the adoption of specific standards and requirements for transmitting health information, processing claims, and maintaining secure electronic health records The HIPAA Administrative Simplification Regulations are detailed in 45 CFR Part 160, Part 162, and Part 164 and require healthcare organizations to adopt national standards, often referred to as electronic data interchange or EDI standards.

The purpose of these regulations is to save time and costs by streamlining the paperwork required for processes such as verifying patient eligibility, obtaining authorizations for treatments, and sending and receiving payments.

HIPAA Administrative Simplification Standards

The HIPAA Administrative Simplification Regulations include four standards covering transactions, identifiers, code sets, and operating rules. By adopting these standards and switching from paperwork to electronic transactions, healthcare organizations can reduce the paperwork burden, receive payments faster, obtain information more rapidly, and easily check the status of claims.

The regulations require HIPAA covered entities – healthcare providers, health plans, healthcare clearinghouses, and business associates of covered entities – to adopt standards for transactions involving the electronic exchange of health care data, such as claims and checking claim status, encounter information, eligibility, enrollment and disenrollment, referrals, authorizations, premium payments, coordination of benefits, and payment and remittance advice.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Identifier standards require unique identifiers – A Health Plan Identifier (HPID), Employer Identification Number (EIN), or National Provider Identifier (NIP) – to be used on all HIPAA transactions.

Code sets are standard codes that must be adopted by all HIPAA covered entities. Standard codes have been developed for diagnoses, procedures, diagnostic tests, treatments, and equipment and supplies. The code sets detailed in HIPAA include: NDC national drug codes; CDT codes for dental procedures; CPT codes for procedures; the HCPCS health care common procedure coding system; and the code set for the international classification of diseases (ICD-10) – now in its 10th edition.

Updates to the HIPAA Administrative Simplification Regulations

Following the passing of the Affordable Care Act (ACA) in 2010, the HIPAA Administrative Simplification Regulations were updated to include new operating rules specifying the information that must be included for all HIPAA transactions.

Following the passing of the Administrative Simplification Compliance Act (ASCA), medical organizations that work with Medicare are required to submit all claims to Medicare electronically. While there are limited exceptions when written requests to Medicare contractors may be permitted, the majority of healthcare organizations have been required to comply with this requirement since July 1, 2015. The failure to bill electronically after that date results in claims for payments being rejected.

In addition to complying with the HIPAA Administrative Simplification Regulations, HIPAA covered entities must also comply with national standards that were introduced to protect the privacy of patients (HIPAA Privacy Rule) and improve security for protected health information (HIPAA Security Rule). Additionally, HITECH Act standards were incorporated into HIPAA regulations in the Final Omnibus Rule, which also added new requirements for breach notifications (HIPAA Breach Notification Rule). Further information on the HIPAA Privacy, Security, and Breach Notification Rules can be found in our HIPAA compliance checklist.

While the Department of Health and Human Services’ Office for Civil Rights is the main enforcer of the HIPAA Privacy, Security, and Breach Notification Rules, the Centers for Medicare & Medicaid Services administers and enforces the HIPAA Administrative Simplification Rules.

The HIPAA Administrative Simplification Regulations apply to all HIPAA-covered entities, not only entities that work with Medicare or Medicaid.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist