What is the Health Insurance Portability and Accountability Act (HIPAA)?

key words:  national standards, law, HIPAA, healthcare insurance

HIPAA is the Health Insurance Portability and Accountability Act, part of the Administrative Simplification Standard.

The goal of HIPAA is to standardize and simplify the insurance processing system.

The NPI (national provider identifier) is part of HIPAA.

The Administrative simplification standard:

"To reduce paperwork and streamline business processes across the [United States] health care system, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Patient Protection and Affordable Care Act (ACA) set national standards for:

• electronic transactions
• code sets
• unique identifiers

HIPAA includes Administration Simplification provisions that the ACA expanded in 2010.  ACA introduced operating rules to standardize business practices."

HIPAA and ACA are U.S. law.

Who needs to comply with HIPAA and ACA?
Health care providers, health plans, and payers
Any provider or health care entity who conducts electronic transactions.

The intent of the Administrative Simplification standard has been to:
save time and cost while helping patients
by using standardized

• transactions
• operating rules
• code sets
• unique identifiers

Using these standardized sets helps allow information to be shared electronically in consistent ways.

The Operating Theory
The theory behind the creation of HIPAA and ACA is the idea that with common standards for content and formats, information would move more quickly as it is shared between providers and health plans in predictable ways.  Streamlined communications with insurers can help inform patients upfront about coverage, benefits, and out-of-pocket costs.
These standards have the potential  to give providers more time for care and decrease 

• health costs
• time spent on paperwork
• administrative burden

reference:  CMS Admin Simplification Standards

A transaction is "an electronic exchange of information between two parties to carry out financial or administrative activities related to health care".  For more about  what qualifies as a "transaction" under HIPAA, see the full definition on the CMS site.

"Code Sets" as related to HIPAA are the following:

• Diagnosis codes (currently ICD-10)
• Procedure codes (these are your CPT codes)
• Diagnostic tests
• Treatments
• Equipment and supplies

The above code categories translate to the following code sets:

• ICD-10 (diagnosis codes)
• Health care Common Procedure Coding System (HCPCS)
• CPT (procedure codes)
• CDT (dental procedure codes)
• NDC (national drug codes)

CMS Code Sets reference.

National Identifiers
The "national identifiers" HIPAA requires are, for providers, your NPI.
Health plans need an HPID (Health Plan Identifier)
Employers need an EIN (employer identification number)

HIPAA requires that NPIs and EINs are used on all HIPAA transactions.
The enforcement period for HPIDs is current in an "discretion period" since 10.31.2014.  I think this means all transactions should also include the HPID but it not yet being strictly enforced.  Reference here.


update April 2018:  The U.S. federal bureau of Health and Human Services (HHS) has this summary about the current federal HIPAA law and its application.  Here is some very specific information from HHSon the rules for de-identifying a medical record.

Related Posts
What is CMS?
What is an NPI?