HIPAA Electronic Transactions and Code Sets: Overview

Download the full PDF (226K) of this guide
Download the free Adobe Acrobat reader

Overview

The Health Insurance Portability and Accountability Act of 1996, known simply as “HIPAA,” is arguably one of the most complex federal health care laws in history.  Although HIPAA included provisions for health insurance and fraud and abuse reforms, the “Administrative Simplification” section seems to have had a much larger direct impact on the health care industry’s day to day operations.  

In this portion of HIPAA, Congress required the Secretary of the Department of Health and Human Services (HHS) to adopt standards for financial and administrative transactions and code sets, privacy, security, and unique identifiers for physicians, hospitals, health plans, and others.  

Generally, once HHS issues a final HIPAA regulation in the Federal Register, there is a two-year implementation period before health care entities, including physicians, must comply with the law.  Below is a summary of the final HIPAA regulations that have been published by HHS to date:

* See ASCA information below. 

Additional information on HIPAA Privacy is available in the Massachusetts Medical Society guide: “Getting Ready for HIPAA: Basic Elements for Compliance with the Privacy Regulations.”  Obtain a copy of this online or by calling 781-434-7222.

Transactions and Code Sets (TCS) Regulation Background

The Secretary of HHS issued a final Transactions and Code Sets (TCS) regulation with an effective date of October 16, 2002.  In December 2001, Congress passed the Administrative Simplification Compliance Act (ASCA) extending the TCS compliance deadline until October 16, 2003, if entities submitted a compliance plan with the Centers for Medicare and Medicaid Services.  

ASCA also made it a requirement that all physicians, except those in practices with less than 10 full time equivalent employees, file claims electronically with Medicare by October 16, 2003.

The TCS regulation addresses electronic claims, remittance advice, eligibility verification, referral authorization, claims status inquiry, and many other electronic transactions.  The intent of the transactions and code sets standards is to standardize electronic communications so that information can be more easily shared and exchanged, and ultimately save the industry millions of dollars a year.

A critical component of the TCS regulation is the elimination of multiple code sets.  The code sets adopted by the TCS regulation include:  CPT-4, HCPCS, ICD-9-CM, Current Dental Terminology (CDT), National Council for Prescription Drug Programs (NCPDP), and others.  These standard code sets will be updated or replaced as necessary.  (For example, ICD-10-CM is expected to replace ICD-9-CM in the near future.)  It is also worth noting that HCPCS Level II codes, also know as local codes, have been eliminated by HIPAA.

HIPAA regulations for unique employer, provider, and health plan identification numbers are being developed by HHS to support standardized electronic transactions.  The Unique Employer Identifier regulation requires that a Federal Employer Identification Number (FEIN) or Social Security Number issued by the IRS be used for electronic transactions beginning July 30, 2004.  Final regulations for the Unique Provider Identifier (to replace the UPIN), and the Unique Health Plan Identifier are expected soon.