Congress and the health care industry have agreed that standards for the
electronic exchange of administrative and financial health care transactions
are needed to improve the efficiency and effectiveness of the health care
system. The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
required the Secretary of Health and Human Services to adopt such
National standards for electronic health care transactions will
encourage electronic commerce in the health care industry and ultimately
simplify the processes involved. This will result in savings from the reduction
in administrative burdens on health care providers and health plans. Today,
health care providers and health plans that conduct business electronically
must use many different formats for electronic transactions. For example, about
400 different formats exist today for health care claims. With a national
standard for electronic claims and other transactions, health care providers
will be able to submit the same transaction to any health plan in the United
States and the health plan must accept it. Health plans will be able to send
standard electronic transactions such as remittance advices and referral
authorizations to health care providers. These national standards will make
electronic data interchange a viable and preferable alternative to paper
processing for providers and health plans alike.
As required by HIPAA, the Secretary of Health and Human Services is
adopting standards for the following administrative and financial health care
- Health claims and equivalent encounter information.
- Enrollment and disenrollment in a health plan.
- Eligibility for a health plan.
- Health care payment and remittance advice.
- Health plan premium payments.
- Health claim status.
- Referral certification and authorization.
- Coordination of benefits.
Standards for the first report of injury and claims attachments (also
required by HIPAA) will be adopted at a later date.
All private sector health plans (including managed care organizations
and ERISA plans, but exlcuding certain small self administered health plans)
and government health plans (including Medicare, State Medicaid programs, the
Military Health System for active duty and civilian personnel, the Veterans
Health Administration, and Indian Health Service programs), all health care
clearinghouses, and all health care providers that choose to submit or receive
these transactions electronically are required to use these standards. These
"covered entities" must use the standards when conducting any of the defined
transactions covered under the HIPAA.
A health care clearinghouse may accept nonstandard transactions for the
sole purpose of translating them into standard transactions for sending
customers and may accept standard transactions and translate them into
nonstandard transactions for receiving customers.
If the plan performs that business function (whether electronically, on
paper, via phone, etc.), it must be able to support the electronic standard for
that transaction. It may do this directly or through a clearinghouse.
All health plans, all health care clearinghouses, and any health care
provider that chooses to transmit any of the transactions in electronic form
must comply within 24 months after the effective date of the final rule (small
health plans have 36 months). The effective date of the rule is 2 months after
publication. Therefore, compliance with the final rule is required by October
2002 (October 2003 for small health plans). Entities can begin using these
standards earlier than the compliance date.
HIPAA required the Secretary to adopt standards, when possible, that
have been developed by private sector standards development organizations
(SDOs) accredited by the American National Standards Institute (ANSI). These
are not government agencies. All of the transactions adopted by this rule are
from such organizations. All are from the Accredited Standards Committee (ASC)
X12N except the standards for retail pharmacy transactions, which are from the
National Council for Prescription Drug Programs (NCPDP).
ANSI ASC X12N standards, Version 4010, were chosen for all of the
transactions except retail pharmacy transactions. The choice for the retail
pharmacy transactions was the standard maintained by the NCPDP because it is
already in widespread use. The NCPDP Telecommunications Standard Format Version
5.1 and equivalent NCPDP Batch Standard Version 1.0 have been adopted in this
rule (health plans will be required to support one of these two NCPDP formats).
Internet transactions are being treated the same as other electronic
transactions. However, we recognize that there are certain transmission modes
in which the format portion of the standard is inappropriate. In these cases,
the transaction must conform to the data content portion of the standard. In
particular, a "direct data entry" process, where the data are directly keyed by
a health care provider into a health plans computer using dumb terminals
or computer browser screens, would not have to use the format portion of the
standard, but the data content must conform. If the data are directly entered
into a system that is outside the health plans system, to be transmitted
later to the health plan, the transaction must be sent using the format and
content of the standard.
The decision on when a standard must be used does not depend on whether
the transaction is being sent inside or outside corporate boundaries. Instead,
a simple two part test, in question form, can be used to determine whether the
standards are required.
Question 1: Is the transaction initiated by a covered entity or
its business associate? If no, the standard need not be used.
Question 2: Is the transaction one for which the Secretary had
adopted a standard? If yes, the standard must be used. If no, the standard need
not be used.
For purposes of question 1, a business associate acting on behalf of a
covered entity can only perform those particular functions that the covered
entity itself could perform in the transaction. The regulation requires health
plans to accept standard transactions from any person.
For purposed of question 2, the definitions of the transactions
themselves, as stipulated in Subpart K through Subpart R of the regulation,
must be used to determine if the function is a transaction for which the
Secretary has adopted a standard.
Section 1178 of the Social Security Act provides that standards for the
transactions will supercede any State law that is contrary to them, but allows
for an exception process. This process is currently under development and will
be issued in the final rule for Privacy Standards.
In addition to the exceptions for conflicting State laws, an exception
may be allowed for the testing of proposed modifications to the standards. An
entity wishing to test a different standard may apply for an exception to test
the new standard. Instructions for applications are published in the final
rule. In this way, we hope to encourage the development of new
Section 1171(5)(E) of the Social Security Act, as enacted by HIPAA,
identifies the State Medicaid programs as health plans, which therefore must be
capable of receiving, processing, and sending standard transactions
electronically. There is no requirement that internal information systems
maintain data in accordance with the standards. However, Medicaid programs will
need the capacity to process standard claim, encounter, enrollment,
eligibility, remittance advice, and other transactions. In addition, as health
plans, the State Medicaid programs will be required to comply with other HIPAA
standards two years after adoption of the standards.
The standards should benefit Medicaid programs in multiple areas. Here
are a few examples:
- A national standard for encounter transactions will provide a
much-needed method for collecting encounter data on Medicaid beneficiaries
enrolled in managed care. Because of the standards, it will be possible to
combine encounter data from managed care with similar claims data from
fee-for-service, thus enhancing the ability to monitor utilization, costs, and
quality of care in managed care and to compare managed care with
- The standard transactions will include methods for electronic
exchange of enrollment information between the Medicaid program and private
managed care plans enrolling Medicaid beneficiaries. This will reduce
administrative costs of exchanging such information and enhance the reliability
of such information.
- The conversion to national standards provides an opportunity for
Medicaid programs to shift to commercial software or clearinghouses and to stop
the expensive maintenance of old, customized transaction systems.
The law gives the Secretary the authority to impose monetary penalties
for failure to comply with a standard. The Secretary is required by statute to
impose penalties of not more than $100 per violation on any person or entity
who fails to comply with a standard except that the total amount imposed on any
one person in each calendar year may not exceed $25,000 for violations of one
requirement. Enforcement procedures will be published in a future
First, the Department developed a set of guiding principles to serve as
the basis for evaluating alternative standards for each transaction. These
guiding principles, designed to be consistent with the intent of HIPAA, are
published in the regulation. Second, an inventory of standards was developed by
the ANSI Health Informatics Standards Board, a private sector organization.
Third, teams composed of representatives from several government agencies
evaluated the available standards against the guiding principles to determine
which standards best met the principles. Extensive outreach and consultation,
including public meetings, with all facets of the health care industry
continued throughout this process.
As required by HIPAA, the Secretary also consulted with the National
Uniform Claim Committee (NUCC), the National Uniform Billing Committee (NUBC),
the American Dental Association (ADA), and the Workgroup for Electronic Data
Interchange (WEDI). The Secretary also considered advice from the National
Committee on Vital and Health Statistics (NCVHS) and representatives of the
health care industry who testified before the NCVHS Subcommittee on Health Data
Needs, Standards, and Security.
Data dictionaries are available for an additional fee.
The implementation guides for the ASC X12N standards may be obtained
from the Washington Publishing Company, 806 W. Diamond Ave., Suite 400,
Gaithersburg, MD, 20878; telephone: 301-949-9740; FAX: 301-949-9742. These
guides are also available at no cost through the Washington Publishing Company
on the Internet at http://www.wpc-edi.com/hipaa/.
The implementation guide for retail pharmacy standards is available from
the National Council for Prescription Drug Programs, 4201 North 24th Street,
Suite 365, Phoenix, AZ, 85016; telephone: 602-957-9105; FAX: 602-955-0749. It
is also available from the NCPDPs website at
The Secretary has designated six organizations that have agreed to serve
as Designated Standards Maintenance Organizations (DSMOs). The DSMOs are:
- Accredited Standards Committee X12
- The Dental Content Committee
- Health Level Seven
- National Council for Prescription Drug Programs
- National Uniform Billing Committee
- National Uniform Claim Committee
These organizations will work together to accept and evaluate requests
for changes to the standards and suggest changes to the standards for the
Secretarys consideration. Further information about the change request
process can be found on the Internet at: http://crs.hipaa.org.
The Secretary may modify a standard or its implementation guide
specification one year after the standard or implementation specification has
been adopted, but not more frequently than once every 12 months. If the
Secretary modifies a standard or implementation specification, the
implementation date of the modified standard or implementation specification
may be no earlier than 180 days following the adoption of the modification. The
Department of Health and Human Services (HHS) will determine the actual date,
taking into account the time needed to comply given the nature and extent of
the modification. HHS may extend the time for compliance for small health
plans. Standards modifications will be published as regulations in the Federal
No, there is no such requirement. However, more physicians may
want to use computers for submitting and receiving transactions (such as
health care claims and remittances/payments) electronically, once the standard
way of doing things goes into effect.
The Administrative Simplification provisions of the HIPAA law were
passed with the support of the health care industry. The industry believed
standards would lower the cost and administrative burdens of health care, but
they needed Government's help to get to one uniform way of doing things. In the
past, individual providers (physicians and others) have had to submit
transactions in whatever form each health plan required. Health plans could not
agree on a standard without giving their competitors a market advantage, at
least in the short-run. The law, which requires standards to be followed for
electronic transmission of health care transactions, levels the playing field.
It does not require providers to submit transactions electronically. It does
require that all transactions submitted electronically comply with the
Providers, even those without computers, may want to adopt these
standard electronic transactions, so they can benefit directly from the
reductions in cost and burden. This is possible because the law allows
providers (and health plans too, for that matter) to contract with
clearinghouses to conduct the standard electronic transactions for them.
The transaction standards will apply only to electronic data interchange
(EDI) -- when data are transmitted electronically between health care providers
and health plans as part of a standard transaction. Data may be stored in any
format as long as it can be translated into the standard transaction when
required. Security standards, on the other hand, will apply to all health care
To comply with the transaction standards, health care providers and
health plans may exchange the standard transactions directly, or they may
contract with a clearinghouse to perform this function. Clearinghouses may
receive non-standard transactions from a provider, but they must convert these
into standard transactions for submission to the health plan. Similarly, if a
health plan contracts with a clearinghouse, the health plan may submit
non-standard transactions to the clearinghouse, but the clearinghouse must
convert these into standard transactions for submission to the provider.
Currently, some insurers accept the de facto standard claim (e.g.,
UB-92) but also require additional records (e.g., a proprietary cover sheet)
for each claim submitted. Others have special requirements for data entered
into the claim which make it non-standard.
Under the law, health plans are required to accept the standard claim
submitted electronically. They may not require providers to make changes
or additions to the standard claim. They must go through the private sector
standards setting process to get their requirements added to the standard in
order to effect desired changes. Health plans may not refuse the standard
transaction or delay payment of a proper standard transaction.
An additional standard will be adopted for electronic health claims
attachments, which health plans will be required also to accept. Until that
standard is adopted (by February, 2001), health plans may continue to require
health claim attachments to be submitted on paper. No other additions to
standard claims will be acceptable.
Additional information may be provided within certain limits.
Electronic transactions must go through two levels of scrutiny:
- Compliance with the HIPAA standard. The requirements for
compliance must be completely described in the HIPAA implementation guides and
may not be modified by the health plans or by the health care providers using
the particular transaction.
- Specific processing or adjudication by the particular system
reading or writing the standard transaction. Specific processing systems
will vary from health plan to health plan, and additional information regarding
the processing or adjudication policies of a particular health plan may be
helpful to providers.
Such additional information may not be used to modify the standard and
may not include:
- Instructions to modify the definition, condition, or use of a data
element or segment in the HIPAA standard implementation guide.
- Requests for data elements or segments that are not stipulated in the
HIPAA standard implementation guide.
- Requests for codes or data values that are not valid based on the
HIPAA standard implementation guide. Such codes or values could be invalid
because they are marked not used in the implementation guide or because they
are simply not mentioned in the guide.
- Change the meaning or intent of a HIPAA standard implementation
The health plan must read and write HIPAA standard transactions exactly
as they are described in the standard implementation guides. The only exception
would be if the guide explicitly gives discretion regarding a data element to a
health plan. For claims and most other transactions, the receiver must accept
and process any transaction that meets the national standard. This is necessary
because multiple health plans may be scheduled to receive a given transaction
(e.g., a single claim may be processed by multiple health plans).
For example: Medicare currently instructs providers to bill for certain
services only under certain circumstances. Once HIPAA standard transactions are
implemented, Medicare will have to forego that policy and process all claims
that meet HIPAA specifications. This does not mean that Medicare, or any other
health plan, has to change payment policy. Today, Medicare would refuse to
accept and process a bill for a face lift for cosmetic purposes only. Once the
HIPAA standards are implemented, Medicare will be required to accept and
process the bill, but still will not pay for a face lift that is purely for
The simplest implementation is the one that is identical to all others.
If the standard adopted stipulates that HCPCS codes will be used to describe
procedures, then the health plan must abide by the instructions for the use of
HCPCS codes. A health plan could refuse a code that was not applied in
accordance with the HIPAA national standard coding instructions, but could not
refuse a code properly applied for reasons of policy unrelated to the
For example, if the standard stipulates that the most specific code
available must be used, then a health plan would be right to refuse a code that
does not meet that criterion. The health plan would need to work with the
committee(s) governing the particular coding scheme to have codes adopted that
meet its needs.
Any loop iterations, file sizes, etc. stipulated in the standards must
be honored by all players. If any health care electronic data interchange
participant cannot live with the numbers stipulated in the HIPAA implementation
guides, then the participant needs to work with the implementation guide
author(s) to get numbers that all players can live with
For example, there are up to 99 service lines in a professional claim.
The provider need not write 99 service lines, but the health plan must have the
capability to accept that number when presented. If that is not the right
number for all players, it should be changed. But the number identified in the
implementation guide must be adhered to.