- The Administrative Simplification provisions of HIPAA apply to the adoption of electronic transaction standards and operating rules for use in the health care industry. Information about HIPAA regulations, standards and operating rules can be found at https://www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/HIPAA-ACA/index.html.
- This standard and the transaction were adopted under the Health Insurance Portability Act of 1996 (HIPAA) to increase efficiency in the health care system by reducing the use of paper and increasing the exchange of health care information electronically. This information is often maintained in provider practice management and billing systems but duplicates information in electronic health records.
- Before implementation of a new version of a standard, end to end testing should be conducted with vendor systems and between trading partners to ensure changes have been accommodated.
- There are two versions of the enrollment transaction in use by industry today. One is the adopted transaction exchanged between a covered health plan and an employer, which is not a covered entity. The other version, referred to as the HIX, is used by issuers participating in the federal marketplace or health insurance exchanges.
- For a description of the functionality of each transaction, visit the X12 website.
- ASETT is the HHS compliance tool to enable testing and complaint filing for all X12 and NCPDP® transactions. To test transactions, visit the HHS compliance page.
- Operating rules have not been adopted for the enrollment transaction standard.
- NCPDP operating rules are in the NCPDP Telecommunication Standard, Implementation Guide, Version D.0. Additional operating rules are not developed by any entity outside of NCPDP for the pharmacy standards.
- All covered entities and their business associates are required to comply with the HIPAA Privacy and Security Rules. Health and Human Services has partnered with the Office of the National Coordinator and the National Institutes of Standards and Technology to publish comprehensive guidance for Security specific to electronic protected health information. A self-assessment tool kit is available to support integrating privacy and security into practices.