The HIPAA Administrative Simplification provisions are in place to provide consistency in electronic communications within healthcare for Protected Health Information (PHI). These mandate the usage of standard transactions, code sets, and identifiers for the United States healthcare system.
Who Must Comply?
The most common organizations which must comply are healthcare clearinghouses, healthcare providers, and health plans. Organizations that are considered covered entities usually require compliance, but there are exceptions. Examples may include providers who don’t have records in electronic format and educational institutions which provide healthcare services for only students.
Business partners, which are referred to as Business Associates (BA) within HIPAA are sometimes subject to parts of the Administrative Simplification provisions. This will depend on the services that they perform. A business partner is considered a BA if they create, receive, maintain, or transmit PHI. HIPAA Secure Now can assist in determining designations of partnerships within your healthcare business.
The U.S. Department of Health and Human Services (HHS) has adopted code sets that are specific to diagnoses and procedures. These are to be used in all transactions. Included are the following:
- Current Procedural Terminology (CPT) for outpatient procedures and services
- Health Care Procedure Coding System (HCPCS) for ancillary services and procedures
- International Classification of Diseases, 10th Revision (ICD-10) for diagnosis and hospital inpatient procedure
Also included in the provisions are identifiers that HIPAA requires for employers, health plans, providers, and patients to be used in transactions.
There are many facets to maintaining your healthcare business’s cybersecurity and HIPAA compliance. While they are intertwined, they are not the same thing. We would welcome the opportunity to help you to navigate the policies and procedures for both. Contact us today to learn more.