HIPAA Providers
Privacy
Security
HIPAA Enforcement Final Rule
Electronic Data Interchange
National Provider Identifier (NPI)
National Plan Identifier (NPlanID)
Transaction and Code Sets
Technical Documents
Privacy
Providers are covered under the HIPAA Privacy Rule if they conduct one of the electronic standard transactions required in the Transactions and Code Sets Rule. In this case electronic means Internet, dial-up, FTP, magnetic tape, CD, or floppy disk. If you conduct your business electronically and submit electronic claims, you must comply with the Privacy Rule, with a compliance date of April 14, 2003.
Educate yourself, the first thing you need to do is read the final HIPAA Privacy Rule at http://aspe.os.dhhs.gov/admnsimp/. Attend any sessions that are offered by your associations or other organizations, and search the Internet for Web sites offering HIPAA information and commercial products.
Assess how the Privacy Rule Affects You. We recommend that you begin putting together a plan to handle these changes by the April 2003 implementation date and that you assess your readiness and needs. Security
The final Security Rule was published in the Federal Register February 20, 2003, The compliance date is April 21, 2005; however there are many overlaps with the Privacy Rule relating to the protection of Protected Health Information. Educate Yourself, The first thing you need to do is read the Final Security Rule, For more information and a link to the Rule go to: Assess how the Security Rule affect you, We recommend that you begin putting together a plan to handle the required changes by the April 2005 implementation date.
Security
The final Security Rule was published in the Federal Register February 20, 2003, The compliance date is April 21, 2005; however there are many overlaps with the Privacy Rule. For more information and a link to the Rule go to http://cms.hhs.gov/hipaa/hipaa2/regulations/security/default.asp
HIPAA Enforcement Final Rule
On February 16, 2006, the department of Health and Human Services (HHS) published a final rule which details the bases and procedures for imposing civil monetary penalties for violations of the 1996 Health Insurance Portability & Accountability Act (HIPAA), Administrative Simplification Rules. The Center for Medicare and Medicaid Services (CMS) has been delegated the authority to investigate complaints of non-compliance and enforcement with respect to the following regulations known as the: Transaction and Code Set Rule (TCS), the National Employer Identifier Number (EIN) Rule, the National Provider Identifier (NPI) Rule and the Security Rule and the expected National Plan Identifier Rule. This authority does not include the regulation known as the Privacy Rule, which has been delegated to the Office for Civil Rights.
Electronic Data Interchange
Med-QUEST and ACS strongly encourage providers to consider Electronic Data Interchange, or EDI, as a way of doing business. EDI covers all aspects of electronic transactions, from eligibility verification to claims submission and electronic remittance advice. EDI carries the following benefits:
- Faster claims payment (837)
- Less time spent on the phone verifying eligibility (270/271)
- Automated Clearing House (ACH) payment for providers receiving an electronic remittance advice (835)
- On-demand claims status (276/277)
To learn more about these transactions, providers are encouraged to contact ACS at (808) 952-5570 (Oahu and mainland) or (800) 235-4378 (Neighbor Islands). The 270/271 and 276/277 transactions can be accessed through DHS Medicaid Online. To use the 270/271 and 276/277 batch options, or to submit electronic claims (837) or receive electronic remittance advice (835), providers must have their own software. ACS can supply providers with basic information and the DHS Medicaid EDI Manual, which explains how to prepare for EDI, sign-up with Med-QUEST, complete testing, and transmit production transactions.
National Provider Identifier (NPI)
On January 23, 2004 , the Centers for Medicare & Medicaid Services (CMS) announced the adoption of the National Provider Identifier (NPI) as the standard unique health identifier for health care providers to use in filing and processing health care claims and other transactions.
Providers shall be able to apply for an NPI through the web, paper application, or the EFI process. The Enumerator shall provide NPI application forms to health care providers upon request (CMS will furnish paper copies of the NPI application form to the Enumerator). A pdf version of the application form shall also be available for download by providers through a CMS maintained website.
CMS is currently in the process of contracting with an enumerator (contractor) to identify, assign, update and disseminate NPI data to the health care industry. The Enumerator shall input data from the NPI application into the National Plan and Provider Enumeration System (NPPES) from paper applications, while checking for completeness and accuracy. The Enumerator shall be responsible for mailing a system-generated letter notifying the provider of its NPI. In the event that any application is disallowed, the Enumerator shall prepare a letter notifying the applicant of the reason for the disallowance, the Enumerator will also assist health care providers with resolving discrepancies to obtain an NPI. The Enumerator shall carry out a number of functions, including, but not limited to:
- enter identifying information about a health care provider into the NPPES for those providers applying by paper application;
- provide NPI application forms to providers upon request;
- notify the provider of its NPI;
- process provider information updates received from providers via paper applications;
- assist providers with questions or problems, including those providers applying for NPIs by the internet;
- handle all requests for deactivations and replacement NPIs for providers;
- handle potential error resolutions including investigating and resolving pending applications (applications with errors that prevent the NPPES from assigning an NPI);
- work with provider organizations that wish to submit files through Electronic File Interchange (EFI);
- validate the organization’s identity and establish accounts;
- work with organizations to determine if their providers have NPIs;
- reset web users’ passwords and user IDs; and
- maintain a call center for providers.
The final rules and additional information can be viewed at http ://www.cms.hhs.gov/hipaa/hipaa2/default.asp
The compliance date for providers to obtain and use the NPI is 5/23/07. All health care providers impacted by the standard can apply for an NPI with the National Plan and Provider Enumeration System (NPPES). For more information and a link to the Rule go to: http://www.cms.hhs.gov/NationalProvIdentStand. CMS has contracted with Fox Systems, Inc. to serve as the NPI Enumerator. The NPI Enumerator is responsible for dealing with health plans and providers on issues relating to unique identification. On 5/23/05 The NPPES online website is available for online NPI application at https://nppes.cms.hhs.gov/NPPES/Welcome.do. Paper application will be accepted on 7/1/05. On 10/2/06, Medicare will begin accepting use of the NPI.
National Plan Identifier (NPlanID)
HIPAA will also adopt standard unique identifiers for health plans that are covered entities. The NPPES will also assign these unique health plan identifiers.
Transactions and Code Sets
Med-QUEST successfully implemented the following transactions for the October 2003 TCS Implementation:
- 837 Fee For Service Claims
- 835 Electronic Remittance Advice
- 270/271 Eligibility Verification Request and Response
- 276/277 Claim Status Request and Response
- 834 Health Plan Roster
- 820 Premium Payment
Med-QUEST is able to accept and process all of the above transactions. Trading partners interested in exchanging the above electronic transactions with Med-QUEST are urged to contact ACS, the Med-QUEST fiscal agent, at (808) 952-5570 (O’ahu and mainland) or (800) 235-4378 ( Neighbor Islands). Please note Med-QUEST does not exchange electronic claims and remittance advice directly with QUEST providers. Instead, QUEST providers work with the various QUEST health plans. QUEST providers must contact health plans, not ACS, for issues related to electronic claims and remittance advice. Health Plans may contact Med-QUEST directly for transaction-related issues. Med-QUEST successfully converted most of its local codes on October 16, 2003. Social Services Division (SSD) local codes will convert in January 2004. Med-QUEST will convert the remaining local codes as instructed by Medicare. In October 2003 Med-QUEST and SSD notified all affected providers of local codes changes. Med-QUEST will continue to implement TCS transactions as mandated by federal law, The latest Proposed Rules include Standards for Electronic Health care Claims Attachment and Electronic Signature Standard. National Provider Identifier (NPI) Med-QUEST, in conjunction with the Arizona’s State Medicaid program, began a review of the NPI Standard and an analysis of the Hawaii Prepaid Medical Management system (HPMMIS). A crosswalk with the NPI requirements and the current HPMMIS provider identification database was conducted to identify and begin modifications to the current provider identification database to assure compliance with the NPI Standard by 5/23/07.
Technical Documents
5010