Back to Top Skip to main content

Health Insurance Portability and Accountability Act

The 1996 Health Insurance Portability and Accountability Act (HIPAA), as amended, establishes standards and requirements for health plans, clearinghouses, and health care providers, including military treatment facilities (MTFs), that transmit health information electronically. This can be via claims, remittance, eligibility, and claim status requests and responses. Implementing regulations issued by the Department of Health and Human Services (HHS) includes the following requirements:

  • Standard transactions, code sets, and identifies are used when transmitting HIPAA protected transactions;
  • Information security guidance; and
  • Protecting patient confidentiality.

HIPAA Transactions, Code Sets & Identifiers

In the HIPAA regulations, the Secretary of HHS adopted certain standard transactions, code sets, and identifiers required for the electronic data interchange (EDI) of health care data. Learn more about each of these:

HIPAA-Compliant Electronic Claims

Electronic claims are transmitted data "packets" between MTFs and clearinghouses and payers. Billing solutions first apply an initial set of edits, commonly known as front-end edits or pre-edits, to prepare claims for electronic clearinghouses. These clearinghouses ensure that the claims meet the basic format and content requirements of the HIPAA standards. If errors are detected, a single claim or the entire packet is rejected for correction and re-submission. Claims that pass are processed by the payers' claims processing systems. Additional payer edits may result in order to ensure compliance with payer coverage and payment policies. If errors are detected at this level, a single claim may be rejected for re-submission, determination of allowed amounts, re-determination of payer and patient responsibility, or denial of a claim. 

In every case, the MTF should receive a response from the clearinghouse or payer that indicates the error to be corrected, or the reason for payment adjustment or denial. After successful transmission, the MTF should receive an acknowledgement report.

For more information on HIPAA and the UBO, review the UBO User Guide.

HIPAA Security Rule

The HIPAA Security Rule is designed to provide protection for all individually identifiable health information that is maintained, transmitted, or received in electronic form, not just the information in standard transactions. All covered entities must be in compliance with the HIPAA Security Rule no later than April 20, 2005.

HIPAA Taxonomy Codes

HIPAA Taxonomy Codes provide a standard classification scheme to describe provider specialties. They are 10-digit numbers assigned under the HIPAA provisions to health care providers in order to digitally encode their specialty and facilitate electronic billing. HIPAA taxonomy codes may also be used on paper claims for providers that do not have National Provider Identifiers (NPI). Billing applications map the provider specialty codes listed on the encounter records into the standard taxonomy codes.

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing: Download a PDF Reader or learn more about PDFs.