If an individual (i.e., a subscriber or a patient) uses his or her credit or debit card to pay for premiums, deductibles and/or co-payments, is that “transaction” considered a HIPAA standard, and must it be in a HIPAA compliant format with HIPAA compliant content?
If a health plan does not conduct a particular HIPAA transaction – for example, the health care claim status transaction – is it required to comply with the operating rules adopted for the transaction?
Does compliance with HIPAA require the submission of the 999 Implementation Acknowledgement Transaction when submitting a batch 271 , Version 5010, response to a 270, Version 5010, eligibility inquiry?
Do the HIPAA requirements for the eligibility for a health plan transaction and health care claims transaction, including the standards and operating rules, apply to issuers of long-term care nursing home fixed indemnity policies?
Q: If an individual (i.e., a subscriber or a patient) uses his or her credit or debit card to pay for premiums, deductibles and/or co-payments, is that “transaction” considered a HIPAA standard, and must it be in a HIPAA compliant format with HIPAA compliant content?
A: The HIPAA standards must be used by “covered entities,” which are health plans, health care clearinghouses and health care providers who conduct any of the standard transactions electronically. The HIPAA standards do not apply to individuals, unless they are acting in some capacity on behalf of a covered entity, and not on behalf of themselves as, for example, subscribers or patients. An individual, acting on behalf of himself or herself, is not a covered entity, and is therefore not subject to the HIPAA standards. Transactions conducted between subscribers or patients and health plans or health care providers are not transactions for which the Secretary of Health and Human Services has adopted standards. Therefore, if an individual uses a personal credit card or debit card to pay either a premium, co-payment and/or deductible to a health plan or a health care provider, the individuals are not covered entities, they are not conducting covered transactions, and the transactions being conducted need not be in the standard format.
A: As required by HIPAA, on August 17, 2000 the Secretary of Health and Human Services adopted standards for the following administrative and financial health care transactions: Health care claims and equivalent encounter information; enrollment and disenrollment in a health plan; health care payment and remittance advice; health plan premium payments; health care claim status requests and responses; referral certification and authorization; eligibility inquiry and response; and coordination of benefits. Additional standards maybe adopted in the future.
A: No, the HIPAA transaction requirements, including the operating rules, generally apply to electronic transactions between HIPAA covered entities. A covered entity is a health plan, a health clearinghouse, or a health care provider who transmits any health information in electronic form in connection with HIPAA transactions (45 CFR 160.103). Policyholders, patients, and members are not covered entities, and therefore are not subject to the HIPAA transaction requirements.
A: The final rule adopting changes to the HIPAA Electronic Transactions and Code Set standards published in the Federal Register on February 20, 2003, does not adopt a standard for reporting drugs and biologics in HIPAA transactions other than those for retail pharmacies. Therefore, compliance permits the use of the HCPCS or NDC code set to meet business needs. In the absence of an adopted code set for drugs and biologics, the X12 implementation guides adopted as HIPAA standards must be consulted. If you currently use HCPCS to report drugs and biologics you may continue to do so. You may also use the NDC code set if you meet the conditions for use specified in the implementation guide/TR3 Report. The NDC code set must be used for reporting drugs and biologics on retail pharmacy transactions.
Q: If a health plan does not conduct a particular HIPAA transaction – for example, the health care claim status transaction – is it required to comply with the operating rules adopted for the transaction?
A: If a covered entity is required to comply with the standards for a particular transaction, then the covered entity is also required to comply with the operating rules for the transaction. The general rule is, if an entity requests a health plan to conduct a transaction as a standard transaction, the health plan must do so (45 CFR 162.925(a). In the Transactions and Code Sets final rule, we provided the following guidance as to when a health plan is required to conduct standard transactions: “[A] health plan is required to have the capacity to accept and/or send (either itself, or by hiring a health care clearinghouse to accept and/or send on its behalf) a standard transaction that it otherwise conducts but does not currently support electronically” (65 FR 50312 at 50314 (August 17, 2000). Some of the transactions listed in section 1173(a)(2) of the Social Security Act – for example, health care claim status, eligibility for a health plan, and health care electronic funds transfers (EFT) and remittance advice –are so widely used that, most, if not all, health plans are required to conduct them as standard transactions.
A: The Version 5010 final rule (CMS-0009-F) at 45 CFR Part 162, adopts new versions of the ASC X12 and NCPDP standards for HIPAA transactions. Respectively, the rule adopts Version 5010 to replace Version 4010/4010A, and Version D.0 to replace Version 5.1 The transactions include: health care claims or equivalent encounter information for professional, institutional and dental services; eligibility for a health plan (inquiry and response); referral certification and authorization; health care claim status (inquiry and response); enrollment and disenrollment in a health plan; health care payment and remittance advice; health care premium payments; coordination of benefits. The D.0 standard for pharmacy transactions includes: claims, eligibility requests and responses, referral certification and authorization, and coordination of benefits. The Version 5010 final rule also adopts a new NCPDP standard for Medicaid pharmacy subrogation. This standard will allow State Medicaid agencies to conduct pharmacy subrogation transactions with certain payers to more efficiently recoup funds for payments that they have made for Medicaid recipients, in cases where another third party payer has primary financial responsibility. Without a standard, Medicaid agencies and their trading partners have been using proprietary formats, without the benefit of standardization.
A: If a covered entity chooses to use a business associate to conduct transactions on its behalf, the covered entity must require the business associate to comply with all HIPAA transaction standards, operating rules, and code sets. For more information regarding business associate requirements, see the final rule published on January 25, 2013 (78 FR 5566).
Q: Does compliance with HIPAA require the submission of the 999 Implementation Acknowledgement Transaction when submitting a batch 271 , Version 5010, response to a 270, Version 5010, eligibility inquiry?
A: No. The 5010 271 Eligibility response TR3 Report (ASC X12N 005010X279), in Section 1.6 of the Front Matter states a requirement to submit a 999 response to all 270 batch eligibility inquiries. The TR3 Report could be interpreted to mean that the 999 acknowledgement response is required by the TR3 Report. However, compliance with HIPAA does not require the reporting of the 999 Acknowledgement because it is not an adopted standard. Nor has the acknowledgement been recognized as a transaction under HIPAA for which the Secretary will adopt a standard. The 999 Acknowledgement informs the submitter that the submitted functional group arrived at its destination. It may include information about the syntactical quality of the functional group and compliance with the TR3 report. The 5010 271 TR3 report requires the submission of the 999 Acknowledgement as a response to the receipt of a compliant batch 270 transaction. It is not required as a response to receipt of a compliant real-time 270 transaction. The use of X12 Acknowledgements is discussed in the 5010/D.0 final rule (Federal Register, Volume 74, NO. 11, 1/16/09, page 3309, columns 1-2). We did not adopt an Acknowledgement Standard when we adopted Version 5010 because it had not been vetted through the standards adoption process. We intend to consider future adoption of a standard for the acknowledgement transaction. During the interim, X12 acknowledgement standards are available for voluntary use among trading partners, but not required.
Q: Do the HIPAA requirements for the eligibility for a health plan transaction and health care claims transaction, including the standards and operating rules, apply to issuers of long-term care nursing home fixed indemnity policies?
A: No, under the definition of "health plan" at 45 CFR 160.103, issuers of long-term care nursing home fixed indemnity policies are not health plans. Therefore, HIPAA administrative simplification requirements, including operating rules, do not apply to those plans.
A: Specific technical questions regarding the X12 Implementation Guides and TR3 Reports may be submitted through the X12 website, in the "Interpretation" section: http://www.x12.org/x12org/subcommittees/x12interpretations.cfm. There are two types of interpretations (X12 standards and HIPAA Implementation Guides), and you can submit new questions, as well as research earlier questions. Be sure to enter details about the part of the HIPAA implementation guide that relates to your question. For example, "can the interchange control number at ISA 13 segment be duplicated?" This service provided by X12 is very valuable for interpretations and clarifications of the X12 standard.