On July 21, 1996, President Bill Clinton signed into law the Health Insurance Portability and Accountability Act (HIPAA). The objective of the regulations was to ensure that all employees were covered by healthcare insurance, reduce healthcare fraud and abuse, simplify and standardize healthcare administrative tasks and protect the privacy of the patient’s healthcare information. Contained within HIPAA is a section which lists the Administrative Simplification Provisions, which mandates that all healthcare claims be electronically transmitted and that these transmissions conform to federally regulated standards.
Thus, in order for healthcare software to be in compliance with the HIPAA ruling, it has to comply on three distinct levels. First, it must use a standard set of transactions, diagnosis, drug and procedural codes to transmit healthcare data via electronic data interchange (EDI). Second, it must adopt standard de-identifiers to protect the privacy of its patient’s information. Finally, it must implement certain security measures to preserve the integrity of the healthcare data submitted.
HIPAA Compliance Codes
Per HIPAA, an electronic healthcare transaction is the transfer of any healthcare information from one entity to another. Electronic healthcare transactions codes currently exist for the submission of claims, plan enrollment and disenrollment, eligibility determination, payments, referrals and updated claim status. Furthermore, this law also governs the first reports of injury and any subsequent claims attachments.
To achieve compliance, the transaction codes incorporated into the healthcare software should adhere to the standards developed by the Accredited Standard Committee (ASC). These standards are commonly referred to as ASC X12N, Versions 4010A and 4010A1. The only exception to this rule is for retail pharmacy transactions. The system of codes adopted for these transactions is governed by the National Council for Prescription Drug Programs (NCPDP).
In addition to codes that describe the nature of the transaction, any healthcare data transmitted most also be coded. The codes selected by HIPAA were already widely used in the healthcare industry, and fully detailed in the following manuals: International Classifications of Diseases 9th Edition (ICD-9), Current Procedural Terminology, 4th Edition (CPT-4) and Healthcare Procedure Coding System, Level 2 (HCPCS). The set of codes used to describe the patient’s diagnosis comes from ICD-9 Volumes One and Two, and the ones for rendered inpatient services can be found in ICD-9, Volume Three. Codes for doctor performed procedures are listed in CPT-4 and HCPCS.