HIPAAdvisor: Q & A with Steve Fox

IMPLICATIONS OF FINAL TRANSACTIONS AND CODE SETS RULE

QUESTION: The final rule setting forth the standards for electronic transactions has been published.  Now what?

ANSWER: In the interest of increasing efficiency and reducing costs associated with the electronic transfer of information, and as mandated by HIPAA, the Department of Health and Human Services (DHHS) has designated national standardized formats for use during certain electronic health care transactions.  These standards are applicable to the following health care transactions:

(1) health care claims or equivalent encounter information,
(2) health care payment and remittance advice,
(3) coordination of benefits,
(4) health care claim status,
(5) enrollment and disenrollment in a health plan,
(6) eligibility for a health plan,
(7) health plan premium payments, and
(8) referral certification and authorization.

Standards for electronic transactions relating to the first report of injury and health claims attachments, also required by HIPAA, as well as any other transactions that DHHS may prescribe, will be established by DHHS separately.

The electronic transaction standards are applicable to health plans, health care clearinghouses, and health care providers that transmit any health information in electronic form in connection with one of the transactions referenced above.

These "covered entities" may use a "business associate" (a newly defined term), including a health care clearinghouse, to conduct a transaction covered under this rule.  "Business associate" means a person who performs a regulated function or activity on behalf of a covered entity, and may itself be a covered entity.  However, covered entities must require their business associates to comply with HIPAA's transaction standards and require any of the business associates' agents or subcontractors to comply with the standards as well.

The standardized formats were developed in conjunction with the development of HIPAA's proposed privacy regulation.  DHHS anticipates that compliance with the final privacy regulation will be required at approximately the same time as the compliance date for the electronic transaction standards (for most covered entities, October 16, 2002).  However, if the privacy standards are substantially delayed, or if Congress does not pass comprehensive and effective privacy legislation that supercedes HIPAA's privacy standards, DHHS may suspend the application of the electronic transaction standards or withdraw this rule altogether.

The two-year implementation period presents covered entities with the perfect opportunity to audit their internal business processes at a macro level with the mandated transaction solutions in mind and to identify opportunities to create synergy across the enterprise resulting in additional cost savings and increased efficiency.

Accordingly, organizations should begin conducting internal audits to determine which of these transactions are currently supported electronically and the ratio of electronic to non-electronic transactions.  If the ratio is relatively low, or transition to the mandated standards deemed too costly, it may be more cost effective to outsource the entire function to a business associate.  In the alternative, an organization may find that supporting these transactions internally not only allows the streamlining of other related functions, but can also be easily achieved with the assistance of a current technology vendor.  Therefore, this is a good time to establish, re-establish, or strengthen relationships with current and potential business partners and to evaluate overall HIPAA compliance planning.

Read past HIPAA Legal Q/A articles.

This article was co-authored by Rachel H. Wilson, Esq., an associate at Pepper Hamilton.

Disclaimer: Steve's responses offer information that is general in nature and should not be relied upon as legal advice. Only your attorney is qualified to evaluate your specific situation and provide you with customized advice.

Have a question you'd like Steve to discuss in HIPAAlert? Send it to and he'll be glad to consider using it in a future column, with or without attribution.