All you need to know about HIPAA EDI compliance in Healthcare
What is HIPAA? (Health Insurance Portability and Accountability Act)
HIPAA acronym of “Health Insurance Portability and Accountability Act 1996”, is a U.S. law that provides data confidentiality and security provisions to protect patient information. In recent years, the law has become very important with the cyberattacks and ransomware attacks on healthcare insurers and providers. HIPAA contains five titles:
Title I: Health Care Access, Portability, and Renewability
Title I protect health insurance for people who have lost or changed jobs. Besides, the HIPAA first Section prohibits collective health insurance plans from denying coverage to people with specific or existing illnesses or setting lifelong coverage restrictions.
Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform
This title covers a wide range of topics, but all its parts are aimed at preventing fraud and misuse of information. It’s also enforced by the United States Department of Health and Human Services (HHS) to set standards for the handling of electronic healthcare documentation and requires that healthcare providers implement secure electronic access to medical data and comply with HHS privacy rules.
Title III: Tax-related health provisions governing medical savings accounts
This title includes tax regulations and health care guidelines
Title IV: Application and enforcement of group health insurance requirements
A guide to group health plans. It provides modifications for health insurance.
Title V: Revenue offset governing tax deductions for employers
This title provides requirements on company-owned life insurance and the treatment of those who lose their U.S. citizenship for income tax purposes.
What kind of health information does HIPAA protect?
According to HIPAA, certain information is considered protected health information (PHI) or Electronic Protected Health Information (ePHI). This cover data created, received, maintained and transmitted electronically and include the following patient’s information:
– Physical and mental health (diagnoses)
– Provision of medical care to the patient
– Payments for medical services
– Biometric identifiers including finger and voice prints
– Photographic images
– Personal identification information such as name, address, date of birth or date of service, phone numbers, social security, account, medical card number, and any other unique information by which a patient can be traced.
HIPAA requests to manage ePHI in accordance with the following rules:
– Confidentiality – preventing unauthorized access.
– Integrity – Prevention of unauthorized destruction or alteration.
– Accessibility – providing quick access for authorized users.
What is HIPAA EDI (Electronic Data Interchange)?
HIPAA EDI is the standard for the exchange of medical electronic documents between healthcare providers, using Electronic Data Interchange (EDI) communication method.
EDI HIPAA standard is used only in the medical and healthcare industry, such as hospitals, private practice, health insurance, and any other organization related to medical records or patient care.
For exchanging any sensitive medical or administrative information such as claim forms, patient medical records, etc. healthcare providers are required to use only EDI HIPAA. Even Medicare accepts administrative documents submitted in electronic format with EDI HIPAA.
HIPAA EDI Documents Standard
When a medical document is converted to a HIPAA EDI transaction set, it acquires a standard code and name. The most commonly used EDI HIPAA transaction in medical practice are:
X12 837 Healthcare Medical Claims
EDI 837 transaction set is used by a health care provider to submit an insurance payer healthcare medical claims, billing information.
X12 270 and 271 Healthcare Eligibility, Coverage and Benefit Inquiry (270) and Response (271)
EDI 270 is used to request information from a health insurance provider about covered patient services. EDI 271 is a response to a requested (EDI 270); it provides information about healthcare policy coverages.
X12 276 and 277 Healthcare Claim Status Request (276) and Response (277)
Healthcare providers use EDI 276 to check the status of a claim submitted already to a payer it could be an insurance company or government organization. EDI 277 response, this EDI document contains response data about payments.
X12 278 Health Care Services Review Information
EDI 278 transaction set is used by a healthcare provider to request authorization from a payer (insurance company in most cases) to provide healthcare service to a given patient.
X12 835 Health Care Claim Payment/Advice
EDI 835 is used to make payments to healthcare providers, or to provide Explanations of Benefits.
X12 275 Patient Information
EDI 275 transaction set contains patient Information such as demographic, clinical, and other supporting data.
What types of communication protocols can be used for HIPAA EDI transactions?
HIPAA EDI transaction sets are X12-based therefore can be transmitted using various communication protocols, which are the same as for ACS X12
Benefits of EDI in Healthcare
EDI and HIPAA have dramatically changed healthcare information management and medical data exchange. According to Mordor Intelligence, the healthcare EDI market is expected to register a CAGR of 8% during the forecast period (2014 – 2024).
The use of electronic data interchange such as HIPAA, EDI X12, EDIFACT, HL7 or FHIR provides huge benefits for the healthcare industry namely:
– reduce the costs of transaction data.
– Increase the security of sensitive data.
– Increase productivity.
– Improve data collection and reporting.
– Higher patient satisfaction.