skip to: page content | links on this page | site navigation | footer (site information)

 

Company | Support | Contact Us
Privacy | Transactions and Code Sets | Security | Identifiers
HIPAA Navigator | HIPAA SLP | Manuals
Approach | Assessment | Implementation | Training | Evaluation | Maintenance
For Providers | For Health Plans | FAQ | Free Downloads
For Providers | For Health Plans | For Attorneys | For Security Professionals
subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link
subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link

Standards for Security and Electronic Signatures

NOTE: This section of the Security Standard has been updated in the final Security Rule as of April 21, 2003, and is no longer current - it is provided for reference only.

Subpart A--General Provisions

§ 142.101 Statutory basis and purpose.

Sections 1171 through 1179 of the Social Security Act, 42 U.S.C. 1320d, as added by section 262 of the Health Insurance Portability and Accountability Act of 1996, require HHS to adopt national standards for the electronic exchange of health information in the health care system. The purpose of the sections of this part is to promote administrative simplification.

§ 142.102 Applicability.

(a) The standards adopted or designated under this part apply, in whole or in part, to the following:

  • A health plan.
  • A health care clearinghouse when doing the following:
    • Transmitting a standard transaction (as defined in § 142.103) to a health care provider or health plan.
      Receiving a standard transaction from a health care provider or health plan.
    • Transmitting and receiving the standard transactions when interacting with another health care clearinghouse.
  • A health care provider when transmitting an electronic transaction as defined in § 142.103.

(b) Means of compliance are stated in greater detail in § 142.105.

§ 142.103 Definitions.

For purposes of this part, the following definitions apply:

Code set means any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes.

Health care clearinghouse means a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements. The entity receives health care transactions from health care providers or other entities, translates the data from a given format into one acceptable to the intended payer or payers, and forwards the processed transaction to appropriate payers and clearinghouses. Billing services, repricing companies, community health management information systems, community health information systems, and “value-added” networks and switches are considered to be health care clearinghouses for purposes of this part.

Health care provider means a provider of services as defined in section 1861(u) of the Social Security Act, 42 U.S.C. 1395x, a provider of medical or other health services as defined in section 1861(s) of the Social Security Act, and any other person who furnishes or bills and is paid for health care services or supplies in the normal course of business.

Health information means any information, whether oral or recorded in any form or medium, that--

  • Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
  • Relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.

Health plan means an individual or group plan that provides, or pays the cost of, medical care. Health plan includes the following, singly or in combination:

  • Group health plan. A group health plan is an employee welfare benefit plan (as currently defined in section 3(1) of the Employee Retirement Income and Security Act of 1974, 29 U.S.C. 1002(1)), including insured and self- insured plans, to the extent that the plan provides medical care, including items and services paid for as medical care, to employees or their dependents directly or through insurance, or otherwise, and--
    • Has 50 or more participants; or
    • Is administered by an entity other than the employer that established and maintains the plan.
  • Health insurance issuer. A health insurance issuer is an insurance company, insurance service, or insurance organization that is licensed to engage in the business of insurance in a State and is subject to State law that regulates insurance.
  • Health maintenance organization. A health maintenance organization is a Federally qualified health maintenance organization, an organization recognized as a health maintenance organization under State law, or a similar organization regulated for solvency under State law in the same manner and to the same extent as such a health maintenance organization.
  • Part A or Part B of the Medicare program under title XVIII of the Social Security Act.
  • The Medicaid program under title XIX of the Social Security Act.
  • A Medicare supplemental policy (as defined in section 1882(g)(1) of the Social Security Act, 42 U.S.C. 1395ss).
  • A long-term care policy, including a nursing home fixed-indemnity policy.
  • An employee welfare benefit plan or any other arrangement that is established or maintained for the purpose of offering or providing health benefits to the employees of two or more employers.
  • The health care program for active military personnel under title 10 of the United States Code.
  • The veterans health care program under 38 U.S.C. chapter 17.
  • The Civilian Health and Medical Program of the Uniformed Services (CHAMPUS), as defined in 10 U.S.C. 1072(4).
  • The Indian Health Service program under the Indian Health Care Improvement Act (25 U.S.C. 1601 et seq.).
  • The Federal Employees Health Benefits Program under 5 U.S.C. chapter 89.
  • Any other individual or group health plan, or combination thereof, that provides or pays for the cost of medical care.

Medical care means the diagnosis, cure, mitigation, treatment, or prevention of disease, or amounts paid for the purpose of affecting any body structure or function of the body; amounts paid for transportation primarily for and essential to these items; and amounts paid for insurance covering the items and the transportation specified in this definition.

Participant means any employee or former employee of an employer, or any member or former member of an employee organization, who is or may become eligible to receive a benefit of any type from an employee benefit plan that covers employees of that employer or members of such an organization, or whose beneficiaries may be eligible to receive any of these benefits. "Employee" includes an individual who is treated as an employee under section 401(c)(1) of the Internal Revenue Code of 1986 (26 U.S.C. 401(c)(1)).

Small health plan means a group health plan or individual health plan with fewer than 50 participants.

Standard means a set of rules for a set of codes, data elements, transactions, or identifiers promulgated either by an organization accredited by the American National Standards Institute or HHS for the electronic transmission of health information.

Transaction means the exchange of information between two parties to carry out financial and administrative activities related to health care. It includes the following:

  • Health claims or equivalent encounter information.
  • Health care payment and remittance advice
  • Coordination of benefits.
  • Health claims status.
  • Enrollment and disenrollment in a health plan.
  • Eligibility for a health plan.
  • Health plan premium payments.
  • Referral certification and authorization.
  • First report of injury.
  • Health claims attachments.
  • Other transactions as the Secretary may prescribe by regulation.

§ 142.104 General requirements for health plans.

If a person conducts a transaction (as defined in § 142.103) with a health plan as a standard transaction, the following apply:

(a) The health plan may not refuse to conduct the transaction as a standard transaction.

(b) The health plan may not delay the transaction or otherwise adversely affect, or attempt to adversely affect, the person or the transaction on the ground that the transaction is a standard transaction.

(c) The health information transmitted and received in connection with the transaction must be in the form of standard data elements of health information.

(d) A health plan that conducts transactions through an agent must assure that the agent meets all the requirements of this part that apply to the health plan.

§ 142.105 Compliance using a health care clearinghouse.

(a) Any person or other entity subject to the requirements of this part may meet the requirements to accept and transmit standard transactions by either--

  • Transmitting and receiving standard data elements; or
  • Submitting nonstandard data elements to a health care clearinghouse for processing into standard data elements and transmission by the health care clearinghouse and receiving standard data elements through the health care clearinghouse.

(b) The transmission, under contract, of nonstandard data elements between a health plan or a health care provider and its agent health care clearinghouse is not a violation of the requirements of this part.

§ 142.106 Effective dates of a modification to a standard or implementation specification.

HHS may modify a standard or implementation specification after the first year in which HHS requires the standard or implementation specification to be used, but not more frequently than once every 12 months. If HHS adopts a modification to a standard or implementation specification, the implementation date of the modified standard or implementation specification may be no earlier than 180 days following the adoption of the modification. HHS determines the actual date, taking into account the time needed to comply due to the nature and extent of the modification. HHS may extend the time for compliance for small health plans.

Subpart B--[Reserved]

Go to TOP

REGULATION SUBPART C

Privacy Policy | Legal Notice | ©2001-2008 HIPAAssociates, Inc.