HIPAA Identifiers

The Health Insurance Portability and Accountability Act’s is most famous for introducing new standards of data privacy to the healthcare industry. However, this is not its only function. HIPAA also introduced industry-wide practices with the aim of improving efficiency and patient experience in the healthcare industry.

For example, HIPAA requires healthcare officials to use code sets along with patient identifiers to allow for efficient transfer of healthcare data between healthcare organisations and insurers. This streamlined communication between the two covered entities (CEs) renders the entire process more efficient and generally allows for an altogether more positive patient experience.

HIPAA Administrative Simplification Regulation

The HIPAA Administrative Simplification regulation addressed the rules that CEs must follow when using these code sets and unique identifiers for electronic transactions. These rules are also called the electronic data interchange (EDI) standards. The regulations are found in 45 CFR 160, 45 CFR 162, and 45 CFR 164.

The HIPAA Simplification Rule unique identifiers are:

  • Standard Unique Employer Identifier: This can be found on an employee’s federal Internal Revenue Service (IRS) Form W-2 as the ‘EIN’, or Employer Identification Number. It may also be found on an IRS Tax Statement from an employer. Using the EIN allows for the employer to be identified during a HIPAA transaction without the patient’s health plan or insurance cover being identified.
  • National Provider Identifier (NPI): This is a unique 10-digit identification number for covered care providers. HIPAA CEs should use NPIs for HIPAA administrative and financial transactions. HIPAA CEs include healthcare providers, health clearinghouses, and health plans.
  • National Health Plan Identifier (NHID): A unique health plan identifier for use in electronic transactions. These were established when the Department of Health and Human Services published the final rule. Health plans are divided into controlling health plans and sub-health plans.

It is important to note that the National Individual Identifier has been discarded due to controversy related to individual privacy rights.

The code sets required for electronic transactions have been developed for diagnoses, procedures, diagnostic tests, treatments, and equipment and supplies. The code sets are designed to be simple for administrators to use, thereby creating a more productive system that reduces the burden on an already strained industry.

HIPAA specifies that the healthcare industry should use the following five code sets for electronic transactions:

  • International Classification of Diseases (ICD)
  • Current Procedural Terminology (CPT)
  • HCFA Common Procedure Coding System (HCPCS)
  • Code on Dental Procedures and Nomenclature (CDT)
  • National Drug Codes (NDC)

In summary, the HIPAA’s Administrative Simplification regulations create standards that simplify electronic administration processes in the healthcare industry, with associated time-saving and cost- reducing benefits. The code sets and identifiers apply to any patient information that is transmitted electronically between CEs. Using these code sets and identifiers also improve patient privacy in the healthcare industry.

The Centres for Medicare & Medicaid Services are responsible for administering and enforcing the HIPAA Administrative Simplification regulations, although any HIPAA CE, not just those associated with Medicare and Medicaid, are required to comply with the Rules.