CMA: HIPAA Basics Quick Reference Primer

HIPAA TCS Solutions from PCI


The information provided in this document is intended to arm you quickly with essential HIPAA information.  Additional helpful reference materials can be found on the following websites.  Please note that the lists provided below are examples of just some of the valuable references you will find on these sites.  In visiting these and other HIPAA related sites you will find much more in the way of valuable information.


Website Document

Testing and Certification White Paper Version 3.0, August 2002

Data and Code Set Compliance

Trading Partner Agreements

HIPAA Law Summary

Transaction and Code Sets Standards

Privacy Standards

Security Standards

X12 Implementation Guides


HIPAA Basics

  1. What HIPAA is

    HIPAA is a federal Law enacted by congress which primarily addresses administrative simplification for health care transactions and code sets.  The components of HIPAA and their respective mandated compliance dates are listed below.

    Transactions and Code Sets Oct 16, 2003[1]
    Privacy  Apr 14, 2003[2]
    Security April 21, 2005[3]
    National Identifiers  July 30, 2004[4] (employer identifier standard)


  2. Who Must Comply

    The following parties are considered covered entities under HIPAA and therefore must comply with the standards.

    • §  All health plans
    • §  All health care clearinghouses
    • §  Any health care provider that conducts any of the transactions covered under HIPAA in electronic form
  • III. Transactions Effected by HIPAA

    The table below reflects those transactions covered by HIPAA and whether those transactions are inbound or outbound from a provider’s or payer’s system.

  • IV. Specific Requirements For Electronic Submission of Transactions Under the Transaction and Code Sets Ruling

    With the exception of prescription drug claims, all transactions must be conducted using the ASC X12N implementation formats and code sets named within.  Prescription drug claims should be conducted using the NCPDP version 5.1 standards.  The ASC X12N implementation guides can be found at  The NCPDP standards can be found at

  • V. Legal Aspects of HIPAA

    In conjunction with HIPAA, covered entities are executing standard trading partner and business associate agreements You are encouraged to visit and for additional information on the purpose and content of these agreements.  You are also encouraged to refer the final rule of the standard for electronic transactions published at for regulation penalty and enforcement information.

  • VI. Testing

    Under the ASCA regulation all covered entities under the transaction and code sets ruling were to be in testing no later than April 16, 2003.  You are encouraged to visit for industry expert testing recommendations which include compliance testing with third party services and business to business testing with your trading partners.  You are also encouraged to visit, the industry’s leader in third part compliance testing services.

    We hoped that you enjoyed and found this primer of utmost assistance to you.  Paramore Consulting is an industry leader in providing expert assistance with HIPAA education and implementation.  You are encouraged to visit for a list of our services and how we can help you and your organization efficiently and effectively meet HIPAA compliance mandates and deadlines.


    [1] Any covered entities that did not file for the extension under ASCA were to be in compliance October 16, 2002

    [2] All covered entities except small health plans.  Small health plans have until April 14, 2004 to be in compliance.

    [3] All covered entities except small health plans.  Small health plans have until April 21, 2006 to be in compliance.

    [4] All covered entities except small health plans.  Small health plans have until August 1, 2005 to be in compliance.   Please note that this compliance deadline only applies to the employer identifier standard.  Compliance standards and deadlines for payer and provider standard identifiers have yet to be determined.


    PrivaPlan Associates Privacy Policy

Related Posts

Access PrivaPlan Toolkit

Access CMA-PrivaPlan Toolkit

Sign up for updates