Administrative Simplification Provisions of HIPAA

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author

The HIPAA Administrative Simplification provisions are in place to provide consistency in electronic communications within healthcare for Protected Health Information (PHI). These mandate the usage of standard transactions, code sets, and identifiers for the United States healthcare system.

Who Must Comply?

The most common organizations which must comply are healthcare clearinghouses, healthcare providers, and health plans. Organizations that are considered covered entities usually require compliance, but there are exceptions. Examples may include providers who don’t have records in electronic format and educational institutions which provide healthcare services for only students.

Business partners, which are referred to as Business Associates (BA) within HIPAA are sometimes subject to parts of the Administrative Simplification provisions. This will depend on the services that they perform. A business partner is considered a BA if they create, receive, maintain, or transmit PHI. We can assist in determining designations of partnerships within your healthcare business.

Codes Sets

The U.S. Department of Health and Human Services (HHS) has adopted code sets that are specific to diagnoses and procedures. These are to be used in all transactions. Included are the following:

  1. Current Procedural Terminology (CPT) for outpatient procedures and services
  2. Health Care Procedure Coding System (HCPCS) for ancillary services and procedures
  3. International Classification of Diseases, 10th Revision (ICD-10) for diagnosis and hospital inpatient procedure


Also included in the provisions are identifiers that HIPAA requires for employers, health plans, providers, and patients to be used in transactions.

There are many facets to maintaining your healthcare business’s cybersecurity and HIPAA compliance. While they are intertwined, they are not the same thing.

This article was originally published on HIPAA Secure Now! and is republished here with permission.