HIPAA for Providers

The Utah Medicaid HIPAA website provides information for Medicaid providers and trading partners regarding HIPAA legislation and electronic data interchange (EDI).

The Division of Medicaid and Health Financing manages multiple medical programs for needy individuals in the State of Utah, including Medicaid and the Privacy Care Network (PCN) Program.  Medicaid administers these programs and encourages electronic data interchange (EDI) as a means to contain administrative costs.

This page describes the process for activating your EDI account with Medicaid.  Whether or not providers are currently sending EDI transactions, an EDI account must be activated with Medicaid.

Providers must:

1. Become a member of the Utah Health Information Network opens in a new tab (UHIN) by
   1. Signing the current Electronic Commerce Agreement opens in a new tab and ECA Amendment opens in a new tab
   2. Obtaining a UHIN opens in a new tab Trading Partner Number* (TPN).
2. Complete Steps 9 thru 12 of the Utah Medicaid Provider EDI Enrollment application.

Providers have the responsibility to adequately test all business rules appropriate to the provider type and specialty. When using a third party vendor (clearinghouse), it is the obligation of the trading partner* to ensure the vendor has adequately tested the business rules appropriate to each provider type and specialty.

*A provider submitting EDI transactions is considered a trading partner.

The following guides are applicable to the PRISM system.  Click here for more information on PRISM go-live.

• Fee For Service Specific Transactions
  • 837D -FFS Health Care Claim: Dental opens in a new tab
  • 837I - FFS Health Care Claim: Institutional opens in a new tab
  • 837P- FFS Health Care Claim: Professional opens in a new tab
  • 835 – FFS Health Care Claim Payment/Advice opens in a new tab
  • 278 – Health Care Eligibility Benefit Inquiry & Response opens in a new tab

• Managed Care Specific Transactions
  • 837D -Encounter Health Care Claim: Dental opens in a new tab
  • 837I - Encounter Health Care Claim: Institutional opens in a new tab
  • 837P- Encounter Health Care Claim: Professional opens in a new tab
  • 820 –Payroll Deducted and Other Group Premium Payment opens in a new tab
  • 834 –Benefit Enrollment and Maintenance opens in a new tab

• Other EDI Transactions
  • 270/271 – Health Care Eligibility Benefit Inquiry & Response opens in a new tab
  • 276/277 – Health Care Claim Status Request & Response opens in a new tab

Effective October 16, 2003, a provider must use applicable data code sets described in the Code of Federal Regulations (162.1002) and as specified in the implementation specifications. This web page provides links to some of the specified code sets. Each code set is valid within the dates specified by the organization responsible for maintaining the code set.

Current Health Care Code Lists

• HCPCS Updates opens in a new tab
• Washington Publishing Code Lists opens in a new tab

Federal

The final rules and regulations associated with Administrative Simplification are maintained in the Code of Federal Regulations, parts 160, 162 and 164 of title 45. They are available through the Center for Medicare and Medicaid Services (CMS) opens in a new tab website and include:

Transactions ‐ This rule adopts a Point of Sale standard and eight electronic X12 transactions including code sets to be used in the transactions.  Standardization allows for exchange of healthcare information for purposes such as third-party liability administration and fraud and abuse detection, and for simplified record keeping.

Privacy ‐ This regulation protects medical records and other personal health information maintained by health care providers, hospitals, health plans, health insurers, and health care clearinghouses. It limits the non-consensual use and release of private health information, gives patients new rights to access their medical records and to know who has accessed them, and restricts most disclosure of health information to the minimum needed for the intended purpose. The regulation provides protection for paper, oral and electronic information, creating a privacy system that covers all personal health information created or held by covered entities.

Security ‐ This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information.

Utah

The Department of Health opens in a new tab participates with a coalition of health care insurers, providers and other interested parties in developing these standards. The coalition, known as the Utah Health Information Network (UHIN) opens in a new tab, is a not-for-profit organization that is reducing the cost of Administrative Health Care through electronic transactions, electronic transaction standards, and education. Participants in the coalition are active members of many national standard setting organizations. Visit the UHIN opens in a new tab website for more information regarding electronic commerce agreements, State standards and specifications, and HIPAA links including links to transaction guides and code sets.

The State of Utah Insurance Commissioner’s Office opens in a new tab, incorporates billing standards into State rule.