HIPAA for Providers

HIPAA for Providers

The Utah Medicaid HIPAA website provides information for Medicaid providers and trading partners regarding HIPAA legislation and electronic data interchange (EDI).

Notice of Privacy Practices for Providers

EDI Enrollment

The Division of Medicaid and Health Financing manages multiple medical programs for needy individuals in the State of Utah, including Medicaid and the Privacy Care Network (PCN) Program.  Medicaid administers these programs and encourages electronic data interchange (EDI) as a means to contain administrative costs.

This page describes the process for activating your EDI account with Medicaid.  Whether or not providers are currently sending EDI transactions, an EDI account must be activated with Medicaid.

Providers must:

1. Become a member of the Utah Health Information Network (UHIN) by

a. Signing the current Electronic Commerce Agreement and ECA Amendment
b. Obtaining a UHIN Trading Partner Number* (TPN).

2. Complete Steps 9 thru 12  of the Utah Medicaid Provider EDI Enrollment application.

Providers have the responsibility to adequately test all business rules appropriate to the provider type and specialty. When using a third party vendor (clearinghouse), it is the obligation of the trading partner* to ensure the vendor has adequately tested the business rules appropriate to each provider type and specialty.

*A provider submitting EDI transactions is considered a trading partner.


HIPAA transaction and code set requirements are outlined in the National Electronic Data Interchange Transaction Set Implementation Guides. Companion guides have been created outlining supplemental requirements specific to Utah Medicaid, as permitted within the structure of the HIPAA transaction sets. The guides will be updated as implementation of each transaction occurs. The most current version will be available on the website. All providers who submit claims electronically to Utah Medicaid must adhere to the HIPAA Implementation Guide, the Utah Specific Transaction Instructions (Companion Guide), and policy contained in the provider manuals.

(UHINt 2.5 Templates)

The following UHINt 2.5 templates have been created to provide training and instructions on Medicaid specific fields that must be completed in order to obtain a successful claim transmission. If utilizing other software, these templates may be a guideline for required data elements.

Health Care Code Lists

Effective October 16, 2003, a provider must use applicable data code sets described in the Code of Federal Regulations (162.1002) and as specified in the implementation specifications. This web page provides links to some of the specified code sets. Each code set is valid within the dates specified by the organization responsible for maintaining the code set.

Current Health Care Code Lists

Rules and Regulations

  • Federal

    The final rules and regulations associated with Administrative Simplification are maintained in the Code of Federal Regulations, parts 160, 162 and 164 of title 45. They are available through the Center for Medicare and Medicaid Services (CMS) website and include:

    Transactions: This rule adopts a Point of Sale standard and eight electronic X12 transactions including code sets to be used in the transactions.  Standardization allows for exchange of healthcare information for purposes such as third-party liability administration and fraud and abuse detection, and for simplified record keeping.

    Privacy: This regulation protects medical records and other personal health information maintained by health care providers, hospitals, health plans, health insurers, and health care clearinghouses. It limits the non-consensual use and release of private health information, gives patients new rights to access their medical records and to know who has accessed them, and restricts most disclosure of health information to the minimum needed for the intended purpose. The regulation provides protection for paper, oral and electronic information, creating a privacy system that covers all personal health information created or held by covered entities.

    Security: This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information.


    The Department of Health participates with a coalition of health care insurers, providers and other interested parties in developing these standards. The coalition, known as the Utah Health Information Network (UHIN), is a not-for-profit organization that is reducing the cost of Administrative Health Care through electronic transactions, electronic transaction standards, and education. Participants in the coalition are active members of many national standard setting organizations. Visit the UHIN website for more information regarding electronic commerce agreements, State standards and specifications, and HIPAA links including links to transaction guides and code sets.

    The State of Utah Insurance Commissioner’s Office, incorporates billing standards into State rule.

Available Resources and Committees

One of the best resources for information regarding HIPAA is the web site for the U.S. Department of Health and Human Services. The final rule and links to other HIPAA related sites are available from this web site.

Utah Health Information Network (UHIN) is a coalition of providers and payers within the State of Utah. A provider solution to all HIPAA transactions is being developed, including a dental solution to EDI. Visit the UHIN web site:

Publications of the implementation guides are available through Washington Publishing site:

Participation in national workgroups and committees is strongly encouraged. They include: