HIPAA for Providers

HIPAA for Providers

The Utah Medicaid HIPAA website provides information for Medicaid providers and trading partners regarding HIPAA legislation and electronic data interchange (EDI).

Notice of Privacy Practices for Providers

EDI Enrollment

The Division of Medicaid and Health Financing manages multiple medical programs for needy individuals in the State of Utah, including Medicaid and the Privacy Care Network (PCN) Program.  Medicaid administers these programs and encourages electronic data interchange (EDI) as a means to contain administrative costs.

This page describes the process for activating your EDI account with Medicaid.  Whether or not providers are currently sending EDI transactions, an EDI account must be activated with Medicaid.

Providers must:

  1. Become a member of the Utah Health Information Network opens in a new tab (UHIN) by
    1. Signing the current Electronic Commerce Agreement opens in a new tab and ECA Amendment opens in a new tab
    2. Obtaining a UHIN opens in a new tab Trading Partner Number* (TPN).
  2. Complete Steps 9 thru 12 of the Utah Medicaid Provider EDI Enrollment application.

Providers have the responsibility to adequately test all business rules appropriate to the provider type and specialty. When using a third party vendor (clearinghouse), it is the obligation of the trading partner* to ensure the vendor has adequately tested the business rules appropriate to each provider type and specialty.

*A provider submitting EDI transactions is considered a trading partner.

PRISM Companion Guides

Health Care Code Lists

Effective October 16, 2003, a provider must use applicable data code sets described in the Code of Federal Regulations (162.1002) and as specified in the implementation specifications. This web page provides links to some of the specified code sets. Each code set is valid within the dates specified by the organization responsible for maintaining the code set.

Current Health Care Code Lists

Rules and Regulations


The final rules and regulations associated with Administrative Simplification are maintained in the Code of Federal Regulations, parts 160, 162 and 164 of title 45. They are available through the Center for Medicare and Medicaid Services (CMS) opens in a new tab website and include:

Transactions ‐ This rule adopts a Point of Sale standard and eight electronic X12 transactions including code sets to be used in the transactions.  Standardization allows for exchange of healthcare information for purposes such as third-party liability administration and fraud and abuse detection, and for simplified record keeping.

Privacy ‐ This regulation protects medical records and other personal health information maintained by health care providers, hospitals, health plans, health insurers, and health care clearinghouses. It limits the non-consensual use and release of private health information, gives patients new rights to access their medical records and to know who has accessed them, and restricts most disclosure of health information to the minimum needed for the intended purpose. The regulation provides protection for paper, oral and electronic information, creating a privacy system that covers all personal health information created or held by covered entities.

Security ‐ This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information.


The Department of Health opens in a new tab participates with a coalition of health care insurers, providers and other interested parties in developing these standards. The coalition, known as the Utah Health Information Network (UHIN) opens in a new tab, is a not-for-profit organization that is reducing the cost of Administrative Health Care through electronic transactions, electronic transaction standards, and education. Participants in the coalition are active members of many national standard setting organizations. Visit the UHIN opens in a new tab website for more information regarding electronic commerce agreements, State standards and specifications, and HIPAA links including links to transaction guides and code sets.

The State of Utah Insurance Commissioner’s Office opens in a new tab, incorporates billing standards into State rule.

Available Resources and Committees

One of the best resources for information regarding HIPAA is the web site for the U.S. Department of Health and Human Services opens in a new tab. The final rule and links to other HIPAA related sites are available from this web site.

Utah Health Information Network (UHIN) opens in a new tab is a coalition of providers and payers within the State of Utah. A provider solution to all HIPAA transactions is being developed, including a dental solution to EDI. Visit the UHIN opens in a new tab web site:

Publications of the implementation guides are available through Washington Publishing opens in a new tab site:

Participation in national workgroups and committees is strongly encouraged. They include: