What Are the HIPAA Administrative Simplification Regulations?

  Imagine this, you are going about your day working in the medical industry. Suddenly, you receive notice that you've broken the law. You have violated a part of HIPAA, maybe a part that you didn't even realize existed. Now, you are subject to civil or criminal penalties. Sounds terrifying right? Fortunately, there is a way to prevent this from happening. The solution is achieving a working knowledge of HIPAA. Understanding the regulations laid out in this law is essential. It will help you ensure that you and your workplace are always protected and in compliance. Read on for an overview of the HIPAA Administrative Simplification Regulations and the HIPAA Privacy and Security Rules.

What are the HIPAA Administrative Simplification Regulations?

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. The law was passed when medical billing became an electronic process. It is divided into two parts. Title I covers Health Care Access, Portability, and Renewability. Title II covers Administrative Simplification. The purpose of Title II is to standardize the electronic billing process. This saves workers across the medical and insurance industries both time and money. The word simplification is right there in the title. So it should be easy to understand right? Unfortunately, it is not. The text of the law itself is over one hundred pages and filled with dense legal terminology. Despite this, we can still begin to understand the Administrative Simplification Regulations. The key is to break them down into the four standards they cover. Those standards are transactions, code sets, unique identifiers, and operating rules.


A transaction is any exchange of health care information between two parties. This exchange is usually conducted to carry out financial or administrative activities. Some examples of transactions include insurance enrollment, claims status, referrals, and authorizations. The Administrative Simplification Regulations require all HIPAA-covered entities to use their standards. This ensures that all transaction records across the industry are the same. Any party that interacts with them can quickly understand and use them. This saves both time and money for everyone involved. Subsequent legislation has expanded these requirements. They now include operating rules for each existing transaction. There are also standards for electronic funds transfer and electronic health care claims. ASC X12 Version 5010 is the standardized format for all transactions. The only exceptions are transactions involving retail pharmacies. Health plans are also required to certify their compliance with these standards. A set of penalties can be imposed on health plans for failure to comply. This is why it's so important for you to ensure that you and your business or practice are HIPAA compliant.

Code Sets

Under HIPAA, a code set is a shared list of codes that are used in place of longer names or explanations. Transactions use medical code sets to classify many things. They include diagnoses, procedures, diagnostic tests, treatments, medical equipment, supplies, and medications. Employees use non-medical code sets in transactions as well. These identify information about things like claim status and claim payment adjustment. They also cover organizational routing techniques and ZIP code information. The Administrative Simplification Regulations standardize these code sets. The idea behind this is to ensure that everyone in the medical field is speaking the same language. If everyone uses the same codes to refer to a cancer diagnosis, the patient gets treated faster.

Unique Identifiers

HIPAA also requires the use of unique identifiers for healthcare employers and providers. Employers must use an EIN, or Employer Identification Number in all transactions. Providers must use an NPI, or National Provider Identifier, in all transactions. Each number is unique and ensures that employers and providers are always identifiable in any transaction.

Operating Rules

The Affordable Care Act of 2010 updated the HIPAA Administrative Simplification Regulations to include operating rules. These rules specify certain information that must be included in all standard transactions. They also standardize business rules and regulations that were not previously defined by HIPAA. This makes it easier for providers to handle electronic administrative transactions. The operating rules that the HHS has adopted were primarily authored by CAQH CORE. CAQH CORE is a group of providers, health plans, and vendors. The organization also includes government agencies and standard-setting bodies. CAQH CORE designed the operating rules to support a wide range of existing standards and technologies. These operating rules have made electronic data transactions more predictable and consistent.

Privacy and Security

There is one more piece of the Administrative Simplification Regulations that we need to understand. How do they relate to the HIPAA Privacy and Security Rules? The purpose of the Privacy and Security Rules is to protect any individual identifying health information. We call this data Protected Health Information or PHI.


Information covered under the HIPAA Privacy Rule includes many different types of data. One is an individual's physical or mental health or condition. The provision of health care to the individual is also protected. PHI also includes anything that can be used to identify the individual. Some examples of this are the person's name, address, birth date, and social security number. HIPAA covered entities are sometimes permitted to use and disclose PHI. However, this may only be done for select purposes or situations. Medical entities may of course communicate this information to the individual themself. They may also exchange it with other entities that cover treatment, payment, and health care operations. The patient must give their permission for their PHI to be used or distributed outside of these contexts. There are a few common situations that require this permission. Permission is often given to add their information to a facility directory. They may also permit the disclosure of their information to friends and family. There are a few exceptions to the HIPAA Privacy Rule where an individual's permission is not required for disclosure. There are twelve national priority purposes for which an individual's PHI may be distributed without their permission. Specific conditions and limitations apply to each potential use. This continues to protect the individual's right to privacy.


The Security Rule exists to protect an individual's PHI from external threats. The Administrative Simplification Regulations establish national standards for the security of e-PHI. That stands for electronic protected health information. HIPAA covered entities must maintain reasonable and appropriate safeguards for protecting e-PHI. They must ensure the confidentiality, integrity, and availability of all e-PHI. They must also identify against anticipated threats to the security and integrity of the information. These entities must also be on guard for impermissible uses or disclosures. Ensuring workplace compliance with the Privacy and Security Rules is essential. You must observe the rest of the Administrative Simplification Regulations as well. This protects both your patients and your business or practice. But how do you ensure compliance with something so nebulous and complicated? The answer lies in specialized training.

The Importance of HIPAA Training

There are many training programs available designed to teach HIPAA compliance. HIPAA Exams is the best source for HIPAA training and is one of the few IACET accredited HIPAA providers. Their courses provide a comprehensive overview of the legislation, as well as real-world scenarios and examples. HIPAA Exams offers training for individuals across the health care industry. We have specialized training for workers in every position. Our courses will ensure that you and your coworkers understand how to seamlessly integrate HIPAA compliance into your day to day jobs.

For Health Care Workers

Health care workers must follow all HIPAA standards and regulations. This allows them to maintain the privacy and security of patient information. To achieve this, they must understand the purpose of HIPAA legislation and why these laws exist in the first place. It is also important to be up to date with any changes to HIPAA. The Omnibus Final Rule enacted in 2013 implemented many of these changes. This rule enhances patient privacy protections. It also provides individuals with new rights to their protected health information. HIPAA Exams offers a ninety-minute course on HIPAA for health care workers. This course reviews key elements of the HIPAA Privacy Rule, Security Rule, and Enforcement Rule. It also explains the process for Breach Notification. The course also covers the Transaction, Code Set, and Unique Identifier Rules. The complete understanding and implementation of each of these rules are vital to protect patients and avoid being penalized.

For Medical Office Staff

Medical office staff are those employees who do not directly provide medical treatment to patients. This includes front desk workers, messaging services, billing specialists, and janitorial staff. Medical office staff are also required to comply with HIPAA at all times. This course is tailored to help medical office staff understand HIPAA. It addresses extra privacy considerations within the office. The course also covers administrative, physical, and technical safeguards required to protect patient information. Students will learn the Code Sets and Unique Identifiers, as well as how to use them in transactions.

For Dental Offices

Dental Offices are also required to be HIPAA compliant. HIPAA Exams offers a course designed specifically for dental offices. This course provides a comprehensive look at the legislation and addresses its application within a dental office setting. HIPAA Exams' course reviews the essentials of understanding the law. It covers the Administrative Simplification Regulations, including Code Sets and Unique Identifiers. It also reviews individual rights under the Privacy Rule. There are special privacy considerations within the dental office. The course addresses these in detail and provides real-world examples.

For Health Care Industry Representatives

Sales professionals that work in the health care industry and must ensure that they are HIPAA compliant as well. This group includes medical device and medical equipment salespeople. It also includes service professionals and pharma sales professionals. Health care industry representatives have varying levels of access to PHI. But they must understand how to provide for the privacy and security of this information. This course provides a comprehensive overview of HIPAA for health care industry representatives. It also addresses common questions in regards to how HIPAA applies to these workers. The course also provides students with tailored scenarios to practice implementing HIPAA's rules. This ensures that you will understand how the law applies in different situations.

For Business Associates

Business associates are people that work on the business side of health care. This includes those who work in medical billing, medical transcription, and marketing agencies. It also includes software and IT companies, answering services, consultants, and legal services. The Omnibus Final Rule was implemented in 2013. This rule greatly increased the liabilities of business associates in regards to compliance. It is imperative that business associates working with PHI completely understand HIPAA. This will help you avoid potential civil and criminal penalties. HIPAA Exams offers a course tailored to business associates as well. The course reviews the law in its entirety with a focus on how the Privacy and Security rules impact them. It also includes real-life examples of HIPAA breaches. This highlights common mistakes that must be actively avoided.

Protecting Yourself and Your Clients

HIPAA exists to protect patients, doctors, and businesses throughout the health care industry. It ensures the privacy and security of personal medical information. It also saves everyone involved in the process both time and money. Implementation of the HIPAA Administrative Simplification Regulations keeps things moving quickly and effectively. HIPAA is a nebulous and complex law. But the right training can illuminate how it functions within your business. HIPAA Exams' courses outline what you can do to ensure you are HIPAA compliant at all times. Don't wait for unexpected penalties to blindside you. Take action and start learning today.