HIPAA's Electronic Data Interchange (EDI) rules include four rules that seek to improve efficiency and effectiveness of the healthcare system. This document provides information about each of the four rules:

Transaction Standards and Code Sets

The transaction standards and code sets are aimed at improving electronic data interchange (EDI) so that healthcare companies may exchange medical, billing and patient information more efficiently.

The American Standards Committee (ASC) Transaction Standards mandated for use in electronic healthcare transactions include:

Eligibility and Benefit Information (270/271):
The 270 transaction originates with the doctor and is used to inquire about healthcare eligibility or benefit information associated with a member or dependent under the subscriber's group. The 271 transaction is the response that contains the eligibility status and/or benefit information delivered to the doctor from the health plan.

Health Claim Status (276/277):
The 276 transaction is used by doctors and providers of healthcare products and services to request information from a health plan regarding the status of a healthcare claim. The 277 is the response from the health plan that transmits the claim status information.

Referral Certification and Authorization (278):
This transaction is used to transmit healthcare service referral and prior authorization information between healthcare providers and health plans.

Health Plan Premium Payment (820):
Employers and health plans use this transaction to make premium payments to health insurers.

Enrollment and Disenrollment in a Health Plan (834):
This transaction is used by employers to provide enrollment data including subscriber and dependent information, employer information and healthcare provider information to health insurers.

Health Claim Payment and Advice (835):
Health plans use this transaction to make payments and to submit a Remittance Advice (RA) to providers.

Health Claims (837):
This transaction contains data equivalent to that of the Health Care Financing Administration (HCFA) claim form and will be used by a provider to submit healthcare claim information to a payer.

Equivalent Encounter Information (837):
Payers use this transaction to submit information about what services were provided to the patient (encounter information) to health plans either directly or via intermediaries such as third-party administrators (TPAs) and healthcare clearinghouses.

Coordination of Benefits (837):
This transaction makes possible the electronic processing of coordination of benefit claims.

View the final rules on each of these transactions.

Reference or download the Transaction Standard Implementation Guides.

Administrative Simplification Compliance Act
VSP became compliant with the transaction set rule.

Unique Identifiers

Unique Identifiers for providers, health plans and employers will help identify and process electronically transmitted standard transactions.

There are four identifiers proposed for use in electronic healthcare transactions:

Employer Identifier:
A nine-digit number that identifies an employer in standard electronic transactions. The IRS-issued employer identification number already in use for tax purposes will serve as the employer identifier for HIPAA purposes.

Provider Identifier:
Every healthcare provider must receive a 10-digit numeric identifier for use when transmitting standard transactions.

Health Plan Identifier:
A unique number that will identify a health plan in standard electronic transactions. Health plan identifiers have not yet been issued.

Individual Identifier:
A number that identifies an individual in standard electronic transactions. Congress has put this item on hold indefinitely.

Privacy Rule

The privacy rule establishes a national standard for the collection, maintenance, access, use and disclosure of individually identifiable health information. The privacy rule is designed to:

Protect the privacy of health information that reveals the identity of an individual.
Define the rights and responsibilities of a person who creates or maintains individually identifiable health information.
Define the rights of an individual with respect to health information that is created or maintained as part of the health treatment, payment process and health care operations.

The final Privacy Rule information can be found on the HHS Web site.

Security Rule

The security rule specifies a set of business processes and technical requirements that providers, health plans and healthcare clearinghouses must follow to ensure the security of private healthcare information.

The security rule addresses three areas:

Administrative Safeguards: Practices designed to manage the selection and implementation of security measures as well as the conduct of personnel that access, view, process and distribute health information.
Physical Safeguards: Processes that protect physical equipment and related buildings from natural and environmental hazards as well as from physical intrusions.
Technical Safeguards: Technical mechanisms and processes designed to protect, control and monitor access to information.