HIPAA Overview

General Overview

The Health Insurance Portability and Accountability Act of 1996 is a federal law that was written to protect people who change jobs, are self-employed or who have pre-existing medical conditions. The Administrative Simplification section of the act is intended to improve the efficiency and effectiveness of the national health care delivery system by standardizing the exchange of electronic, administrative and financial data. It is also intended to protect the security and privacy of protected health information (PHI).

When HIPAA was signed into law in August 1996, the main focus was on the portability requirements that protected workers who changed jobs against loss of health insurance coverage or from being subject to new health insurance coverage exclusions for pre-existing medical conditions. Many of the portability provisions of HIPAA became effective in 1997 and have since been implemented by BCBSM and BCN.

Check out our frequently asked questions about HIPAA.

Administrative Simplification

Today, HIPAA attention has shifted to the administrative simplification portion of the law which can be broken down into these key elements:


The Department of Heath and Human Services released HIPAA Privacy Standards. The Standards generally limit the use and disclosure of PHI to the minimum necessary to accomplish the intended use or disclosure. It also gives patients the right to request and receive copies of their records, request amendments to their records and learn details of certain disclosures of the records. All medical records and other individually identifiable health information used or disclosed by a covered entity (e.g. health carrier) in any form, whether communicated electronically, on paper, or orally is covered by this regulation.


The Security rule builds on the HIPAA Privacy rule and defines how we keep PHI secure and establishes requirements to ensure the confidentiality, integrity, and availability of individual health information. These requirements include safeguards for physical storage and maintenance, transmission, and access to individual information.

Standard transactions and code sets

Transaction and Code Sets were included in the first set of regulations announced by the Department of Health and Human Services for the Administrative Simplification portion of HIPAA. These regulations set the standards for transactions and code sets that must be used by all covered entities who transmit covered transactions in an electronic format.

The standard formats for HIPAA transactions are the American National Standards Insurance ASC X12N, Version 4010A1. These standard transaction formats apply to the following common business functions:

  • Claims or equivalent encounter information 
  • Payment and remittance advice 
  • Claim status inquiry and response 
  • Eligibility inquiry and response 
  • Referral certification and authorization inquiry and response 
  • Enrollment and disenrollment in a health plan 
  • Health plan premium payment 
  • Coordination of benefits 
  • Claims attachment*

*Pending approval 

A code set is any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnosis codes, or medical procedure codes. The following codes sets have been adopted as the standard medical data codes sets:

Standard transactions and code sets example
Code Set Description Standard
Diseases, injuries, impairments and other related problems ICD-9-CM (Volume 1)
Procedures - Physicians Services CPT-4 (HCPCS Level 1)
Procedures - Dental Services Current Dental Terminology
Procedures - Inpatient Hospital ICD-9-CM (Volume 3)
All other health related services, substances, equipment and supplies HCPCS Alpha numeric codes

Unique identifiers

The HIPAA National Provider Identifier rule offers each physician, health care professional and facility one unique identifier for all transactions related to rendering or payment of health care services. Eventually this unique identifier will replace all existing identification numbers including the BCBSM and BCN provider identification number.