As the ACA Administrative Simplification provisions build on and update the provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Section 1104 of the Affordable Care Act (ACA) requires all HIPAA-covered entities to comply with the adopted HIPAA-mandated transaction standards and associated operating rules.
Beyond general HIPAA compliance, ACA Section 1104 requires health plans to file a statement with HHS certifying that their data and information systems are in compliance with any applicable standards and associated operating rules for the following nine healthcare administrative and financial transactions:
- Eligibility for a health plan
- Health claim status
- Electronic funds transfers
- Healthcare payment and remittance advice
- Health claims or equivalent encounter information
- Enrollment and disenrollment in a health plan
- Health plan premium payments
- Health claims attachments
- Referral certification and authorization
On January 2, 2014, HHS issued a Notice of Proposed Rulemaking (NPRM) proposing requirements for the ACA-mandated HHS Certification of Compliance program addressing four of the nine transactions: eligibility, claim status, electronic funds transfers (EFT), and electronic remittance advice (ERA) transactions.
On October 4, 2017, HHS published a withdrawal notice for the Certification of Compliance Proposed Rule. The notice states the proposed rule was withdrawn “in order to re-examine the issues and explore options and alternatives to comply with the statutory requirements. We note that the Secretary has established regulations pertaining to compliance with, and enforcement of, HIPAA Administrative Simplification standards and operating rules. The withdrawal of this proposed rule does not remove the requirements for covered entities to comply with any of those regulations codified at 45 CFR parts 160 and 162.”
Please Note: CAQH CORE is not authorized to determine if an organization or individual is a HIPAA-covered entity. CMS provides charts to help organizations determine if they are a HIPAA-covered entity. HHS also provides FAQs on whether an organization is a HIPAA-covered entity.