How to Understand the HIPAA EDI Rule

Posted by Brooke Lester on Mar 12, 2019 11:11 AM

How to Understand the HIPAA EDI Rule

The Healthcare Insurance Portability and Accountability Act (HIPAA) created a seismic shift in the American healthcare system with its introduction in 1996. Before that point, there was no national law regarding patient data security. HIPAA also introduced the “EDI Rule,” which requires that any covered entity that transmits data electronically must use EDI.

There is still a fair amount of confusion about the HIPAA EDI Rule, but this guide is here to clear up some misunderstandings about this aspect of the legislation. Read on to learn to whom the rule applies, who monitors compliance, and how to ensure compliance with this rule.

What Exactly Is the HIPAA EDI Rule?

So, what exactly is the HIPAA EDI Rule? This rule mandates that covered entities (more on who that is in a bit) must use the X12N EDI data transmission protocol when sending information. This is the only acceptable format.

Certain transactions are covered under the HIPAA EDI Rule, including health care claims, claims status and remittance advice, eligibility verifications and responses, referrals and authorizations, and coordination of benefits.

Covered entities have some leeway in how they respond to EDI messages; the HIPAA EDI Rule states that as long as all electronic transmissions are EDI-compliant, the method of response is up to them.

To Whom Does the HIPAA EDI Rule Apply?

What does it mean that any covered entity which transmits data electronically must use EDI? Who are covered by the HIPAA EDI Rule?

The Centers for Medicare & Medicaid Services state that covered entities include health plans, healthcare clearinghouses, and any healthcare provider that carries out electronic transactions (not just those who accept Medicare and Medicaid).

Who Ensures Compliance to the HIPAA EDI Rule?

The Department of Health and Human Services’ Office of Civil Rights (HHS) is responsible for ensuring compliance with the HIPAA EDI Rule. 

Any entities covered by the HIPAA EDI Rule should be aware that penalties for non-compliance are high. There are four tiers of non-compliance: 

  • Tier 1, which refers to unknowing violations
  • Tier 2, which refers to a reasonable cause for violations
  • Tier 3, which refers to willful violations that have been corrected
  • Tier 4, which refers to willful violations that have not been corrected

The penalties for the last tier are the highest, with a minimum penalty of $50,000 per violation.

How Can You Ensure Compliance?

Even the largest and most successful organizations cannot afford penalties like that. How do you ensure compliance?

Many entities covered by the HIPAA EDI Rule use software vendors to maintain compliance. Relying upon a software vendor frees up valuable time and resources so that healthcare providers and insurance companies can focus on their actual work, namely, helping people live healthy, productive lives.

The HIPAA EDI Rule is complex for healthcare providers and insurance companies. That is understandable – EDI is not their core business. That is why having a trusted, experienced partner like Remedi helps you ensure compliance. Get an EDI Assessment. Absolutely free.


Image for the eBook Digitizing Modern Healthcare

Subscribe to Email Updates

Stay Connected

Recent Posts