When people talk about HIPAA “administrative simplification” rules, what are they referring to?
HIPAA imposed numerous requirements on employer health plans. One set of rules, largely implemented a few years ago, addressed pre-existing condition exclusions, certificates of coverage, special enrollments, and nondiscrimination on the basis of health status. (They’re commonly known as the HIPAA portability rules.) When people refer to “the HIPAA rules” now, they are likely to be referring to a series of proposed and final “administrative simplification” regulations issued by HHS beginning in 1998. These rules require employer health plans and other HIPAA covered entities (such as HMOs, insurers, and providers) to do three things: • Limit the use and disclosure of individual health information (the privacy rules); • Impose standards for safeguarding the security and integrity of individual health information (the security rules); and • Establish uniform standards for electronic transmission of certain types of health care transactions (these are the electronic data interchange or “ED
