Privacy Security Transaction Codes and Sets
The Department of Human Services, Med-QUEST Division, is responsible for ensuring HIPAA compliance for Hawaii Medicaid program. This includes health plans, and fee for service providers. Med-QUEST works with the fiscal agent to review requirements, write regulations, and revise operational procedures.
HIPAA compliance consists of three components: privacy, security, and transactions and code sets (TCS). Privacy
Med-QUEST is committed to the protection of an individual’s health information and was compliant with all the requirements of the Privacy Rule on April 14, 2003. Our efforts to date include:
- Preemption analysis of HIPAA privacy rule and other relevant federal Medicaid and state regulations.
- Development of a strategy to analyze and implement the HIPAA Privacy rule requirements.
- Review of organizational practices to determine potential gaps with HIPAA compliance.
- Development and implementation of administrative, technical, and physical safeguards to protect health information.
- Participation with other covered entities to develop consistent practices
- Development of the following Med-QUEST policies and practices:
- The Notice of Privacy Practices (NPI), which goes out to all current Medicaid recipient households before April 14 and to all new applicants and recipients thereafter.
- DHS Department level policies and Med-QUEST divisional policies and procedures in conformance with the Privacy Rule
- Identifying business associates and Business Associate contract language, which will be inserted in all business associate contracts starting July 1, 2003.
- New Authorization forms have been developed for any requests for information maintained by MQD.
Back To Top
The final Security Rule was published in the Federal Register February 20, 2003 and the compliance date was April 21, 2005. Med-QUEST performed initial security assessments in conjunction with the Privacy rule. Our efforts included:
- Eevaluation of existing security practices with the HIPAA Security rule.
- Risk Analysis of MQD information network and computer system.
- Development of a Risk management Plan.
- Information Technology testing and remediation of computer networks.
- Implementation of technical administrative, physical and technical policies and procedures.
- Development of a Business Contingency Plan (BCP) for IT recovery.
- Participation with other covered entities and process stakeholders to assure practices adequately protect PHI (as well as ongoing participation).
- Development and implementation of a security awareness and policy training program.
- Development of an ongoing security reminders program to assure staff has periodic updates with technical security of PHI.
Back To Top
Transactions and Code Sets
Med-QUEST successfully implemented the following transactions for the October 2003 TCS Implementation:
Med-QUEST is able to accept and process all of the above transactions. Trading partners interested in exchanging the above electronic transactions with Med-QUEST are urged to contact ACS, the Med-QUEST fiscal agent, at (808) 952-5570 (O’ahu and mainland) or (800) 235-4378 ( Neighbor Islands). Please note Med-QUEST does not exchange electronic claims and remittance advice directly with QUEST providers. Instead, QUEST providers work with the various QUEST health plans. QUEST providers must contact health plans, not ACS, for issues related to electronic claims and remittance advice. Health Plans may contact Med-QUEST directly for transaction-related issues. Med-QUEST successfully converted most of its local codes on October 16, 2003. Social Services Division (SSD) local codes will convert in January 2004. Med-QUEST will convert the remaining local codes as instructed by Medicare. In October 2003 Med-QUEST and SSD notified all affected providers of local codes changes. Med-QUEST will continue to implement TCS transactions as mandated by federal law, The latest Proposed Rules include Standards for Electronic Health care Claims Attachment and Electronic Signature Standard. National Provider Identifier (NPI) Med-QUEST, in conjunction with the Arizona’s State Medicaid program, began a review of the NPI Standard and an analysis of the Hawaii Prepaid Medical Management system (HPMMIS). A crosswalk with the NPI requirements and the current HPMMIS provider identification database was conducted to identify and begin modifications to the current provider identification database to assure compliance with the NPI Standard by 5/23/07.
- 837 Fee For Service Claims
- 835 Electronic Remittance Advice
- 270/271 Eligibility Verification Request and Response
- 276/277 Claim Status Request and Response
- 834 Health Plan Roster
- 820 Premium Payment