Health Plans
     Provider Memos
     Pharmacy Clinical
      Quality Strategy
      Consumer Guides
      CMS Reports
 QUEST Integration
 HIPAA       HIPAA-Client
     Nurse Aide Training Program
     State Approved Feeding
     Assistants Training Program
DISCLAIMER: The following information is intended for guidance purposes only and does not replace appropriate legal or regulatory advice.


Providers are covered under the HIPAA Privacy Rule if they conduct one of the electronic standard transactions required in the Transactions and Code Sets Rule. In this case electronic means Internet, dial-up, FTP, magnetic tape, CD, or floppy disk. If you conduct your business electronically and submit electronic claims, you must comply with the Privacy Rule, with a compliance date of April 14, 2003.
  • Educate Yourself, The first thing you need to do is read the final HIPAA Privacy Rule at http://aspe.os.dhhs.go v/a dmnsimp/. Attend any sessions that are offered by your associations or other organizations, and search the Internet for Web sites offering HIPAA information and commercial products.

Assess how the Privacy Rule Affects You. We recommend that you begin putting together a plan to handle these changes by the April 2003 implementation date and that you assess your readiness and needs. Security
The final Security Rule was published in the Federal Register February 20, 2003, The compliance date is April 21, 2005; however there are many overlaps with the Privacy Rule relating to the protection of Protected Health Information. Educate Yourself, The first thing you need to do is read the Final Security Rule, For more information and a link to the Rule go to: Assess how the Security Rule affect you, We recommend that you begin putting together a plan to handle the required changes by the April 2005 implementation date.

Back To Top


The final Security Rule was published in the Federal Register February 20, 2003, The compliance date is April 21, 2005; however there are many overlaps with the Privacy Rule. For more information and a link to the Rule go to http://cms.hhs.gov/hipaa/hipaa2/regulations/security/default.asp

Back To Top

On February 16, 2006, the department of Health and Human Services (HHS) published a final rule which details the bases and procedures for imposing civil monetary penalties for violations of the 1996 Health Insurance Portability & Accountability Act (HIPAA), Administrative Simplification Rules. The Center for Medicare and Medicaid Services (CMS) has been delegated the authority to investigate complaints of non- compliance and enforcement with respect to the following regulations known as the: Transaction and Code Set Rule (TCS), the National Employer Identifier Number (EIN) Rule, the National Provider Identifier (NPI) Rule and the Security Rule and the expected National Plan Identifier Rule. This authority does not include the regulation know as the Privacy Rule, which has been delegated to the Office for Civil Rights.

Back To Top

Electronic Data Interchange

Med-QUEST and ACS strongly encourage providers to consider Electronic Data Interchange, or EDI, as a way of doing business. EDI covers all aspects of electronic transactions, from eligibility verification to claims submission and electronic remittance advice. EDI carries the following benefits:

  • Faster claims payment (837)
  • Less time spent on the phone verifying eligibility (270/271)
  • Automated Clearing House (ACH) payment for providers receiving an electronic remittance advice (835)
  • On-demand claims status (276/277)

To learn more about these transactions, providers are encouraged to contact ACS at (808) 952-5570 (O’ahu and mainland) or (800) 235-4378 ( Neighbor Islands). The 270/271 and 276/277 transactions can be accessed through DHS Medicaid Online. To use the 270/271 and 276/277 batch options, or to submit electronic claims (837) or receive electronic remittance advice (835), providers must have their own software. ACS can supply providers with basic information and the DHS Medicaid EDI Manual, which explains how to prepare for EDI, sign-up with Med-QUEST, complete testing, and transmit production transactions.

National Provider Identifier (NPI)

On January 23, 2004 , the The Centers for Medicare & Medicaid Services (CMS) announced the adoption of the National Provider Identifier (NPI) as the standard unique health identifier for health care providers to use in filing and processing health care claims and other transactions.
  • Providers shall be able to apply for an NPI through the web, paper application, or the EFI process. The Enumerator shall provide NPI application forms to health care providers upon request (CMS will furnish paper copies of the NPI application form to the Enumerator). A pdf version of the application form shall also be available for download by providers through a CMS maintained website.
CMS is currently in the process of contracting with an enumerator (contractor) to identify, assign, update and disseminate NPI data to the health care industry. The Enumerator shall input data from the NPI application into the National Plan and Provider Enumeration System (NPPES) from paper applications, while checking for completeness and accuracy. The Enumerator shall be responsible for mailing a system-generated letter notifying the provider of its NPI. In the event that any application is disallowed, the Enumerator shall prepare a letter notifying the applicant of the reason for the disallowance, the enumerator Enumerator will also assist health care providers with resolving discrepancies to obtain an NPI.The Enumerator shall carry out a number of functions, including, but not limited to:
  • enter identifying information about a health care provider into the NPPES for those providers applying by paper application;
  • provide NPI application forms to providers upon request;
  • notify the provider of its NPI;
  • process provider information updates received from providers via paper applications;
  • assist providers with questions or problems, including those providers applying for NPIs by the internet;
  • handle all requests for deactivations and replacement NPIs for providers;
  • handle potential error resolutions including investigating and resolving pending applications (applications with errors that prevent the NPPES from assigning an NPI);
  • work with provider organizations that wish to submit files through Electronic File Interchange (EFI);
  • validate the organization’s identity and establish accounts;
  • work with organizations to determine if their providers have NPIs;
  • reset web users’ passwords and user IDs; and
  • maintain a call center for providers.
The final rules and additional information can be viewed at http ://www.cms.hhs.gov/hipaa/hipaa2/default.asp

The compliance date for providers to obtain and use the NPI is 5/23/07. All health care providers impacted by the standard can apply for an NPI with the National Plan and Provider Enumeration System (NPPES). For more information and a link to the Rule go to: http://www.cms.hhs.gov/NationalProvIdentStand. CMS has contracted with Fox Systems, Inc. to serve as the NPI Enumerator. The NPI Enumerator is responsible for dealing with health plans and providers on issues relating to unique identification. On 5/23/05 The NPPES online website is available for online NPI application at https://nppes.cms.hhs.gov/NPPES/Welcome.do. Paper application will be accepted on 7/1/05. On 10/2/06, Medicare will begin accepting use of the NPI.

National Plan Identifier (NPlanID)

HIPAA will also adopt standard unique identifiers for health plans that are covered entities. The NPPES will also assign these unique health plan identifiers.

© Hawaii State Med-QUEST Division 2003-2007