Skip to content

CMS Fact Sheet Summarizes HIPAA Requirements for Electronic Health Care Transactions



CMS: HIPAA Administrative Simplification Regulations Overview (May 2022)

Available at

CMS has created an online fact sheet that summarizes the HIPAA administrative simplification requirements that apply to covered electronic health care transactions. These provisions are designed to streamline and simplify health care transactions through standards, operating rules, unique identifiers, and code sets, which can help the health care community save time and money. The fact sheet first summarizes general rules and lists the transactions for which standards have been adopted. It then describes the requirements for unique identifiers for health care providers and employers, and concludes with a summary of code sets.

CMS notes that a covered entity transmitting information to another covered entity in connection with a covered transaction generally must conduct the transaction as a standard transaction, which requires compliance with the adopted standard as well as associated operating rules, code sets, and unique identifiers for the particular transaction. Echoing recent guidance (see our Checkpoint article), CMS also explains that if a covered entity engages a business associate to conduct part or all of a transaction on the covered entity’s behalf, the covered entity must require the business associate to comply with all applicable HIPAA rules. The purpose and limitations of trading partner agreements are described. Seven regulatory provisions applicable to health plans are identified and summarized, emphasizing the requirement for plans to conduct a transaction using an adopted standard if requested. Thus, according to the fact sheet, a health plan must comply with a provider’s request to conduct a transaction as a standard transaction regardless of whether the provider has an affiliation or relationship with the plan.

EBIA Comment: Electronic transactions lie at the core of HIPAA administrative simplification. Although they are intertwined with the privacy and security rules, they are subject to a different enforcement regime. CMS has recently focused attention and resources on raising awareness of the electronic transaction standards, highlighting the functionality of its Administrative Simplification Enforcement Testing Tool (ASETT). Health plans and business associates conducting covered electronic transactions should keep abreast of CMS’s guidance. For more information, see EBIA’s HIPAA Portability, Privacy & Security manual at Sections XXIV (“Business Associate Contracts”) and XXXII (“Electronic Transactions and Code Sets”).

Contributing Editors: EBIA Staff.

More answers