Skip Navigation

Defense Health Agency

"On October 1, 2013, the Department of Defense established the Defense Health Agency (DHA) to manage the activities of the Military Health System. These activities include those previously managed by TRICARE Management Activity (TMA), which was disestablished on the same date. During the next several months, all TMA websites will change to reflect the new DHA. We appreciate your patience during this transition."

Patient Protection and Affordable Care Act (ACA) and Associated HIPAA Provisions

High-level Summary and Background

Some aspects of the Patient Protection and Affordable Care Act (ACA, and otherwise known as “healthcare reform”), enacted on March 23, 2010, modify previous Administrative Simplification provisions of the Health Insurance Portability and Accountability Act (HIPAA) in order to establish more uniform standards and requirements for the electronic transmission of certain health information and reduce the clerical burden on patients, health care providers, and health plans.

ACA directs the Secretary of the Department of Health and Human Services (HHS) to require health plans to:

  • Certify compliance with certain HIPAA electronic standards and provide documentation of compliance
  • Ensure that entities providing contracted services to a health plan comply with applicable certification and compliance requirements

ACA requires the Secretary of HHS to:

  • Issue Final Rules to adopt standards for:
    • Electronic Funds Transfer (EFT),
    • Unique Health Plan Identifier (HPID),
    • and Health Claim Attachments
  • Adopt a single set of Operating Rules for each standard transaction adopted under HIPAA
  • Conduct periodic audits of health plans (including entities providing contracted services to health plans) to ensure compliance with HIPAA standards and Operating Rules
  • Assess penalty fees against health plans that fail to certify and document compliance

As TRICARE is a HIPAA covered entity as both a Direct Care healthcare provider and as a Purchased Care health plan and payer; the Military Health System (MHS) is affected by the HIPAA Transactions, Code Sets, and Identifiers compliance aspects of ACA.

Certification of Health Plan Compliance with HIPAA

Based on the provisions of the ACA, in order to certify compliance, health plans will be required to demonstrate to the Secretary that the health plan conducts the HIPAA electronic transactions in a manner that fully complies with the regulations of the Secretary; and provides documentation showing that the plan has completed end-to-end testing for such transactions with their partners, such as hospitals and physicians. In addition, health plans must ensure that any entity that provides services pursuant to a contract with the health plan complies with any applicable certification and compliance requirements (and provide the Secretary with adequate documentation of such compliance).

Electronic Funds Transfer (EFT) Transaction

HHS published an Interim Final Rule with Comment (IFC) on January 10, 2012, which was deemed Final on July 11, 2012. This IFC adopted two standards that health plans must comply with in order to use EFT to transmit health care claim payments and Remittance Advice (RA) to providers. The standards specify the format to be used when ordering, authorizing, or initiating an EFT with financial institutions and outline the data content to be contained within the EFT and RA. The compliance date is January 1, 2014.

TRICARE as a health plan and payer entity is required to implement EFT capabilities. As Military Treatment Facilities (MTFs) are providers of health services, implementation of EFT is not specifically required but will likely depend on how the Army, Navy, and Air Force Medical Services implement their Service-specific third party collections billing systems.

To learn more about the standards being adopted for EFTs, click here to view the EFT/RA Fact Sheet.

Unique Health Plan Identifier (HPID) and Other Entity Identifier (OEID)

ACA directed the Secretary of HHS to issue a final rule establishing a standard HPID. Currently, health plans are identified for various purposes using different identifiers that are assigned by multiple organizations. The purpose of a standard HPID is to uniquely identify a health plan in a uniform way in HIPAA transactions. On September 5, 2012, HHS published a Final Rule (FR) adopting a standard for the HPID.

Health plans with the exception of small health plans must obtain an HPID by November 5, 2014. Small health plans must obtain an HPID by November 5, 2015. Covered entities must use HPIDs in the standard transactions on or after November 7, 2016.

TRICARE has successfully submitted for, and obtained, a Controlling Health Plan (CHP) HPID from the Centers for Medicare & Medicaid Services (CMS) enumeration database before the original 5 November 2014 enumeration deadline.

However, effective October 31, 2014, the CMS Office of e-Health Standards and Services (OESS) announced a delay, until further notice, in enforcement of 45 CFR 162, Subpart E; the regulations pertaining to health plan enumeration and use of the HPID in HIPAA transactions adopted in the HPID final rule.

This CMS enforcement delay applies to all HIPAA covered entities, including healthcare providers, health plans, and healthcare clearinghouses.

In order to increase the efficiency of using uniform identifiers in standard transactions, HHS also adopted a data element that will serve as an Other Entity Identifier (OEID). The OEID will function as a voluntary identifier for entities that are not health plans, health care providers, or individuals (as defined in 45 CFR 160.103), but need to be identified in HIPAA standard transactions.

The HPID & OEID have implications for TRICARE as a health plan entity and for MTFs as provider entities. As a health plan entity, TRICARE will enumerate itself, and will be responsible for communicating and providing TRICARE’s HPID(s) to other entities who need that information. MTFs will need to use HPIDs when conducting HIPAA transactions (such as, eligibility, referrals, claims, etc.).

There may be other MHS uses of the HPID as well. To learn more about HPID and OEID, click here to view the HPID and OEID Fact Sheet.

Claims Attachments

ACA requires the Secretary of HHS to issue a Final Rule to adopt a standard for Health Claims Attachments. Claims Attachments are supplemental documents that provide additional clinical or administrative data to the claims processor that cannot be accommodated within the adopted electronic claims standard format. The goal of a standard for Health Claims Attachments is to make the process of submitting and adjudicating healthcare claims more efficient by providing structured, standardized electronic data to payers. Implementation of standardized claims attachments is expected to provide benefits for both providers (faster claims adjudication) and payers (electronically accessible documentation needed to accurately adjudicate claims).

To learn more about Claims Attachments, click here to view the Claims Attachments Fact Sheet.

Operating Rules

ACA defines Operating Rules as: “the necessary business rules and guidelines for the electronic exchange of information that are not defined by a standard or its implementation specifications.” Operating rules help make the standard transactions more uniform by specifying how the information within the health care transaction should be transmitted, while putting some restrictions on situational rules that determine the required data content for each transaction. Operating Rules also define security requirements, transmission formats, response times, exception processing, error resolution, published system downtimes and companion guide formats.

Operating Rules are required for each standard transaction adopted under HIPAA, which includes the following transactions:

  • Eligibility for a Health Plan (X12 270/271)
  • Health Care Claim Status/Response (X12 276/277)
  • Receipt of Health Care Remittance (X12 835)
  • Submission of Institutional Health Care Claims, Professional Health Care Claims, Dental Claims, and Coordination of Benefits (X12 837)
  • Enrollment and Disenrollment in a Health Plan (X12 834)
  • Payroll Deducted and Other Group Premium Payment for Insurance Product (X12 820)
  • Referral Certification and Authorization (X12 278)
  • Health Claim Attachments
  • Electronic Funds Transfer

To learn more about Operating Rules, click here to view the Operating Rules Fact Sheet.

Related Links

Patient Protection and Affordable Care Act (ACA)

National Committee on Vital and Health Statistics (NCVHS)

Council for Affordable Quality Health Care (CAQH) Committee on Operating Rules for Information Exchange (CORE)

Centers for Medicare and Medicaid Services (CMS) Related Links

Administrative Simplification Provision in Affordable Care Act

Affordable Care Act Deadlines and Key Dates

Additional Information by CMS regarding the Affordable Care Act

Operating Rules for HIPAA Transactions

* For TRICARE HIPAA Privacy and Security pages, please click here.