This section contains information for the public about the Health Insurance Portability and Accountability Act of 1996 as it relates to the pharmacy industry. Subsections include information on:
What Do I Need Now for HIPAA?
+
Telecommunication Version D.0
+
Quantity Prescribed (460-ET) Final Rule CMS-0055-F
The final rule CMS-0055-F published on January 24, 2020, adopts a modification of the requirements for the use of the Telecommunication Standard Implementation Guide, Version D, Release 0 (Version D.0), August 2007, National Council for Prescription Drug Programs, by requiring covered entities to use the Quantity Prescribed (460-ET) field for retail pharmacy transactions for Schedule II drugs. This change constitutes a modification to the use of the adopted standard, not a modification to the standard itself.
- Compliance Date: September 21, 2020
- Refer to the following important additional references
Version D Editorial - February 2020
This document provides a consolidated reference point for questions that have been posed based on the review and implementation of the NCPDP Telecommunication Standard Implementation Guide and Data Dictionary for Version D. This document also addresses editorial changes made to these documents. Since the HIPAA-named Standards documents are "frozen" from changes, this document provides helpful FAQs, typographical changes and corrections, and further guidelines for implementation. This document is very important to implementers of the Telecommunication and Batch Standards, and Medicaid Subrogation Implementation Guide, as appropriate. Please continue to review this link as the document is updated as needed. Version D Editorial - February 2020
NCPDP Payer Sheet Template for Telecommunication Version D.0
The NCPDP SNIP Committee developed guidance that is strongly recommended to be used in filling out and creating payer sheets based on Version D.0 and above. Payer Sheets may be used in addition to provider manuals or included in provider manuals. Payers may take the request and response template sections within the guidance document, fill out the template per their usage, and send to their trading partners. The guidance also provides instructional sections to assist the payers in completing their payer sheets. Click here for Version 1.6. (update pending)
Medicaid Subrogation Version 3.0
+
Medicaid Subrogation Questions, Answers and Editorial Updates
This document provides a consolidated reference point for questions that have been posed based on the review and implementation of the NCPDP Medicaid Subrogation Standard Implementation Guide Version 3.0, and the Data Dictionary and External Code List only as they apply to Medication Subrogation. This document also addresses an editorial change made to the implementation guide in October 2010. Please continue to review this link as the document is updated as needed.
NCPDP Payer Sheet Template for Medicaid Subrogation Version 3.0
The NCPDP SNIP Committee developed guidance is strongly recommended to be used in filling out and creating payer sheets based on Medication Subrogation Implementation Guide Version 3.0, Batch Standard Implementation Guide Version 1.2 and Telecommunication Standard Implementation Guide Version D.0 and above. Payer Sheets may be used in addition to provider manuals or included in provider manuals. Payers may take the request and response template sections within the guidance document, fill out the template per their usage, and send to their trading partners. The guidance also provides instructional sections to assist the payers in completing their payer sheets. Click here for Version 1.0.
ICD-10
+
Electronic Funds Transfer (EFT) and Remittance Advice (RA)
+
April 2013 The Interim Final Rule stands with no modifications. Per CMS, the EFT & ERA Operating Rule Set IFC is a final rule that is in effect now, which means industry implementation efforts should be underway for the January 1, 2014 compliance date. For free copies of the EFT & ERA Operating Rule Set see http://www.caqh.org/.
January 2012 The Centers for Medicare & Medicaid Services (CMS) Interim Final Rule with Comment Period (IFC) to adopt standards for the Health Care Electronic Funds Transfers (EFT) and Electronic Remittance Advice transaction (ERA) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Other HIPAA Information
+
HIPAA Privacy Information
September 2013 The Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) have collaborated to develop model Notices of Privacy Practices for health care providers and health plans to use to communicate with their patients and plan members.
January 2013 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules was published in the Federal Register on January 25, 2013. Covered entities and business associates must comply with the applicable requirements of this final rule by September 23, 2013.
HIPAA Privacy and Security Toolkit supports privacy and security principles for health care stakeholders engaged in the electronic exchange of health information and includes tangible tools to facilitate implementation of these principles.
ONC's Office of the Chief Privacy Officer (OCPO) Guide to Privacy and Security of Health Information, an instructional guide designed to help healthcare practitioners, staff, and other professionals better understand the important role privacy and security play in the use of electronic health records (EHRs) and Meaningful Use.
August 14, 2002 HHS released the final rule for Privacy, as well as a Press Release and Fact Sheet. Please see http://www.hhs.gov/ocr/privacy/.
HIPAA Security Information
Security Final Rule
February 20, 2003 Health insurers, certain health care providers and health care clearinghouses must establish procedures and mechanisms to protect the confidentiality, integrity and availability of electronic protected health information. The rule requires covered entities to implement administrative, physical and technical safeguards to protect electronic protected health information in their care. The rule can be viewed at http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html.
Security Guidance
Security guidance and educational information is available at http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/index.html.
Workgroup for Electronic Data Interchange (WEDI) white papers http://wedi.org/.
Other HIPAA Privacy and Security Resources
https://www.healthit.gov/policy-researchers-implementers/privacy-security-policy
https://www.healthit.gov/providers-professionals/ehr-privacy-security
https://www.ftc.gov/tips-advice/business-center/guidance/sharing-consumer-health-information-look-hipaa-ftc-act
https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/protocol/index.html
HIPAA Employer ID Information
Employer ID Final Rule
May 31, 2002 The final rule adopting a standard for a National Employer Identifier was released. This standard will be the Employer Identifier Number issued by the Internal Revenue Service. The final rule can be viewed at https://www.gpo.gov/fdsys/pkg/FR-2002-05-31/pdf/02-13616.pdf.
Operating Rules
+
National Provider ID (NPI)
+