TRANSACTION SETS
• 270/271 - Eligibility
• 275 - Additional Information to Support Claims/Encounters
• 276/277 - Claim Status
• 278 - Prior Authorization
• 820 - Premium Payments
• 834 - Benefit Enrollment and Maintenance
• 835 - Claim Payment and Remittance Advice
• 837 - Claims (Dental, Professional, and Institutional)

Incompleted Standards
• 148 - First Report of Injury

MEDICAL CODES
• ICD-9
• CPT-4
• HCPCS
• CDT
• NDC
• Local Codes Prohibited

NON-MEDICAL CODES
• Provider Taxonomy Codes
• Claim Adjustment Reason Codes
• Remittance Advice Remark Codes
• Claim Status Category Codes
• Claim Status Codes
• Zip Codes

EMPLOYER
• Taxpayer identifying number assigned by IRS
• Nine digits separated by hyphen (00-0000000)

PROVIDER
• Single NPI: 10 position numeric, one digit checksum
• No embedded intelligence

HEALTH PLAN
(No NPRM issued)
• 10+3 position numeric, one digit checksum
• Sub-ID may appear on health card & direct EDI
• No embedded intelligence

INDIVIDUAL
• Suspended

ADMINISTRATIVE PROCEDURES
• Designated Security Officer
• Chain of Trust Agreement
• Certification, Internal Audit, Training, Policies, BCP, etc.

PHYSICAL SAFEGUARDS
• Secure Workstations
• Physical Access Controls, Media Controls, etc.
• Security Awareness Training

TECHNICAL SECURITY SERVICES
• Access Control
• Authorization
• Data Authentication
• Entity Authentication

TECHNICAL SECURITY MECHANISMS
• Basic Network Safeguards
• Integrity and Protection

ELECTRONIC SIGNATURE
• Not required for any current HIPAA-mandated transaction

LIMITATIONS
• Covers protected health information (PHI) stored or transmitted in any form or medium: electronic, paper and oral

KEY ELEMENTS
• PHI data elements defined
• Notice of privacy practices mandated
• Minimum necessary disclosures/use
• Acknowledgement of receipt of privacy practices
• Authorization required for non-routine use
• Business associate contracts required
• Designated Privacy Official