Health Insurance Portability and Accountability Act of 1996

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that mandates national standards in the health care industry to improve efficiency and effectiveness of the health care system. HIPAA’s (Title II) administrative-simplification provisions require the establishment of national standards for how health plans handle:

Privacy of protected health information (PHI)

The Health Insurance Portability and Accountability Act (HIPAA) privacy rule creates national standards to protect individuals’ medical records and PHI. HIPAA mandates that health plans and providers adopt additional, specific policies and procedures for securing the privacy of patients’ PHI, and notify patients about their privacy rights, including how their PHI can be used.

In accordance with the rule, Tufts Health Plan has implemented the required privacy procedures and trained all Tufts Health Plan employees on the procedures.

Tufts Health Plan's Notice of Privacy explains to members how medical information may be used and disclosed and how they can get access to this information.

Security of protected health information (PHI)

HIPAA’s security standards rule mandates national standards for how an organization such as a health plan handles and stores PHI. HIPAA dictates that Tufts Health Plan take the following actions to secure PHI:

  • Physical safeguards to guard data integrity, confidentiality, and availability — to ensure the protection of computer systems and related physical structures in which these systems are housed from fire, other natural and environmental hazards, and intrusion. These safeguards also include using locks, keys, and administrative measures to control access to computer systems and facilities.
  • Technical security services to guard data integrity, confidentiality, and availability — to protect, control, and monitor information access.
  • Technical security mechanisms to guard against unauthorized access to data that is transmitted over a communications network — to protect health information electronically transmitted over open networks against interception or interpretation by parties other than the intended recipient. These mechanisms are also intended to protect information systems from intruders who attempt to gain access through external communication points.
  • Administrative procedures to guard data integrity, confidentiality, and availability — to provide structure within the organization for the development and implementation of the information security program.

Electronic transmission of health care data

HIPAA mandates standards for the electronic exchange of health care data to replace and streamline the many diverse data contents and formats used today. The use of these standards will increase the efficiency and effectiveness of the health care industry as a whole.

Tufts Health Plan encourages providers to submit claims electronically. Learn more about our electronic data interchange (EDI) program.

HIPAA-compliant transactions with NEHEN

Tufts Health Plan is a participating payer with New England Healthcare EDI Network (NEHEN). Tufts Health Plan providers who are also members of NEHEN can perform HIPAA-compliant eligibility, claim status, and authorization request and response transactions either via their organization’s intranet, or through an integrated system.

To take advantage of the convenient, HIPAA-compliant NEHEN features, including batch transactions, you must be a member of NEHEN and have the appropriate software installed.

What is NEHEN?

NEHEN is a consortium of leading health care payers and providers in the New England area using electronic commerce to reduce administrative costs and satisfy federal HIPAA requirements.

Already a member of NEHEN?

If you are currently a NEHEN member and would like to submit batch claims transactions to us, please contact us at 888-257-1985, or e-mail us.

Want to join NEHEN?

For information on how to join NEHEN, please visit www.nehen.net, or call 781-290-1300.

HIPAA-compliant transactions online

We offer the following HIPAA-compliant services online via Tufts Health Connect:

  • Member eligibility verification
  • Claims submissions and status information
  • Prior authorization status information and inquiries
  • Electronic remittance advice
  • Electronic explanations of payment (EOPs)
  • Panel reports
  • HCFA claims submissions
  • Out-of-network specialty care prior authorization request submissions

HIPAA-compliant code sets

HIPAA requires specific code sets. Tufts Health Plan complies with the requirements by:

  1. Terminating the use of non-compliant billing codes Tufts Health Plan has implemented HIPAA-compliant codes that represent equivalent services. The terms of current provider agreements will remain in effect regardless of changes in the codes used for billing purposes unless HIPAA-compliant codes substantively change the services provided.
  2. Communicating in writing with all Tufts Health Plan participating providers regarding HIPAA-compliant billing code changes. In addition, Tufts Health Plan is communicating with specific providers where HIPAA code compliance significantly alters services.