Provider Handbook - Health Insurance Portability and Accountability Act of 1996

Home » Provider » Tools & Resources » Handbook and Materials » Handbook Table of Contents » Provider Information » HIPAA

Provider Information Policy Resources SSN Reduction Plan HIPAA Overview HIPAA Privacy HIPAA Rules Signature on File Requirements TRICARE Provider Types Certification & Credentialing Provider Responsibilities PCM Role Specialty Care Balance Billing Non-Covered Services Updating Provider Information Beneficiary Expectations

Adjust Text Size:

Health Insurance Portability and Accountability Act of 1996

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted on August 21, 1996, to improve portability of health insurance coverage and avoid “job lock”; simplify health care billing through the development of electronic data interchange; and combat waste, fraud, and abuse. The U.S. Department of Health and Human Services (HHS) developed regulations implementing HIPAA’s administrative simplification provisions, specifically, Transactions and Codes Sets Rules, and rules on Employer Identifier and National Provider Identifier numbers.

The impending use of electronic data caused privacy concerns among the public. Therefore, Congress included a mandate in HIPAA to develop privacy protections. In the absence of federal legislation, HHS published regulations developing privacy protections. These rules became effective April 14, 2003, and additional regulations on security of electronic health information took effect in 2005. Congress subsequently enacted significant amendments to these privacy and security rules in the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was part of the 2009 stimulus legislation.

The DoD Military Health System (MHS) generally adheres to the HHS rules implementing administrative simplification, including privacy and security. The MHS also complies with the 1974 Privacy Act. For more information on MHS privacy procedures, see DoD Regulations 5400.11-R, 6025.18-R, and 8580.02-R, all of which are available at the Dod Publications page. Additional information is available on the TMA Privacy Office web site.

For more TRICARE-specific information on HIPAA, refer to the TRICARE Operations Manual, Chapter 1, Section 5 and Chapter 19, Section 3 at TRICARE's Manuals Online page.

TRICARE health plans, military treatment facilities (MTFs), providers, and their contractors and subcontractors are generally required to comply with DoD’s rules and the HIPAA administrative simplification rules, as amended by the HITECH Act, as applicable. The HIPAA requirements set forth in this handbook are applicable to MHS providers.

In compliance with HIPAA portability requirements, the MHS, through the Defense Manpower Data Center Support Office, automatically issues certificates of creditable coverage to beneficiaries who lose TRICARE coverage. For additional information, visit the TRICARE's Certificate of Creditable Coverage web page.

Last Update: January 15, 2011