Member Login
      Printer Friendly
Resource Center
CAMFT Articles
Legal Forms
Continuing Education Registration Form
2013 CPT Codes
Place of Service Codes
National Provider Identifier Standard
Video Clips
Read The Therapist
Editorial Guidelines
CE Finder
BBS Forms
Crisis Response Education and Resources
State Licensing Directory
Honors Nomination Forms
CAMFT Product List
Professional Exchange
Insurance Corner
Prelicensees' Corner
Supervisors' Corner
Book Reviews
CAMFT Advertising Information
CAMFT Multimedia

HIPAA: How to Comply with the Transaction Standards

by David G. Jensen,
CAMFT Staff Attorney

The Therapist
(July/August 2003)

Updated August 2010 by David G. Jensen, JD, CAMFT Staff Attorney

The Transaction Standards ("Standards") have been enacted by The Department of Health and Human Services to give the health care industry a common technological "language" for covered entities to use when conducting covered transactions under HIPAA. Complying with the Standards is two-fold: first, you must understand the role that the Standards play within HIPAA, and second, you must use the Standards when conducting covered transactions. Although the Standards are generally more important for those who design computer systems and program health care software than they are for you as a health care provider, you will have to work with health plans, software vendors, and/or billing services, assuming you interact with such entities, to ensure compliance with the Standards. Before we get into the nuts and bolts of compliance, however, you need to understand the following concepts:

1) HIPAA does not require you to conduct any or all of the covered transactions electronically. Rather, if you do conduct a transaction electronically, it requires you to conduct the transaction in the standard HIPAA requires.1

This is an important concept. It means that of the 5 covered transactions that are generally thought to be applicable to health care providers, i.e., claims submissions, reimbursement, claim status, patient eligibility, and referral authorizations, you do not have to conduct all 5 of them electronically. You can conduct some of them electronically and others by fax, phone, or mail.

2) A business associate is a person or organization that performs certain functions or activities on behalf of a covered entity, but who is not part of the covered entity's workforce. 2 Business associates also have access to client information. For instance, assuming you employ them, billing services and software vendors are examples of business associates.

3) For marriage and family therapists, the three most common types of electronic transactions will be electronic data interchange (EDI), web-based applications, or direct data entry (DDE). These are simply different ways, technologically speaking, of conducting covered transactions.

EDI is the leading media for electronic transactions. EDI is the term used for the technology that allows for the movement of electronic data between two entities.3 As an example, if you send, or someone on your behalf sends, a claim electronically to Blue Shield, you are using EDI. Using EDI involves having computer software, and it is the most sophisticated way, technologically speaking, of conducting covered transactions.

Web-based applications are provided by health plans and payers and the applications allow providers to enter transaction data directly with the health plans.4 These applications allow you, or someone acting on your behalf, to transmit electronic information via the Internet. For example, if you check a patient's eligibility for health insurance by using the computer instead of the telephone, you are using a web-based application to conduct an electronic transaction. You just need Internet access to utilize this method of conducting covered transactions. This is probably the most common way for marriage and family therapists to conduct covered transactions.

DDE is a way for health care providers to key data directly into a computer screen or web browser form and then send the information immediately to the health plan's computer.5 Many payers supply a "dumb" terminal that is connected directly to their mainframe computer. The terminal is essentially a remote extension of the payers' computer system. Health care providers typically submit one claim at a time for immediate transmission into the health plan's or payer's computer.

4) A trading partner agreement is an agreement between health plans and providers to establish the details of how EDI will be conducted between the two types of covered entities.6 Moreover, a trading partner then is someone you exchange information with electronically.

5) A transaction is an activity involving the transfer of health information for a specific purpose,7 and a covered transaction is a type of transaction for which HIPAA has set a technical standard.8

6) The compliance date set for the Standards is October 16, 2003. By that date all covered entities must be using the applicable Standard when conducting covered transactions.

Why Do We Need The Standards?
By adopting the Standards, Congress hopes to improve the effectiveness of the health care system by enabling covered entities to communicate more efficiently with one another. Although this is the goal of the Standards, to truly appreciate them you must understand the mischief that the Standards have been enacted to ameliorate.

If I told you that I have an apple at home, would you think that I have a piece of fruit or a computer? You can't really tell from my statement because the term is ambiguous. It could mean "fruit," but it could also mean "computer." If I am thinking "fruit" but you are thinking "computer," you are going to be confused when I offer you fruit instead of a computer. Our confusion and misunderstanding about what the other person means by the term "apple" inhibits our ability to communicate with one another on this very simple subject. What should be clear from this hypothetical is that for us to communicate effectively, I need to know what you mean by "apple" and you need to know what I mean by "apple" and we both need to be using the term "apple" in the same way, otherwise effective communication cannot occur.

But, let's make things more complicated. What if instead of having just two things that can be referred to with the same word (i.e., apple means either fruit or computer), we have 400 different ways of conveying the same information? Obviously, in such a situation, effective and efficient communication, let alone any communication at all, becomes very difficult.

Prior to the enactment of HIPAA, however, that is the situation the health care industry was in, which greatly affected the ability of payers and providers to communicate with one another. Prior to HIPAA there were approximately 400 different ways of submitting health care claims to health plans. Moreover, many payers had their own local codes, which were codes that they devised for their own purposes. These local codes made communication among payers and providers difficult because no one else used the same codes. And, it created an administrative nightmare in terms of trying to keep up to date with the meanings of such codes. Hence, the need arose to standardize the health care industry by establishing a uniform system of communication within the health care milieu so that payers and providers could communicate with one another more efficiently. The Standards have been adopted to fulfill that need.

What Are The Standards?
Basically, the Standards are regulations that govern how HIPAA's covered transactions are conducted. The Standards tell us what the covered transactions are (i.e., claims submissions, reimbursement, claim status inquiries, patient eligibility, and referral authorizations), and for each of the covered transactions, the Standards specify the format of the transaction; the data elements required to structure the format of the transaction; and, the data content required for each of the transactions.9 Admittedly, this is very technical stuff, but you do not have to understand all of the technical rules in this area. You just need to understand that for each covered transaction there is a specific standard that must be adhered to when conducting that transaction.

Covered entities conduct, or someone conducts on their behalf, certain covered transactions electronically. As a review, there are currently 8 covered transactions, 5 of which are generally thought to be applicable to health care providers.10 Those 5 transactions are:

  1. Submitting claims or managed care encounter information to a health plan to get reimbursed for providing health care;
  2. Receiving payment or payment remittance advice from a health plan;
  3. Submitting claim status inquiries to a health plan and/or receiving responses thereto from health plans;
  4. Submitting patient eligibility inquiries to health plans and/or receiving responses thereto from health plans; and,
  5. Submitting referral authorization inquiries to health plans and/or receiving responses thereto from health plans.11

The 3 transactions that are generally not thought to be applicable to health care providers are:

  1. Enrolling or disenrolling in a health plan;
  2. Making health plan premium payments; and,
  3. Getting benefits coordinated.12

Again, for each of these covered transactions, HIPAA has a technical standard that must be followed when conducting the transaction. The Standards set forth the medical and non-medical code sets that must be used when conducting covered transactions.13 A code set is any set of codes used to encode data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes, and a code set includes the codes as well as the descriptors of the codes.14 A data element is the smallest named unit of information in a transaction.15

Medical code sets are clinical codes used in transactions to identify what procedures, services, and diagnoses pertain to a client's session. The medical code sets characterize medical conditions and treatments and are usually maintained by professional organizations and public health organizations.16

Non-medical code sets or non-clinical code sets as they are also known, on the other hand, are code sets that characterize a general administrative situation, as opposed to a medical condition or service. These are things like state abbreviations, zip codes, and telephone area codes as well as areas of provider specialization, payment policies, and explanations as to why claims were denied or adjusted.17

Since covered entities must use the medical and non-medical code sets set forth in the Standards, once the Standards are operational, covered entities will be conversing with one another in the same code set "language." Congress's goal then of streamlining the administrative and payment aspects of the health care industry will be fulfilled because all covered entities will be using the same code sets when conducting covered transactions. Once the Standards are operational, there will just be one way of conducting covered transactions, not 400 different ways of conducting them.

The upshot of all of this is that for each of HIPAA's covered transactions there is a technical standard that defines the medical and nonmedical code sets that must be followed when covered entities conduct covered transactions. Unless you are a computer programmer, you do not need to understand all of the technical issues involved with the Standards. You just need to realize that each covered transaction has a corresponding Standard and that when you, or someone acting on your behalf, conducts one of the covered transactions, you or they must comply with the applicable Standard. The accompanying chart below has been prepared to set forth the applicable Standard for each of the covered transactions. This information should be shared with your software vendor or billing service. Moreover, each of these Standards has an Implementation Guide, which can be obtained from

How Do I Comply With The Standards?
Earlier in this article I mentioned that the Standards are more important for those who design or program health care software than they are for you as a health care provider. That fact, however, does not mean that you can ignore the Standards. Assuming you are a covered entity and that you conduct, or that someone conducts on your behalf, one or more of the covered transactions electronically, you will have some compliance activities. However, your compliance activities will depend upon how you interact electronically with health plans when conducting covered transactions. Do you, or does someone acting on your behalf, utilize EDI, webbased applications, or DDE to conduct a covered transaction?

If you utilize, or someone on your behalf utilizes, EDI to conduct covered transactions, your computer system and the health plan's computer system must both comply with the Standards. Compliance will also necessitate that the systems are tested to ensure that the covered transactions can be conducted pursuant to the Standards. Currently, experts in the field are recommending seven different tests: integrity testing; requirement testing; balancing; situation testing; code set testing; specialty or line-service testing; and, trading partner testing. The results of such tests may indicate technical corrections or adjustments that you may have to make on your end of the system to bring it into compliance with the Standards.

If you utilize web-based applications or DDE, or someone on your behalf utilizes such applications, the health plans you conduct covered transactions with should take the lead in ensuring that covered transactions are conducted pursuant to the Standards. Your role is to confirm that each of the health plans that you conduct covered transactions with will be utilizing the applicable Standards when you conduct covered transactions on or after October 16, 2003.

If you utilize a billing service to conduct covered transactions on your behalf, you need to confirm that your billing service will be ready to conduct covered transactions in the Standards on October 16, 2003. If your billing service utilizes EDI to conduct the covered transactions, then the information listed above is equally applicable to your billing service. Conversely, if your billing service utilizes web-based applications or DDE, then the information listed above about web-based applications and DDE is also equally applicable to your billing service. As mentioned, your compliance efforts in this area will depend upon whether you utilize EDI, web-based applications, or DDE. For your use, we have prepared the following Transaction Standards Compliance Worksheet (page 19), as a tool for you to use to identify your compliance requirements. Although the health plans you conduct covered transactions with, the software vendors you contract with to process your health care claims, or your billing service should take the lead in terms of complying with the Standards, you need to be the expert about your business operations and the types of transactions that you conduct or are conducted on your behalf. Consequently, you need to be involved in the compliance process. We cannot emphasize enough that you take the time to diligently work through the accompanying worksheet and that you document the responses that you receive from the health plans and business associates you contract with.

Transaction Standards Compliance Worksheet

1 HIPAA Information Series: Paper 2: Are You a Covered Entity?, p.2,
2 45 CFR 160.102
3 HIPAA Information Series: Paper 2: Are You a Covered Entity?, p. 2,
4 Supra, p. 2
5 Supra, p. 2
6 HIPAA Information Series: Paper 6: What to Expect From Your Health Plans, p. 1,
7 HIPAA Information Series: Paper 1: HIPAA 101 for Health Care Providers' Offices, p. 2,
8 45 CFR 162.923
9 HIPAA Information Series: Paper 4: Overview of Electronic Transactions & Code Sets, p.1,
10HIPAA Information Series: Paper 2: Are You a Covered Entity?, p. 2,
11HIPAA Information Series: Key HIPAA Dates And Tips For Getting Ready, p. 2,
12Supra, p. 3
13HIPAA Information Series: Paper 4: Overview of Electronic Transactions & Code Sets, p. 4,
1445 CFR 162.103
1545 CFR 162.103
16HIPAA Information Series: Paper 4: Overview of Electronic Transactions & Code Sets, p. 4,
17Supra, p.6

The information contained in this article is intended to provide guidelines for addressing difficult legal dilemmas. It is not intended to address every situation that could possibly arise, nor is it intended to be a substitute for independent legal advice or consultation. When using such information as a guide, be aware that laws, regulations, and technical standards change over time, and thus one should verify and update any references or information contained herein. 


Please enter your birth year below. We are asking for your birth year to learn the demographics of our members so we can best tailor programs and services. This information is confidential and will only be used in an aggregate form to help us know the age of our membership.
Birth Year:
I prefer not to provide this information:
Please provide your current emaill address in the area below or confirm that this email address is correct:
Email is Correct:
Consent to electronic voting and help CAMFT conserve member resources and become more eco-friendly! To facilitate electronic voting in future CAMFT elections, please consider giving consent to 1) receiving ballots and accompanying documents from CAMFT via electronic means, and 2) voting by electronic means. Your consent only applies to these electronic communications. You have the right to withdraw your consent at any time by providing CAMFT with a written notice sent by e-mail, fax, or mail. If you choose to consent to electronic voting, you may still request a ballot and accompanying documents in paper form.
I give my consent for E-Voting:
I withhold my consent for E-Voting. Please send paper ballots:


twitter - CAMFT

California Association of Marriage and Family Therapists   |  7901 Raytheon Road, San Diego, CA 92111-1606  
Phone: (858) 292-2638  |   Fax: (858) 292-2666

©Copyright 2012 California Association of Marriage and Family Therapists

CAMFT Community CAMFT Facebook Linkedin twitter -