FindLaw | Find a Lawyer. Find Answers.

• United States Code
• TITLE 42 - THE PUBLIC HEALTH AND WELFARE
• CHAPTER 7 - SOCIAL SECURITY
• SUBCHAPTER XI - GENERAL PROVISIONS, PEER REVIEW, AND ADMINISTRATIVE SIMPLIFICATION
• PART C - ADMINISTRATIVE SIMPLIFICATION

    (a) Standards to enable electronic exchange
      (1) In general
        The Secretary shall adopt standards for transactions, and data
      elements for such transactions, to enable health information to
      be exchanged electronically, that are appropriate for - 
          (A) the financial and administrative transactions described
        in paragraph (2); and
          (B) other financial and administrative transactions
        determined appropriate by the Secretary, consistent with the
        goals of improving the operation of the health care system and
        reducing administrative costs.
      (2) Transactions
        The transactions referred to in paragraph (1)(A) are
      transactions with respect to the following:
          (A) Health claims or equivalent encounter information.
          (B) Health claims attachments.
          (C) Enrollment and disenrollment in a health plan.
          (D) Eligibility for a health plan.
          (E) Health care payment and remittance advice.
          (F) Health plan premium payments.
          (G) First report of injury.
          (H) Health claim status.
          (I) Referral certification and authorization.
      (3) Accommodation of specific providers
        The standards adopted by the Secretary under paragraph (1)
      shall accommodate the needs of different types of health care
      providers.
    (b) Unique health identifiers
      (1) In general
        The Secretary shall adopt standards providing for a standard
      unique health identifier for each individual, employer, health
      plan, and health care provider for use in the health care system.
      In carrying out the preceding sentence for each health plan and
      health care provider, the Secretary shall take into account
      multiple uses for identifiers and multiple locations and
      specialty classifications for health care providers.
      (2) Use of identifiers
        The standards adopted under paragraph (1) shall specify the
      purposes for which a unique health identifier may be used.
    (c) Code sets
      (1) In general
        The Secretary shall adopt standards that - 
          (A) select code sets for appropriate data elements for the
        transactions referred to in subsection (a)(1) of this section
        from among the code sets that have been developed by private
        and public entities; or
          (B) establish code sets for such data elements if no code
        sets for the data elements have been developed.
      (2) Distribution
        The Secretary shall establish efficient and low-cost procedures
      for distribution (including electronic distribution) of code sets
      and modifications made to such code sets under section 1320d-3(b)
      of this title.
    (d) Security standards for health information
      (1) Security standards
        The Secretary shall adopt security standards that - 
          (A) take into account - 
            (i) the technical capabilities of record systems used to
          maintain health information;
            (ii) the costs of security measures;
            (iii) the need for training persons who have access to
          health information;
            (iv) the value of audit trails in computerized record
          systems; and
            (v) the needs and capabilities of small health care
          providers and rural health care providers (as such providers
          are defined by the Secretary); and

          (B) ensure that a health care clearinghouse, if it is part of
        a larger organization, has policies and security procedures
        which isolate the activities of the health care clearinghouse
        with respect to processing information in a manner that
        prevents unauthorized access to such information by such larger
        organization.
      (2) Safeguards
        Each person described in section 1320d-1(a) of this title who
      maintains or transmits health information shall maintain
      reasonable and appropriate administrative, technical, and
      physical safeguards - 
          (A) to ensure the integrity and confidentiality of the
        information;
          (B) to protect against any reasonably anticipated - 
            (i) threats or hazards to the security or integrity of the
          information; and
            (ii) unauthorized uses or disclosures of the information;
          and

          (C) otherwise to ensure compliance with this part by the
        officers and employees of such person.
    (e) Electronic signature
      (1) Standards
        The Secretary, in coordination with the Secretary of Commerce,
      shall adopt standards specifying procedures for the electronic
      transmission and authentication of signatures with respect to the
      transactions referred to in subsection (a)(1) of this section.
      (2) Effect of compliance
        Compliance with the standards adopted under paragraph (1) shall
      be deemed to satisfy Federal and State statutory requirements for
      written signatures with respect to the transactions referred to
      in subsection (a)(1) of this section.
    (f) Transfer of information among health plans
      The Secretary shall adopt standards for transferring among health
    plans appropriate standard data elements needed for the
    coordination of benefits, the sequential processing of claims, and
    other data elements for individuals who have more than one health
    plan.