§ 1320d-2. Standards for information transactions and data elements
(a) Standards to enable electronic exchange
(1) In general
The Secretary shall adopt standards for transactions, and data elements for such transactions, to enable health information to be exchanged electronically, that are appropriate for—
(A)the financial and administrative transactions described in paragraph (2); and
(B)other financial and administrative transactions determined appropriate by the Secretary, consistent with the goals of improving the operation of the health care system and reducing administrative costs.
(2) Transactions
The transactions referred to in paragraph (1)(A) are transactions with respect to the following:
(A)Health claims or equivalent encounter information.
(B)Health claims attachments.
(C)Enrollment and disenrollment in a health plan.
(D)Eligibility for a health plan.
(E)Health care payment and remittance advice.
(F)Health plan premium payments.
(G)First report of injury.
(H)Health claim status.
(I)Referral certification and authorization.
(3) Accommodation of specific providers
The standards adopted by the Secretary under paragraph (1) shall accommodate the needs of different types of health care providers.
(b) Unique health identifiers
(1) In general
The Secretary shall adopt standards providing for a standard unique health identifier for each individual, employer, health plan, and health care provider for use in the health care system. In carrying out the preceding sentence for each health plan and health care provider, the Secretary shall take into account multiple uses for identifiers and multiple locations and specialty classifications for health care providers.
(2) Use of identifiers
The standards adopted under paragraph (1) shall specify the purposes for which a unique health identifier may be used.
(c) Code sets
(1) In general
The Secretary shall adopt standards that—
(A)select code sets for appropriate data elements for the transactions referred to in subsection (a)(1) of this section from among the code sets that have been developed by private and public entities; or
(B)establish code sets for such data elements if no code sets for the data elements have been developed.
(2) Distribution
The Secretary shall establish efficient and low-cost procedures for distribution (including electronic distribution) of code sets and modifications made to such code sets under section
1320d–3(b) of this title.
(d) Security standards for health information
(1) Security standards
The Secretary shall adopt security standards that—
(A)take into account—
(i)the technical capabilities of record systems used to maintain health information;
(ii)the costs of security measures;
(iii)the need for training persons who have access to health information;
(iv)the value of audit trails in computerized record systems; and
(v)the needs and capabilities of small health care providers and rural health care providers (as such providers are defined by the Secretary); and
(B)ensure that a health care clearinghouse, if it is part of a larger organization, has policies and security procedures which isolate the activities of the health care clearinghouse with respect to processing information in a manner that prevents unauthorized access to such information by such larger organization.
(2) Safeguards
Each person described in section
1320d–1(a) of this title who maintains or transmits health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards—
(A)to ensure the integrity and confidentiality of the information;
(B)to protect against any reasonably anticipated—
(i)threats or hazards to the security or integrity of the information; and
(ii)unauthorized uses or disclosures of the information; and
(C)otherwise to ensure compliance with this part by the officers and employees of such person.
(e) Electronic signature
(1) Standards
The Secretary, in coordination with the Secretary of Commerce, shall adopt standards specifying procedures for the electronic transmission and authentication of signatures with respect to the transactions referred to in subsection (a)(1) of this section.
(2) Effect of compliance
Compliance with the standards adopted under paragraph (1) shall be deemed to satisfy Federal and State statutory requirements for written signatures with respect to the transactions referred to in subsection (a)(1) of this section.
(f) Transfer of information among health plans
The Secretary shall adopt standards for transferring among health plans appropriate standard data elements needed for the coordination of benefits, the sequential processing of claims, and other data elements for individuals who have more than one health plan.