Congress passed into law the Health Insurance Portability and Accountability Act of 1996 (HIPAA) with the goals of providing consumers with greater access to health care insurance, protecting the privacy of health care data, and promoting more standardization and efficiency in the health care industry. CareFirst has been working to ensure compliance with the HIPAA legislation since its inception.

CareFirst member sitting as desk reviewing HIPAA regulations

HIPAA Overview

HIPAA regulations address the following key issues:

Portability - Since 1996, HIPAA has protected health insurance coverage for workers and their families when they change or lose their jobs. If you need more information or need proof of coverage under a CareFirst health plan, call Member Services, using the phone number on the back of your old ID card.

Privacy Standards - HIPAA created new rights for individuals that provide more control over the use and disclosure of, and access to their own confidential information. The compliance deadline for all covered entities was April 14, 2003.

Security Standards - All covered entities must take steps to assure the confidentiality, integrity, and availability of protected health information (PHI). Security requirements for Privacy were completed by the April compliance deadline. All covered entities must implement policies and procedures, both administrative and technical, to keep PHI secure and confidential, when it is PHI that is electronically transmitted, stored or manipulated by April 2005.

Unique Identifiers - Another goal of HIPAA is to assign one identifying number to each provider, employer, health plan and individual. The National Employer ID will be used in transactions beginning in October 2003. Both the National Provider and Health Plan Identifier requirements have not been finalized.

Please review Frequently Asked Questions for more information about HIPAA and how CareFirst is responding to these new requirements.

Unique Identifiers

As part of the HIPAA Administrative Simplification regulation, there are currently three unique identifiers used for covered entities in HIPAA administrative and financial transactions. The use of these unique identifiers will promote standardization, efficiency and consistency.

The unique identifiers under HIPAA regulations are:

  • Standard Unique Employer Identifier (EIN)
    The same as the Employer Identification Number (EIN) used on an organization's federal IRS Form W-2. This identifies an employer entity in HIPAA transactions.
  • National Provider Identifier (NPI)
    NPI is a unique 10-digit number used for covered health-care providers in all HIPAA administrative and financial transactions.
  • National Health Plan Identifier (NHI)
    The NHI is a Centers for Medicare & Medicaid Services (CMS) proposed identifier to identify health plans and payers.

Note: That at this time there is no proposed standard for the National Individual Identifier.