Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Benefit Management Inc. has kept abreast of the regulations issued by the Department of Health and Human Services regarding the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Final rules issued for electronic data transactions used in the administration of health care data and for privacy of individually identifiable health information became effective October 2002 and April 2003. Final rules for the Security Rule became effective April 2005. Benefit Management Inc. is currently compliant with all federal HIPAA rules and regulations.
Business Associates
A business associate is a person or organization, other than a member of a covered entity's workforce, that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of individually identifiable health information. Business associate functions or activities on behalf of a covered entity include claims processing, data analysis, utilization review, and billing. Business associate services to a covered entity are limited to legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services. However, persons or organizations are not considered business associates if their functions or services do not involve the use or disclosure of protected health information, and where any access to protected health information by such persons would be incidental, if at all. A covered entity can be the business associate of another covered entity.
In accordance with the rules of HIPAA, it is Benefit Management Inc.'s practice to obtain signed and completed "Business Associate Agreement" for all individuals or organizations who meet the stated definition. Please contact Chad Somers, the Privacy Officer, to obtain a Business Associate Agreement.
Privacy and Security Rules
The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."
The Security Rule defines administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information. The standards require covered entities to implement basic safeguards to protect electronic protected health information from unauthorized access, alteration, deletion, and transmission.
What is the difference between the Privacy Rule and the Security Rule? The Privacy Rule applies to protected health information in any form, whereas the Security Rule applies only to protected heath information in electronic form.
We are committed to staying in compliance with all current and future HIPAA rules.
128-Bit SSL
We provide a 128-bit Secure Socket Layer (SSL) (sometimes referred to as Transport Layer Security-TLS) when transmitting data from our web server to an individual computer. The SSL security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection.
PGP Encryption
PGP encryption utilizes public key encryption which is based on the mathematical relationship between a private key which is maintained in confidence by an individual or group, with the public key being distributed as an identifier of that individual or group. The holder of the private key can compute the public key. To provide confidentiality, sensitive PHI is encrypted using a public key; the associated private key is required to recover the data.
- EDI Transfers - Inbound and Outbound
- External email and email attachments
Register as an EDI Business Partner
We welcome the opportunity to work directly with providers for the purpose of providing the most cost efficient means for handling claim data and payment information.
EDI Supported Transaction Sets
A "transaction" is an electronic business document. Under HIPAA, several standardized transactions will replace hundreds of proprietary, non-standard transactions currently in use. We accept the following HIPAA mandated transactions:
- ASC X12N 837I - Health Care Claim Institutional
- ASC X12N 837P - Health Care Claim Professional
- ASC X12N 837D - Health Care Claim Dental
- ASC X12N 834 - Benefit Enrollment & Maintenance
- ASC X12N 835 - Health Care Claim Payment/Advice
- ASC X12N 278 - Health Care Services Review Request for Review and Response
- ASC X12N 276 - Health Care Claim Status Request
- ASC X12N 277 - Health Care Claim Status Response
- ASC X12N 270 - Health Care Eligibility Benefit Inquiry
- ASC X12N 271 - Health Care Eligibility Benefit Response
- NCPDP Ver. 5.1 - Pharmacy Claim
- NCPDP Ver. 5.1 - Pharmacy Remittance and Payment Advice
Supported Methods of Transmitting using PGP Encryption
- FTP Delivery
- FTP Retrieval
Procedures for EDI Business Partner Approval
After reviewing your completed EDI Business Partner Enrollment and Agreement forms, our EDI help desk will contact you to begin making arrangements for testing of transmission and for establishing a timeline for completion. Prior to approval the provider will need to send an electronic claim with a test indicator in addition to paper claims. This will facilitate the comparison of all necessary fields received electronically.
EDI Help Desk
If you have any questions about EDI transactions please contact our EDI help desk at:
edisupport@bmikansas.com
p: 800-290-1368
f: 620-792-7053
