HIPAA Resource Center for Providers
Our HIPAA resource center includes the following important information for health care providers:
- Molina Healthcare by Molina Healthcare's HIPAA readiness status and implementation materials.
- Information on how to conduct HIPAA transactions with Molina Healthcare.
- Links to other helpful HIPAA websites.
Learn More About HIPAA - Helpful HIPAA Websites
The websites below have information related to HIPAA-the Health Insurance Portability and Accountability Act of 1996. HIPAA topics include transactions, code sets, privacy of health information, and security standards.
- U.S. Department of Health and Human Services -- HIPAA General Information
- Computer Security Resource Center - National Institute of Standards and Technology
- WEDI/SNIP - WEDI provides lists and guidelines on HIPAA Transactions testing
- HIPAA Transactions
HIPAA Standards for Electronic Healthcare Transactions
HIPAA required the Department of Health and Human Services (HHS) to adopt national standards for electronic healthcare transactions. All covered entities must comply with the electronic transactions and code sets standards adopted by HHS.
Covered entities under HIPAA include:
- Health plans
- Healthcare providers who transmit health information in electronic form in connection with a transaction covered by HIPAA
- Healthcare clearinghouses
The electronic healthcare transactions covered under HIPAA that may affect provider organizations include:
Transaction Description
HIPAA Transaction Standard
Molina Healthcare Readiness Status
Claims or Encounter Information
ASC X12N 837 Professional, or Institutional Healthcare Claims and Encounters
Implemented
Eligibility for a Health Plan
ASC X12N 270/271 Healthcare Eligibility Benefit Inquiry and Response
Implemented
Referral Certification and Authorization
ASC X12N 278 Healthcare Services Review - Request for Review and Response
Implemented
Claims Status
ASC X12N 276/277 Healthcare Claim Status Request and Response
Implemented
Payment and Remittance Advice
ASC X12N 835 Healthcare Claim Payment/Advice
Implemented
IMPORTANT NOTE: HIPAA does not require healthcare providers to conduct the above transactions electronically with Molina. For example, if you currently submit claims to Molina using paper, you may continue to do so.
Affordable Care Act
The Patient Protection and Affordable Care Act - HR 3590, also called the “Affordable Care Act” was enacted on March 23, 2010. The Affordable Care Act (ACA) includes provisions related to administrative simplification (Sec. 1104) and standards for financial and administrative transactions (Sec. 10109). It calls for the National Committee on Vital and Health Statistics (NCVHS) to provide input into the process of rulemaking for the establishment of a unique health plan identifier and to provide advice and recommendations to the Department of Health and Human Services (HHS) relative to Operating Rules for electronic exchange of information not defined by a standard or its implementation specification. Operating Rules development shall be conducted by a qualified nonprofit entity that meets specific requirements.
Pursuant to ACA, the Secretary of HHS has adopted the below Operating Rules:
Adoption of operating rules
Effective Date
Molina Healthcare Readiness Status
Eligibility for a health plan and health claim status
January 1, 2013
Implemented
Electronic funds transfers and health care payment and remittance advice
January 1, 2014
Implemented
Health claims or equivalent encounter information, enrollment and disenrollment in a health plan, health plan premium payments, and referral certification and authorization
TBD
Awaiting Final Rule
How to get started exchanging HIPAA transactions with Molina Healthcare
Review Molina’s EDI Website and follow the steps indicated.HIPAA Implementation Guides
HIPAA ANSI X12 Transaction Standards can be downloaded from the www.wpc-edi.com website.
Molina Healthcare Electronic Data Interchange (EDI) Materials and Companion Guides.
Contact the HIPAA Help Team:- HIPAA Transactions testing and enrollment
Contact Molina’s EDI Team.
If you are a provider and have a concern or complaint regarding Molina’s HIPAA Transaction Code Sets compliance or any other HIPAA issue call our HIPAA Provider Hotline toll free at 1-866-MOLINA2 (1-866-665-4622) or email us at HIPAAMailbox@MolinaHealthcare.com.
- General HIPAA Questions or Comments:
Contact Molina’s HIPAA Program Office as listed in the Contact HIPAA section below:
For general business questions: Please contact your Molina provider services representative at (844) 782-2678 from 7 a.m. to 6 p.m. CT, Monday to Friday.
- HIPAA Code Sets
The Federal HIPAA regulations issued by DHHS dictate that only approved code sets may be used in standard electronic transactions. The CMS site has official resources that define these standard code sets. The ICD-10 code sets are used to report medical diagnoses and inpatient procedures. The ICD-10 code sets were implemented effective October 1, 2015.
About ICD-10
ICD-10-CM/PCS (International Classification of Diseases, 10th Edition, Clinical Modification /Procedure Coding System) consists of two parts:
1. ICD-10-CM for diagnosis coding
2. ICD-10-PCS for inpatient procedure coding
ICD-10-CM is for use in all U.S. health care settings. Diagnosis coding under ICD-10-CM uses 3 to 7 digits instead of the 3 to 5 digits used with ICD-9-CM, but the format of the code sets is similar.
ICD-10-PCS is for use in U.S. inpatient hospital settings only. ICD-10 PCS uses 7 alphanumeric digits instead of the 3 or 4 numeric digits used under ICD-9-CM procedure coding. Coding under ICD-10-PCS is much more specific and substantially different from ICD-9-CM procedure coding.
- Unique Identifiers
Molina Healthcare has implemented the HIPAA NPI requirements. Beginning May 23, 2008, HIPAA standard transactions must include NPIs. No legacy identifiers (other than the billing/pay-to provider's Tax ID number) may be included on HIPAA standard transactions as of May 23, 2008. Non-compliant transactions will be rejected by Molina.
NPI Overview
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Secretary of Health and Human Services (HHS) was required to adopt a national standard unique identifier for covered healthcare providers. On January 23, 2004, the Secretary published the Final Rule that adopted the National Provider Identifier (NPI) as the standard unique identifier. The Centers for Medicare and Medicaid Services (CMS) has developed the National Plan and Provider Enumeration System (NPPES) to identify providers and assign NPIs.
The NPI is a ten-digit number and must be used on HIPAA standard electronic transactions, such as claims, to identify a provider. Beginning on May 23, 2005, healthcare providers could apply for their National Provider Identifier (NPI). Healthcare providers and most health plans were required to comply with the NPI Rule by May 23, 2007.
How to Apply for your NPI
Providers may apply on-line at the NPPES web site.
Information Required to Obtain your NPI
For Providers who are Individuals:
Provider Name
Provider Date of Birth
Provider Gender
State of Birth (if Country of Birth is U.S.)
Country of Birth
SSN or other proof of identity
Mailing Address
Practice Location Address and Phone Number Taxonomy (Provider Type) State License Information *
Contact Person Name
Contact Person Phone Number and E-mail
* (required for certain taxonomies only)
Note: Taxonomy codes describe provider type/classification/specialization of Individual and Organization healthcare providers. A complete list of taxonomy codes is available from the Washington Publishing Company.
Providers (Type 1) who will be required to obtain an NPI include physicians, non-physician healthcare practitioners, other suppliers and certified providers such as institutions, home health agencies and skilled nursing facilities. Each individual practitioner will receive one NPI. However, an organizational provider (Type 2) may obtain an NPI for each of its subparts.
A subpart can be considered a separate physical location of an organization healthcare provider, member of a chain or an organization healthcare provider separately licensed or certified. Review the information below to determine if you need to obtain NPI's for subparts.
NPI Educational Resources and Tips
CMS has developed a variety of educational resources to help providers obtain and use their NPI. Click to access CMS's NPI educational resources.
How to Report and Use your NPI with Molina
Please contact Molina Healthcare’s HIPAA Program Office or call our HIPAA Provider Hotline at 1-866-MOLINA2 (1-866-665-4622) if you need more information regarding how to register and use your NPI when conducting HIPAA transactions with Molina Healthcare.
Privacy of Health Information
HIPAA Standards for Privacy of Individually Identifiable Health Information
The HIPAA Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule) creates national standards to protect individuals' personal health information and gives individuals increased access to their health information. The Privacy Rule covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions electronically. Most covered entities had to comply with the Privacy Rule by April 14, 2003. Small health plans have until April 14, 2004 to comply with the Privacy Rule.
The Office for Civil Rights (OCR), which is a part of the U.S. Department of Health and Human Services (HHS), is responsible for implementing and enforcing the Privacy Rule. The OCR website is http://www.hhs.gov/ocr/hipaa
- HIPAA Security
HIPAA Security Standards for the Protection of Electronic Protected Health Information
The Final Rule adopting HIPAA standards for the security of electronic protected health information was published in the Federal Register on February 20, 2003. Most covered entities had to comply with the Security Rule by April 20, 2005. The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications.
The Office for Civil Rights (OCR), which is a part of the U.S. Department of Health and Human Services (HHS), is responsible for implementing and enforcing the Security Rule. The OCR website is http://www.hhs.gov/ocr/hipaa .
Additional Security Resources
The Computer Security Division (CSD) is one of eight divisions within the National Institute of Standards and Technology's (NIST) Information Technology Laboratory. NIST's CSD supports the intelligent management of IT risks, vulnerabilities and protection needs.
NIST's CSD develops computer security prototypes, tests, standards, and procedures to protect sensitive information from unauthorized access or modification. These publications present the results of NIST studies, investigations, and research on information technology security issues.
NIST's CSD has developed a DRAFT Introductory Resource Guide for Implementing the HIPAA Security Rule (NIST SP 800-66), which is an excellent resource for covered entities implementing the NIST HIPAA Security Rule document.
For the full list of NIST Security publications, visit NIST's CSD publications library at: http://csrc.nist.gov/publications/index.html.
HITECH Act
HITECH (Health Information Technology for Economic and Clinical Health)
The Health Information Technology for Economic and Clinical Health Act (HITECH Act) http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/hitechblurb.html, a provision that provides for privacy and security of patient health information. Part of the American Recovery and Reinvestment Act of 2009 (ARRA) (Pub L 111-5, 123 Stat 115), the HITECH Act significantly modifies the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub L 104–191, 110 Stat 1936). The HITECH Act adds new requirements concerning privacy and security for health information directly affect many entities. Specifically, the HITECH Act:
- Directly applies the HIPAA security standards to business associates. Business associates are subject to the administrative, physical, and technical security requirements of HIPAA, must implement appropriate policies and procedures, and must document their security activities. Penalties for violating these HIPAA standards will apply to business associates, just as they now do to covered entities including health plans and health care providers.
- Establishes new breach notification requirements. The HITECH Act will require that covered entities notify each individual whose health information has been, or is reasonably believed to have been, accessed, acquired, or disclosed as a result of a breach of unsecured PHI. Business associates are required to notify covered entities of breaches of unsecured PHI. Covered entities are required to give notice of the breach without unreasonable delay, and no later than 60 calendar days after its discovery.
- Strengthens enforcement by increasing fines and adding a new tiered penalty scheme.
- Contact HIPAA
HIPAA Help Team
HIPAA Transactions testing and enrollment
- HIPAA Transactions testing and enrollment
Contact Molina Healthcare’s EDI Team.
If you are a provider and have a concern or complaint regarding Molina Healthcare’s HIPAA Transactions & Code Sets compliance or any other HIPAA issue call our HIPAA Provider Hotline toll free at 1-866-MOLINA2 (1-866-665-4622) or email us at HIPAAMailbox@MolinaHealthcare.com
- General HIPAA Questions or Comments:
Please use the contact form below or contact our HIPAA Program Office staff listed below:
Molina Healthcare’s HIPAA Provider Hotline
Toll Free:1-866-MOLINA2 (1-866-665-4622)
Timothy Zevnik, CIPP/US, CIPP/G
VP Compliance & Corporate Privacy Official
Phone: 1-866-MOLINA9 or 1-866-665-4629
- HIPAA Transactions testing and enrollment
For general business questions: Please contact your Molina Healthcare provider services representative at (844) 782-2678 from 7 a.m. to 6 p.m. CT, Monday to Friday.
Ask the HIPAA Help Team > HIPAA Contact Form