Congress passed into law the Health Insurance Portability and Accountability Act of 1996 (HIPAA) with the goals of providing consumers with greater access to health care insurance, protecting the privacy of health care data, and promoting more standardization and efficiency in the health care industry. CareFirst has been working to ensure compliance with the HIPAA legislation since its inception.

HIPAA Overview

HIPAA regulations address the following key issues:

Portability - Since 1996, HIPAA has protected health insurance coverage for workers and their families when they change or lose their jobs. If you need more information or need proof of coverage under a CareFirst health plan, call Member Services, using the phone number on the back of your old ID card.

Transaction Standards- Many providers and health care companies exchange information electronically (via computer). All covered entities, as defined by HIPAA, are required to use standard format, content and codes when submitting electronic transactions after October 16, 2003

Privacy Standards   - HIPAA created new rights for individuals that provide more control over the use and disclosure of, and access to their own confidential information. The compliance deadline for all covered entities was April 14, 2003.

Security Standards- All covered entities must take steps to assure the confidentiality, integrity, and availability of protected health information (PHI). Security requirements for Privacy were completed by the April compliance deadline. All covered entities must implement policies and procedures, both administrative and technical, to keep PHI secure and confidential, when it is PHI that is electronically transmitted, stored or manipulated by April 2005.

Unique Identifiers - Another goal of HIPAA is to assign one identifying number to each provider, employer, health plan and individual. The National Employer ID will be used in transactions beginning in October 2003. Both the National Provider and Health Plan Identifier requirements have not been finalized.

Please review Frequently Asked Questions for more information about HIPAA and how CareFirst is responding to these new requirements.

Unique Identifiers

(These are proposed regulations; some are currently on hold)

HIPAA will require the use of "unique identifiers" for use in health care for individuals, employers, health plans and health care providers. The following represents the status of those identifiers:

  • National Provider Identifier: New eight character alphanumeric or 10-digit numeric with check digit
  • National Employer Identifier: Federal Employer Identification Number (EIN) ; 9 digits separated by hyphen (e.g., 00-0000000)
  • National Health Plan Identifier: No proposed standard
  • National Individual Identifier: No proposed standard (on hold)