What is HIPAA?

The Health Insurance Portability and Accountability Act, referred to as HIPAA, was passed by congress in 1996. There are numerous aspects to HIPAA:

  • It guarantees that people leaving jobs will not lose certain healthcare coverage;
  • It establishes minimum standards for small group insurance coverage;
  • It establishes privacy and security regulations for how certain protected health information (PHI) is handled.

HIPAA affects every aspect of operations at Blue Shield of California (Blue Shield). Additionally, Electronic Data Interchange (EDI) regulations govern the transmission, maintenance, security and privacy of electronic health information transmitted by health care providers, payors and others.

Who is affected by HIPAA requirements?

Covered Entities under HIPAA include health plans, medical providers, certain self-funded employer group health plans, and electronic clearinghouses who transmit data between providers and payors, or between employer groups and health plans. It is important that all Covered Entities work together to keep member PHI confidential and private.

What are the specifics of HIPAA?

Title II of the Health Insurance Portability and Accountability Act (HIPAA - Administrative Simplification) includes a broad range of regulations which can be broken down into the following:

1. Administrative simplification (transactions, code sets and identifiers)

Administrative simplification improves the efficiency of health care delivery by standardizing and promoting the use of electronic transactions through EDI for exchanging data. HIPAA mandates standards for EDI transactions and code sets. It establishes uniform health care identifiers for providers, health plans and employers. These requirements affect all Covered Entities that conduct electronic transactions. For more information about Blue Shield's EDI program, review HIPAA 5010 frequently asked questions.

2. The National Provider Identifier (NPI)

The National Provider Identifier (NPI) is a unique ten-digit number assigned to covered health care providers by the National Plan and Provider Enumeration System (NPPES), which is managed by the Centers for Medicare & Medicaid Services (CMS).

Identified in the Final Rule, published January 23, 2004 as part of HIPAA, the NPI is part of overall provisions to improve the efficiency and effectiveness of the electronic transmission of health information. Find out about submitting your NPI to Blue Shield.

3. Privacy and security

The HIPAA privacy regulations, which went into effect April of 2003, provide rules for handling and safeguarding the PHI of members. Member PHI includes individually identifiable information about members. Privacy regulations affect all HIPAA Covered Entities and to some degree, their business associates and trading partners.

HIPAA security regulations were finalized in 2013. The security requirements address systems security measures, the control of access to electronic data, and requires the appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

Blue Shield of California has a Privacy Office to assist you with any privacy related concerns. You may contact the Privacy Office at:

Phone:(888) 266-8080


You also can download the Blue Shield of California Notice of Privacy Practices (PDF, 387 KB).