HIPAA — mandatory US healthcare EDI
HIPAA (Health Insurance Portability and Accountability Act, 1996) is the law that made EDI mandatory in American healthcare: every administrative transaction between care providers and insurers runs on standardised X12N messages. By volume it is one of the largest EDI ecosystems in the world.
What is HIPAA?
HIPAA is best known to the public for its Privacy provisions (health-data protection). For B2B integration, though, what matters is its Administrative Simplification title: it directs HHS (the Department of Health and Human Services) to adopt standardised, mandatory transaction formats for healthcare administrative exchanges. HHS adopted the X12N transactions (X12's insurance subcommittee) — today at version 005010.
The consequence is unique worldwide: where retail or automotive EDI remains contractual, US healthcare EDI is imposed by law — a payer cannot demand a proprietary format for a covered transaction.
The HIPAA transactions (X12N 005010)
| Transaction | Role |
|---|---|
| 837 (P/I/D) | Healthcare claim — Professional, Institutional, Dental |
| 835 | Payment and remittance advice (ERA) |
| 270 / 271 | Eligibility and coverage inquiry / response |
| 276 / 277 | Claim status inquiry / response |
| 278 | Prior authorization / referral request |
| 834 | Benefit enrollment and maintenance |
| 820 | Premium payment |
Retail pharmacy uses the NCPDP standards (Telecommunication Standard) rather than X12 — the other family adopted under HIPAA.
The acknowledgement chain: TA1, 999, 277CA
- TA1 — envelope acknowledgement (ISA/IEA interchange).
- 999 — implementation acknowledgement: the file complies (or not) with the TR3 guide, beyond bare syntax (it replaces the 997 in the HIPAA context).
- 277CA — Claim Acknowledgment: accepts or rejects each claim individually before adjudication.
This three-level chain (envelope → guide → business) is the American counterpart of EDIFACT's CONTRL/APERAK pair — with finer granularity.
TR3s and companion guides
Each transaction is specified by a TR3 (Technical Report Type 3), the implementation guide published by X12 — it is the TR3 that carries regulatory force, not the generic X12 standard. On top, each payer publishes a companion guide refining its choices (expected values, connectivity) without being allowed to contradict the TR3. A HIPAA flow therefore validates in two layers, much like an EN 16931 invoice validates European rules then national rules.
The actors: providers, payers, clearinghouses
- Providers — hospitals, practices, labs: submit 837s, receive 835s.
- Payers (health plans) — private insurers, Medicare, Medicaid: adjudicate claims.
- Clearinghouses — intermediaries that aggregate, validate and route transactions between thousands of providers and payers. Functionally the VANs of US healthcare — and covered entities under the law, just like payers.
HIPAA vs European healthcare EDI
- In the US: the administrative flow (billing, eligibility) is standardised by law (X12N); the clinical flow runs on HL7 v2 and FHIR.
- In Europe: no single equivalent — each national health system has its own billing formats, and the clinical side converges on FHIR (EHDS).
- FHIR is also gaining ground on the US administrative side (the Da Vinci Project, CMS prior-auth API rules), but the X12N transactions remain the regulatory backbone of batch exchange.
Further reading
- CMS — Administrative Simplification (45 CFR Part 162).
- X12 — Transaction sets & TR3s.
- The transaction pages: 837, 835, 270/271.