• Within the health care industry, patient privacy is protected under the security measures put in place by the Health Insurance Portability and Accountability Act of 1996, or HIPAA. Certain HIPAA regulations apply to the electronic transmission of patient information carried out by a health care provider or organization. As patient information is required within various stages of the treatment process, electronic transmissions are classified according to the type of transactions being made.
  
  

Payment Transactions

• Any electronic transmission of patient information falls within the definition of "transaction" under HIPAA regulations. These regulations apply to covered entities, which include any health care provider or organization that transmits patient information electronically. Payment transactions occur whenever a health care provider submits a request for payment on services tendered. Under HIPAA, both the provider and the payer, be it an insurance company, a federally-subsidized insurer or a billing agency, must follow certain procedures when handling patient information. Payment transactions include batch requests where multiple invoices are sent at the same time, as well as individual payment requests.
  
  

Claims Transactions

• As part of HIPAA regulation, standardized code sets must be used when transmitting patient information between health care providers and insurers. These code sets assign specific codes for each transaction type. Any transactions involving a claim request have a designated code that identifies the type of request being made. Claims transactions fall within different categories, some of which include eligibility inquiries, claims status inquiries and utilization review inquiries. Eligibility inquiries are made when a provider checks to see if a particular service, or treatment is eligible for payment under the patient's insurer or plan. Claims status inquiries are made when a provider checks on the status of a payment request. Utilization review inquiries are made when an organization or provider needs to verify a patient's treatment record. Organizations are required to perform periodic record reviews to ensure compliance with HIPAA procedures and guidelines.
  
  

Authorization Transactions

• HIPAA regulations are designed to protect patient confidentiality rights by implementing security and privacy protocols within the information systems that run health care organizations. Part of the process in ensuring patient privacy requires authorized users to be clearly identified within an organization's system network. These authorization requirements also apply when patient information is transferred between health care providers, insurers and billing agencies. Authorization transactions involve the use of unique identifiers within any electronic transmission of patient information. Unique identifiers are assigned for all covered entities, and must be used along with the standard code sets put in place by HIPAA. Authorization transactions take place whenever a change is made to a patient's record, such as when a payment is processed or a referral to another agency or provider is approved.