Arkansas Medicaid logo Home | General | Provider | Consumer | Research | Site Map | Provider Training



Under HIPAA, Arkansas Medicaid is a health plan. Its fiscal agent, HP Enterprise Services, is its business associate. Business associate agreements are not necessary between Arkansas Medicaid or HP Enterprise Services and providers or other billers.

What is HIPAA?

HIPAA stands for Health Insurance Portability and Accountability Act of 1996. Congress passed this landmark law to provide consumers with greater access to health care insurance, to protect the privacy of health care data, and to promote more standardization and efficiency in the health care industry.

HIPAA Deadlines

April 14, 2003


April 16, 2003


October 16, 2003

Electronic transactions and code sets

April 21, 2005



Claim Submissions

Providers can file claims through the Arkansas Medicaid website, with a vendor system, or with the most current version of Provider Electronic Solutions (PES) software.



837 Professional
837 Institutional
837 Dental
NCPDP retail pharmacy (version D.0 interactive, version 1.1 batch)

Payment and remittance advice


Prior authorization and response and referral

NCPDP retail pharmacy (version D.0 interactive, version 1.1 batch)

Claim status inquiry and response

NCPDP retail pharmacy (version D.0 interactive, version 1.1 batch)

Eligibility inquiry and response


Enrollment and disenrollment in a health plan


Health plan premium payments


Coordination of benefits


Pending approval


Claim attachments


First report of injury


Code Sets

Physician services


Medical supplies, orthotics, and DME


Diagnosis codes

ICD-9-CM, Vols 1 and 2

Inpatient hospital procedures

ICD-9-CM, Vols 1 and 2

Dental services

Code on dental procedures and nomenclature


NDC for retail pharmacy

Administrative Simplification

Administrative simplification has the following four parts:

Electronic Transactions and Code Sets

Transactions are activities involving the transfer of health care information for specific purposes. Under HIPAA administration simplification, if a health care provider engages in one of the identified transactions, the provider must comply with the standard for that transaction. HIPAA requires every provider who does business electronically to use the same health care transactions, code sets, and identifiers.

Code sets identify diagnoses and clinical procedures on claims and encounter forms. The CPT-4 and ICD-9 codes that you are familiar with are examples of code sets for diagnosis and procedure coding. Other code sets required by HIPAA's administrative simplification law include codes used for DME, dental services, and drugs.


The privacy requirements limit the release of protected health information (PHI) without the patient's knowledge and consent except as needed for the patient's care. The patient's personal information must be guarded more securely and handled more carefully when conducting the business of health care.


The security regulation outlines the minimum administrative, technical, and physical safeguards required to prevent unauthorized access to protected health information. The U.S. Department of Health and Human Services published final instructions on security requirements in the Federal Register on February 20, 2003. HIPAA security requirements became effective April 21, 2005.

National Identifiers

HIPAA requires health care providers, health plans, and employers to have standard ID numbers. The Employer Identification Number (EIN), issued by the Internal Revenue Service, was selected as the identifier for employers and was adopted effective July 30, 2002. The NPI Final Rule issued January 23, 2004, adopted the National Provider Identifier (NPI) as the standard for health care providers. The Centers for Medicare & Medicaid Services (CMS) developed the National Plan and Provider Enumeration System (NPPES) to assign these unique identifiers. A standard identifier has not yet been adopted for health plans.


Administrative Simplification--The process of improving the efficiency of health care delivery by standardizing electronic data exchange.

Business Associate--A person who performs a function or activity on behalf of a covered entity.

CMS--Centers for Medicare and Medicaid Services (formerly HCFA)

Code Set--Any set of codes used to identify data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes.

Covered Entity--A health plan, a health care clearinghouse, or a health care provider that transmits any health information in electronic form in connection with a transaction.

Health and Human Services, U.S. Department of--The federal agency responsible for implementing HIPAA.

Health Care Provider--A provider of medical or other health services and any other person or organization that furnishes, bills, or is paid for health care in the normal course of business.

Health Information--Any information, whether oral or recorded in any form or medium, that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse.

HHS--U.S. Department of Health and Human Services

HIPAA--Health Insurance Portability and Accountability Act of 1996

Individually Identifiable Health Information--Health information that identifies the individual or can be used to identify the individual.

Office for Civil Rights--The HHS entity responsible for enforcing HIPAA privacy rules.

Protected Health Information--Individually identifiable health information that is transmitted, maintained, or accessible in any form or medium that relates to the past, present, or future physical or mental health or condition of an individual.