HIPAA Resource Center for Providers

Our HIPAA resource center includes the following important information for health care providers:

  • Molina Healthcare by Molina Healthcare's HIPAA readiness status and implementation materials;
  • Information on how to conduct HIPAA transactions with Molina Healthcare;
  • Links to other helpful HIPAA websites.


Learn More About HIPAA - Helpful HIPAA Websites

The websites below have information related to HIPAA-the Health Insurance Portability and Accountability Act of 1996. HIPAA topics include transactions, code sets, privacy of health information, and security standards.


  • HIPAA Transactions

    HIPAA Standards for Electronic Healthcare Transactions

    HIPAA required the Department of Health and Human Services (HHS) to adopt national standards for electronic healthcare transactions. All covered entities must comply with the electronic transactions and code sets standards adopted by HHS.

    Covered entities under HIPAA include:

    • Health plans
    • Healthcare providers who transmit health information in electronic form in connection with a transaction covered by HIPAA
    • Healthcare clearinghouses


    The electronic healthcare transactions covered under HIPAA that may affect provider organizations include:

    Transaction Description

    HIPAA Transaction Standard

    Molina Healthcare Readiness Status

    Claims or Encounter Information

    ASC X12N 837 Professional, or Institutional Healthcare Claims and Encounters


    Eligibility for a Health Plan

    ASC X12N 270/271 Healthcare Eligibility Benefit Inquiry and Response


    Referral Certification and Authorization

    ASC X12N 278 Healthcare Services Review - Request for Review and Response


    Claims Status

    ASC X12N 276/277 Healthcare Claim Status Request and Response


    Payment and Remittance Advice

    ASC X12N 835 Healthcare Claim Payment/Advice



    IMPORTANT NOTE: HIPAA does not require healthcare providers to conduct the above transactions electronically with Molina Healthcare. For example, if you currently submit claims to Molina Healthcare using paper, you may continue to do so.

    Affordable Care Act

    The Patient Protection and Affordable Care Act - HR 3590, also called the “Affordable Care Act” was enacted on March 23, 2010. The Affordable Care Act (ACA) includes provisions related to administrative simplification (Sec. 1104) and standards for financial and administrative transactions (Sec. 10109). It calls for the National Committee on Vital and Health Statistics (NCVHS) to provide input into the process of rulemaking for the establishment of a unique health plan identifier and to provide advice and recommendations to the Department of Health and Human Services (HHS) relative to Operating Rules for electronic exchange of information not defined by a standard or its implementation specification. Operating Rules development shall be conducted by a qualified nonprofit entity that meets specific requirements.

    Pursuant to ACA, the Secretary of HHS has adopted the below Operating Rules:

    Adoption of operating rules

    Effective Date

    Molina Healthcare Readiness Status

    Eligibility for a health plan and health claim status

    January 1, 2013


    Electronic funds transfers and health care payment and remittance advice

    January 1, 2014


    Health claims or equivalent encounter information, enrollment and disenrollment in a health plan, health plan premium payments, and referral certification and authorization


    Awaiting Final Rule


    How to get started exchanging HIPAA transactions with Molina Healthcare

    Molina’s EDI Website and follow the steps indicated.

    HIPAA Implementation Guides

    HIPAA ANSI X12 Transaction Standards can be downloaded from the 
    www.wpc-edi.com website.

    Molina Healthcare Electronic Data Interchange (EDI) Materials and 
    Companion Guides.

    Contact the HIPAA Help Team:

    • HIPAA Transactions testing and enrollment
      Contact Molina’s 
      EDI Team.

    If you are a provider and have a concern or complaint regarding Molina’s HIPAA Transaction Code Sets compliance or any other HIPAA issue call our HIPAA Provider Hotline toll free at 1-866-MOLINA2 (1-866-665-4622) or email us at HIPAAMailbox@MolinaHealthcare.com.

    • General HIPAA Questions or Comments:

    Contact Molina’s HIPAA Program Office as listed in the Contact HIPAA section below:

    For general business questions: Please contact your Molina Healthcare provider services representative.

  • HIPAA Code Sets

    The Federal HIPAA regulations issued by DHHS dictate that only approved code sets may be used in standard electronic transactions. The CMS site has official resources that define these standard code sets. The ICD-10 code sets are used to report medical diagnoses and inpatient procedures. The ICD-10 code sets were implemented effective October 1, 2015.

    About ICD-10

    ICD-10-CM/PCS (International Classification of Diseases, 10th Edition, Clinical Modification /Procedure Coding System) consists of two parts:

         1. ICD-10-CM for diagnosis coding

         2. ICD-10-PCS for inpatient procedure coding

    ICD-10-CM is for use in all U.S. health care settings. Diagnosis coding under ICD-10-CM uses 3 to 7 digits instead of the 3 to 5 digits used with ICD-9-CM, but the format of the code sets is similar.

    ICD-10-PCS is for use in U.S. inpatient hospital settings only. ICD-10­ PCS uses 7 alphanumeric digits instead of the 3 or 4 numeric digits used under ICD-9-CM procedure coding. Coding under ICD-10-PCS is much more specific and substantially different from ICD-9-CM procedure coding.


  • Unique Identifiers

    Molina Healthcare has implemented the HIPAA NPI requirements. Beginning May 23, 2008, HIPAA standard transactions must include NPIs.  No legacy identifiers (other than the billing/pay-to provider's Tax ID number) may be included on HIPAA standard transactions as of May 23, 2008. Non-compliant transactions will be rejected by Molina.

    NPI Overview

    Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Secretary of Health and Human Services (HHS) was required to adopt a national standard unique identifier for covered healthcare providers. On January 23, 2004, the Secretary published the Final Rule that adopted the National Provider Identifier (NPI) as the standard unique identifier. The Centers for Medicare and Medicaid Services (CMS) has developed the National Plan and Provider Enumeration System (NPPES) to identify providers and assign NPIs.

    The NPI is a ten-digit number and must be used on HIPAA standard electronic transactions, such as claims, to identify a provider. Beginning on May 23, 2005, healthcare providers could apply for their National Provider Identifier (NPI). Healthcare providers and most health plans were required to comply with the NPI Rule by May 23, 2007.

    How to Apply for your NPI

    Providers may apply on-line at the NPPES web site.

    Information Required to Obtain your NPI

    For Providers who are Individuals:

    Provider Name

    Provider Date of Birth

    Provider Gender

    State of Birth (if Country of Birth is U.S.)

    Country of Birth

    SSN or other proof of identity

    Mailing Address

    Practice Location Address and Phone Number Taxonomy (Provider Type) State License Information *

    Contact Person Name

    Contact Person Phone Number and E-mail


    * (required for certain taxonomies only)

    Note: Taxonomy codes describe provider type/classification/specialization of Individual and Organization healthcare providers. A complete list of taxonomy codes is available from the Washington Publishing Company.

    Providers (Type 1) who will be required to obtain an NPI include physicians, non-physician healthcare practitioners, other suppliers and certified providers such as institutions, home health agencies and skilled nursing facilities. Each individual practitioner will receive one NPI. However, an organizational provider (Type 2) may obtain an NPI for each of its subparts.

    A subpart can be considered a separate physical location of an organization healthcare provider, member of a chain or an organization healthcare provider separately licensed or certified. Review the information below to determine if you need to obtain NPI's for subparts.


    NPI Educational Resources and Tips

    CMS has developed a variety of educational resources to help providers obtain and use their NPI. Click to access CMS's NPI educational resources.

    How to Report and Use your NPI with Molina Healthcare

    Please contact Molina Healthcare's HIPAA Program Office or call our HIPAA Provider Hotline at 1-866-MOLINA2 (1-866-665-4622) if you need more information regarding how to register and use your NPI when conducting HIPAA transactions with Molina Healthcare.

    Privacy of Health Information

    HIPAA Standards for Privacy of Individually Identifiable Health Information

    The HIPAA Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule) creates national standards to protect individuals' personal health information and gives individuals increased access to their health information. The Privacy Rule covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions electronically. Most covered entities had to comply with the Privacy Rule by April 14, 2003. Small health plans have until April 14, 2004 to comply with the Privacy Rule.

    The Office for Civil Rights (OCR), which is a part of the U.S. Department of Health and Human Services (HHS), is responsible for implementing and enforcing the Privacy Rule. The OCR website is http://www.hhs.gov/ocr/hipaa


  • HIPAA Security

    HIPAA Security Standards for the Protection of Electronic Protected Health Information

    The Final Rule adopting HIPAA standards for the security of electronic protected health information was published in the Federal Register on February 20, 2003. Most covered entities had to comply with the Security Rule by April 20, 2005. The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications.

    The Office for Civil Rights (OCR), which is a part of the U.S. Department of Health and Human Services (HHS), is responsible for implementing and enforcing the Security Rule. The OCR website is http://www.hhs.gov/ocr/hipaa .

    Additional Security Resources

    The Computer Security Division (CSD) is one of eight divisions within the National Institute of Standards and Technology's (NIST) Information Technology Laboratory. NIST's CSD supports the intelligent management of IT risks, vulnerabilities and protection needs.

    NIST's CSD develops computer security prototypes, tests, standards, and procedures to protect sensitive information from unauthorized access or modification. These publications present the results of NIST studies, investigations, and research on information technology security issues.

    NIST's CSD has developed a DRAFT Introductory Resource Guide for Implementing the HIPAA Security Rule (NIST SP 800-66), which is an excellent resource for covered entities implementing the NIST HIPAA Security Rule document.

    For the full list of NIST Security publications, visit NIST's CSD publications library at: http://csrc.nist.gov/publications/index.html.

    HITECH Act

    HITECH (Health Information Technology for Economic and Clinical Health)

    The Health Information Technology for Economic and Clinical Health Act (HITECH Act) http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/hitechblurb.html, a provision that provides for privacy and security of patient health information. Part of the American Recovery and Reinvestment Act of 2009 (ARRA) (Pub L 111-5, 123 Stat 115), the HITECH Act significantly modifies the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub L 104–191, 110 Stat 1936). The HITECH Act adds new requirements concerning privacy and security for health information directly affect many entities. Specifically, the HITECH Act:

    • Directly applies the HIPAA security standards to business associates. Business associates are subject to the administrative, physical, and technical security requirements of HIPAA, must implement appropriate policies and procedures, and must document their security activities. Penalties for violating these HIPAA standards will apply to business associates, just as they now do to covered entities including health plans and health care providers.
    • Establishes new breach notification requirements. The HITECH Act will require that covered entities notify each individual whose health information has been, or is reasonably believed to have been, accessed, acquired, or disclosed as a result of a breach of unsecured PHI. Business associates are required to notify covered entities of breaches of unsecured PHI. Covered entities are required to give notice of the breach without unreasonable delay, and no later than 60 calendar days after its discovery.
    • Strengthens enforcement by increasing fines and adding a new tiered penalty scheme. 


  • Contact HIPAA

    HIPAA Help Team

    HIPAA Transactions testing and enrollment

    • HIPAA Transactions testing and enrollment
      Contact Molina Healthcare's 
      EDI Team.

    If you are a provider and have a concern or complaint regarding Molina Healthcare's HIPAA Transactions & Code Sets compliance or any other HIPAA issue call our HIPAA Provider Hotline toll free at 1-866-MOLINA2 (1-866-665-4622) or email us at HIPAAMailbox@MolinaHealthcare.com

    • General HIPAA Questions or Comments:
      Please use the contact form below or contact our HIPAA Program Office staff listed below:


    Molina Healthcare’s HIPAA Provider Hotline


    Toll Free:1-866-MOLINA2 (1-866-665-4622)


    Timothy Zevnik, CIPP/US, CIPP/G

    VP Compliance & Corporate Privacy Official


    Phone: 1-866-MOLINA9 or 1-866-665-4629




For general business questions: Please contact your Molina Healthcare provider services representative.

Ask the HIPAA Help Team > HIPAA Contact Form 

Please fill out the form below as completely as possible. When you are finished, press the "Submit" button at the bottom of this page. If you indicate that you would like a response, we will contact you. If you need a response urgently, please call Molina Healthcare using the contact numbers above.

Please do not include private information, such as a Member ID Number or Social Security Number, or medical information, as this is not a secured form. Form fields with a red asterisk (*) are required.

Contact Type:



Contact Information:


Question or Comment:

Please enter your comments or questions below.


Submitted Successfully

Please enter all the mandatory fields for the form to be submitted
Please enter a 10 digit telephone number
Please select captcha