HIPAA Resource Center for Providers

Our HIPAA resource center includes the following important information for health care providers:

  • Passport Health Plan by Molina Healthcare's HIPAA readiness status and implementation materials;
  • Information on how to conduct HIPAA transactions with Passport;
  • Links to other helpful HIPAA websites.

Learn More About HIPAA - Helpful HIPAA Websites

The websites below have information related to HIPAA-the Health Insurance Portability and Accountability Act of 1996. HIPAA topics include transactions, code sets, privacy of health information, and security standards.


  • HIPAA Transactions

    HIPAA Standards for Electronic Healthcare Transactions

    HIPAA required the Department of Health and Human Services (HHS) to adopt national standards for electronic healthcare transactions. All covered entities must comply with the electronic transactions and code sets standards adopted by HHS.

    Covered entities under HIPAA include:

    • Health plans
    • Healthcare providers who transmit health information in electronic form in connection with a transaction covered by HIPAA
    • Healthcare clearinghouses

    The electronic healthcare transactions covered under HIPAA that may affect provider organizations include:

    Transaction Description HIPAA Transaction Standard Passport Readiness Status
    Claims or Encounter Information ASC X12N 837 Professional, or Institutional Healthcare Claims and Encounters Implemented
    Eligibility for a Health Plan ASC X12N 270/271 Healthcare Eligibility Benefit Inquiry and Response Implemented
    Referral Certification and Authorization ASC X12N 278 Healthcare Services Review - Request for Review and Response Implemented
    Claims Status ASC X12N 276/277 Healthcare Claim Status Request and Response Implemented
    Payment and Remittance Advice ASC X12N 835 Healthcare Claim Payment/Advice Implemented


    IMPORTANT NOTE: HIPAA does not require healthcare providers to conduct the above transactions electronically with Passport Health Plan. For example, if you currently submit claims to Passport Health Plan using paper, you may continue to do so.

    Affordable Care Act

    The Patient Protection and Affordable Care Act—HR 3590, also called the “Affordable Care Act” was enacted on March 23, 2010. The Affordable Care Act (ACA) includes provisions related to administrative simplification (Sec. 1104) and standards for financial and administrative transactions (Sec. 10109). It calls for the National Committee on Vital and Health Statistics (NCVHS) to provide input into the process of rulemaking for the establishment of a unique health plan identifier and to provide advice and recommendations to the Department of Health and Human Services (HHS) relative to Operating Rules for electronic exchange of information not defined by a standard or its implementation specification. Operating Rules development shall be conducted by a qualified nonprofit entity that meets specific requirements.

    Pursuant to ACA, the Secretary of HHS has adopted the below Operating Rules:

    Adoption of operating rules Effective Date Passport Readiness Status
    Eligibility for a health plan and health claim status January 1, 2013 Implemented
    Electronic funds transfers and health care payment and remittance advice January 1, 2014 Implemented
    Health claims or equivalent encounter information, enrollment and disenrollment in a health plan, health plan premium payments, and referral certification and authorization TBD Awaiting Final Rule


    How to get started exchanging HIPAA transactions with Passport Health Plan

    Review Passport’s EDI Website and follow the steps indicated.

    HIPAA Implementation Guides

    HIPAA ANSI X12 Transaction Standards can be downloaded from the www.wpc-edi.com website.

    Passport Health Plan Electronic Data Interchange (EDI) Materials and Companion Guides

    Contact the HIPAA Help Team:

    HIPAA Transactions testing and enrollment

    Contact Passport’s EDI Team.

    If you are a provider and have a concern or complaint regarding Passport’s HIPAA Transaction Code Sets compliance or any other HIPAA issue call our HIPAA Provider Hotline toll free at 1-866-MOLINA2 ((866) 665-4622) or email us at HIPAAMailbox@MolinaHealthcare.com.

    General HIPAA Questions or Comments

    Contact Passport's’s HIPAA Program Office as listed in the Contact HIPAA section below:

    For general business questions: Please contact your Passport Health Plan provider services representative. 

  • HIPAA Code Sets

    The Federal HIPAA regulations issued by DHHS dictate that only approved code sets may be used in standard electronic transactions. The CMS site has official resources that define these standard code sets. The ICD-10 code sets are used to report medical diagnoses and inpatient procedures. The ICD-10 code sets were implemented effective October 1, 2015.

    About ICD-10

    ICD-10-CM/PCS (International Classification of Diseases, 10th Edition, Clinical Modification /Procedure Coding System) consists of two parts:

         1. ICD-10-CM for diagnosis coding

         2. ICD-10-PCS for inpatient procedure coding

    ICD-10-CM is for use in all U.S. health care settings. Diagnosis coding under ICD-10-CM uses 3 to 7 digits instead of the 3 to 5 digits used with ICD-9-CM, but the format of the code sets is similar.

    ICD-10-PCS is for use in U.S. inpatient hospital settings only. ICD-10­-PCS uses 7 alphanumeric digits instead of the 3 or 4 numeric digits used under ICD-9-CM procedure coding. Coding under ICD-10-PCS is much more specific and substantially different from ICD-9-CM procedure coding.


  • Unique Identifiers

    Passport Health Plan has implemented the HIPAA NPI requirements. Beginning May 23, 2008, HIPAA standard transactions must include NPIs.  No legacy identifiers (other than the billing/pay-to provider's Tax ID number) may be included on HIPAA standard transactions as of May 23, 2008. Non-compliant transactions will be rejected by Passport.

    NPI Overview

    Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Secretary of Health and Human Services (HHS) was required to adopt a national standard unique identifier for covered healthcare providers. On January 23, 2004, the Secretary published the Final Rule that adopted the National Provider Identifier (NPI) as the standard unique identifier. The Centers for Medicare and Medicaid Services (CMS) has developed the National Plan and Provider Enumeration System (NPPES) to identify providers and assign NPIs.

    The NPI is a ten-digit number and must be used on HIPAA standard electronic transactions, such as claims, to identify a provider. Beginning on May 23, 2005, healthcare providers could apply for their National Provider Identifier (NPI). Healthcare providers and most health plans were required to comply with the NPI Rule by May 23, 2007.

    How to Apply for your NPI

    Providers may apply on-line at the NPPES web site.

    Information Required to Obtain your NPI

    For providers who are individuals:

    Provider Name Provider Date of Birth
    Provider Gender State of Birth (if Country of Birth is U.S.)
    Country of Birth SSN or Other Proof of Identity
    Mailing Address Practice Location Address and Phone Number Taxonomy (Provider Type) State License Information *
    Contact Person Name Contact Person Phone Number and Email

    * (required for certain taxonomies only)

    Note: Taxonomy codes describe provider type/classification/specialization of individual and organization health care providers. A complete list of taxonomy codes is available from the Washington Publishing Company.

    Providers (Type 1) who will be required to obtain an NPI include physicians, non-physician healthcare practitioners, other suppliers and certified providers such as institutions, home health agencies and skilled nursing facilities. Each individual practitioner will receive one NPI. However, an organizational provider (Type 2) may obtain an NPI for each of its subparts.

    A subpart can be considered a separate physical location of an organization healthcare provider, member of a chain or an organization healthcare provider separately licensed or certified. Review the information below to determine if you need to obtain NPI's for subparts.

    Fact Sheet
    Decision Tree for Determining NPI Subparts

    NPI Educational Resources and Tips

    CMS has developed a variety of educational resources to help providers obtain and use their NPI. Click to access CMS's NPI educational resources.

    How to Report and Use your NPI with Passport Health Plan

    Please contact Passport’s HIPAA Program Office or call our HIPAA Provider Hotline at 1-866-MOLINA2 ((866) 665-4622) if you need more information regarding how to register and use your NPI when conducting HIPAA transactions with Passport Health Plan. 

  • Privacy of Health Information

    HIPAA Standards for Privacy of Individually Identifiable Health Information

    The HIPAA Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule) creates national standards to protect individuals' personal health information and gives individuals increased access to their health information. The Privacy Rule covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions electronically. Most covered entities had to comply with the Privacy Rule by April 14, 2003. Small health plans have until April 14, 2004 to comply with the Privacy Rule.

    The Office for Civil Rights (OCR), which is a part of the U.S. Department of Health and Human Services (HHS), is responsible for implementing and enforcing the Privacy Rule. The OCR website is http://www.hhs.gov/ocr/hipaa

    icon View OCR's Summary of the HIPAA Privacy Rule

  • HIPAA Security

    HIPAA Security Standards for the Protection of Electronic Protected Health Information

    The Final Rule adopting HIPAA standards for the security of electronic protected health information was published in the Federal Register on February 20, 2003. Most covered entities had to comply with the Security Rule by April 20, 2005. The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications.

    The Office for Civil Rights (OCR), which is a part of the U.S. Department of Health and Human Services (HHS), is responsible for implementing and enforcing the Security Rule. The OCR website is http://www.hhs.gov/ocr/hipaa.

    Additional Security Resources

    The Computer Security Division (CSD) is one of eight divisions within the National Institute of Standards and Technology's (NIST) Information Technology Laboratory. NIST's CSD supports the intelligent management of IT risks, vulnerabilities and protection needs.

    NIST's CSD develops computer security prototypes, tests, standards, and procedures to protect sensitive information from unauthorized access or modification. These publications present the results of NIST studies, investigations, and research on information technology security issues.

    NIST's CSD has developed a DRAFT Introductory Resource Guide for Implementing the HIPAA Security Rule (NIST SP 800-66), which is an excellent resource for covered entities implementing the NIST HIPAA Security Rule document.

    For the full list of NIST Security publications, visit NIST's CSD publications library at: http://csrc.nist.gov/publications/index.html.

    HITECH Act

    HITECH (Health Information Technology for Economic and Clinical Health)

    The Health Information Technology for Economic and Clinical Health Act (HITECH Act) http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/hitechblurb.html, a provision that provides for privacy and security of patient health information. Part of the American Recovery and Reinvestment Act of 2009 (ARRA) (Pub L 111-5, 123 Stat 115), the HITECH Act significantly modifies the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub L 104–191, 110 Stat 1936). The HITECH Act adds new requirements concerning privacy and security for health information directly affect many entities. Specifically, the HITECH Act:

    • Directly applies the HIPAA security standards to business associates. Business associates are subject to the administrative, physical, and technical security requirements of HIPAA, must implement appropriate policies and procedures, and must document their security activities. Penalties for violating these HIPAA standards will apply to business associates, just as they now do to covered entities including health plans and health care providers.
    • Establishes new breach notification requirements. The HITECH Act will require that covered entities notify each individual whose health information has been, or is reasonably believed to have been, accessed, acquired, or disclosed as a result of a breach of unsecured PHI. Business associates are required to notify covered entities of breaches of unsecured PHI. Covered entities are required to give notice of the breach without unreasonable delay, and no later than 60 calendar days after its discovery.
    • Strengthens enforcement by increasing fines and adding a new tiered penalty scheme.
  • Contact HIPAA

    HIPAA Help Team

    HIPAA Transactions testing and enrollment

    Contact Passport's EDI Team.

    If you are a provider and have a concern or complaint regarding Passport's HIPAA Transactions & Code Sets compliance or any other HIPAA issue call our HIPAA Provider Hotline toll free at 1-866-MOLINA2 ((866) 665-4622) or email us at HIPAAMailbox@MolinaHealthcare.com

    General HIPAA Questions or Comments
    Please use the contact form below or contact our HIPAA Program Office staff listed below:

    Passport Health Plan’s HIPAA Provider Hotline Toll Free:1-866-MOLINA2 ((866) 665-4622)
    Email: HIPAAMailbox@MolinaHealthcare.com
    Timothy Zevnik, CIPP/US, CIPP/G
    VP Compliance & Corporate Privacy Official
    Phone: 1-866-MOLINA9 or (866) 665-4629
    Email: Timothy.Zevnik@MolinaHealthcare.com

    For general business questions: Please contact your Passport provider services representative.


Ask the HIPAA Help Team (HIPAA Contact Form)

Please fill out the form below as completely as possible. When you are finished, press the "Submit" button at the bottom of this page. If you indicate that you would like a response, we will contact you. If you need a response urgently, please call Passport Health Plan using the contact numbers above.

Please do not include private information, such as a Member ID Number or Social Security Number, or medical information, as this is not a secured form. Form fields with a red asterisk (*) are required.

Contact Type:



Contact Information:


Question or Comment:

Please enter your comments or questions below.


Submitted Successfully

By submitting my information via this form, I consent to having Molina Healthcare collect my personal information. I understand and agree that my information will be used and shared in accordance with Molina Healthcare's Privacy Policy and Terms of Use.

Please enter all the mandatory fields for the form to be submitted
Please enter a 10 digit telephone number
Please select captcha