Explosive growth in digital health over the last few years means there are many developers and managers who haven’t worked under HIPAA before. This guide is written for startups (and small businesses operating online) who could use some help with the basics of HIPAA compliance.
(a) A controlling health plan must do all of the following:
(1) Obtain an HPID from the Enumeration System for itself.
(2) Disclose its HPID, when requested, to any entity that needs the HPID to identify the health plan in a standard transaction.
(3) Communicate to the Enumeration System any changes in its required data elements in the Enumeration System within 30 days of the change.
(b) A controlling health plan may do the following:
(1) Obtain an HPID from the Enumeration System for a subhealth plan of the controlling health plan.
(2) Direct a subhealth plan of the controlling health plan to obtain an HPID from the Enumeration System.
(c) A subhealth plan may obtain an HPID from the Enumeration System.
(d) A subhealth plan that is assigned an HPID from the Enumeration System must comply with the requirements that apply to a controlling health plan in paragraphs (a)(2) and (a)(3) of this section.