"Transactions are electronics exchanges involving the transfer of health care information between two parties for specific purposes, such as a health care provider submitting medical claims to a health plan for payment."
HIPAA mandates that, if covered entities engage in electronic transactions (and really, how many don't?), they must adhere to certain standards that HHS outlines.
Related to transactions are code sets. According to HHS, code sets are:
"Under HIPAA, a "code set" is any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnosis codes, or medical procedure codes. Medical data code sets used in the health care industry include coding systems for diseases, impairments, other health-related problems, and their manifestations; causes of injury, disease, impairment, or other health-related problems; actions taken to prevent, diagnose, treat, or manage diseases, injuries, and impairments; and any substances, equipment, supplies, or other items used to perform these actions."
In addition to the HHS resources, there are two other great sites you should check out. The first, provided by the American Medical Association (AMA), covers HIPAA in general and has a specific section on Transactions and Code Sets.
Finally the American Academy of Family Physicians has a great article that covers HIPAA, including some great high-level advice on dealing with the regulation, as well as how to transition an organization to HIPAA compliance.
As for HIPAA assessments, there are several good resources also provided by HHS. One resource gives extensive information on safeguards, policies and risk management. Another resource has a great high-level outline of what to expect as part of being audited (.PDF). Finally, HIPAA auditors, as a general rule, use the Medicaid guidelines (.PDF) provided by the Office of the Inspector General of Health and Human Services.
For more information:
Dig Deeper on HIPAA
Related Q&A from David Mortman
While IT security consultancies can be helpful when trying to find flaws in an information security management framework, there are ways to do it ... Continue Reading
PCI DSS audits can be a lot easier if the scope is narrow. Learn how to consolidate and store sensitive data in order to best reduce PCI DSS security... Continue Reading
When hiring an information security team member, how important is a certification in information security? Learn how to talk to executives about ... Continue Reading