Current through Register Vol. 63, No. 12, December 1, 2024
Section 943-120-0100 - DefinitionsThe following definitions apply to OAR 943-120-0100 through 943-120-0200:
(1) "Access" means the ability or means necessary to read, write, modify, or communicate data or information or otherwise use any information system resource.(2) "Agent" means a third party or organization that contracts with a provider, allied agency, coordinated care organization (CCO) or prepaid health plan (PHP), to perform designated services in order to facilitate a transaction or conduct other business functions on its behalf. Agents include billing agents, claims clearinghouses, vendors, billing services, service bureaus, and accounts receivable management firms. Agents may also be clinics, group practices, and facilities that submit billings on behalf of providers but the payment is made to a provider, including the following: an employer of a provider, if a provider is required as a condition of employment to turn over his fees to the employer; the facility in which the service is provided, if a provider has a contract under which the facility submits the claim; or a foundation, plan, or similar organization operating an organized health care delivery system, if a provider has a contract under which the organization submits the claim. Agents may also include electronic data transmission submitters.(3) "Allied Agency" means local and regional allied agencies and includes local mental health authority, community mental health programs, Oregon Youth Authority, Department of Corrections, local health departments, schools, education service districts, developmental disability service programs, area agencies on aging, federally recognized American Indian tribes, and other governmental agencies or regional authorities that have a contract (including an interagency, intergovernmental, or grant agreement, or an agreement with an American Indian tribe pursuant to ORS 190.110) with the Oregon Health Authority to provide for the delivery of services to covered individuals and that request to conduct electronic data transactions in relation to the contract.(4) "Authority" or "Oregon Health Authority" means the agency established in ORS Chapter 413 that administers the funds for Titles XIX and XXI of the Social Security Act. It is the single state agency for the administration of the medical assistance program under ORS chapter 414. For purposes of these rules, the agencies under the authority of the Authority are the Public Health Division, the Addictions and Mental Health Division, and the Division of Medical Assistance Programs..(5) "Authority Network and Information Systems" means the Authority's computer infrastructure that provides personal communications, confidential information, regional, wide area and local networks, and the internetworking of various types of networks on behalf of the Authority.(6) "Clinic" means a group practice, facility, or organization that is an employer of a provider, if a provider is required as a condition of employment to turn over his fees to the employer; the facility in which the service is provided, if a provider has a contract under which the facility submits the claim; or a foundation, plan, or similar organization operating an organized health care delivery system, if a provider has a contract under which the organization submits the claim; and the group practice, facility, or organization is enrolled with the Authority, and payments are made to the group practice, facility, or organization. If the entity solely submits billings on behalf of providers and payments are made to each provider, then the entity is an agent.(7) "Confidential Information" means information relating to covered individuals which is exchanged by and between the Authority, a provider, CCO, PHP, clinic, allied agency, or agents for various business purposes, but which is protected from disclosure to unauthorized individuals or entities by applicable state and federal statutes such as ORS 414.679, 344.600, 410.150, 411.320, 418.130, or the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 and its implementing regulations. These statutes and regulations are collectively referred to as "Privacy Statutes and Regulations."(8) "Contract" means a specific written agreement between the Authority and a provider, CCO, PHP, clinic, or allied agency that provides or manages the provision of services, goods, or supplies to covered individuals and where the Authority and a provider, CCO, PHP, clinic, or allied agency may exchange data. A contract specifically includes, without limitation, an Authority provider enrollment agreement, fully capitated heath plan managed care contract, dental care organization managed care contract, mental health organization managed care contract, chemical dependency organization managed care contract, physician care organization managed care contract, coordinated care organization contract, a county financial assistance agreement, or any other applicable written agreement, interagency agreement, intergovernmental agreement, or grant agreement between the Authority and a provider, CCO, PHP, clinic, or allied agency.(9) "Coordinated Care Organization" (CCO) means an entity that has been certified by the Authority to provide coordinated and integrated health services. (10) "Covered Entity" means a health plan, health care clearing house, health care provider who transmits any health information in electronic form in connection with a transaction covered by 45 CFR 162.100 through 162.1902, or allied agency that transmits any health information in electronic form in connection with a transaction, including direct data entry (DDE), and who must comply with the National Provider Identifier (NPI) requirements of 45 CFR 162.402 through 162.414.(11) "Covered Individual" means individuals who are eligible for payment of certain services or supplies provided to them or their eligible dependents by or through a provider, CCO, PHP, clinic, or allied agency under the terms of a contract applicable to a governmental program for which the Authority processes or administers data transmissions.(12) "Data" means a formalized representation of specific facts or concepts suitable for communication, interpretation, or processing by individuals or by automatic means.(13) "Data Transmission" means the transfer or exchange of data between the Authority and a web portal or electronic data interchange (EDI) submitter by means of an information system which is compatible for that purpose and includes without limitation, web portal, EDI, electronic remittance advice (ERA), or electronic media claims (EMC) transmissions.(14) "Department" means the Department of Human Services.(15) "Direct Data Entry (DDE)" means the process using dumb terminals or computer browser screens where data is directly keyed into a health plan's computer by a provider or its agent, such as through the use of a web portal.(16) "Electronic Data Interchange (EDI)" means the exchange of business documents from application to application in a federally mandated format or, if no federal standard has been promulgated, using bulk transmission processes and other formats as the Authority designates for EDI transactions. For purposes of these rules (OAR 943-120-0100 through 943-120-0200), EDI does not include electronic transmission by web portal.(17) "Electronic Data Interchange Submitter" means an individual or entity authorized to establish the electronic media connection with the Authority to conduct an EDI transaction. An EDI submitter may be a trading partner or an agent of a trading partner.(18) "Electronic Media" means electronic storage media including memory devices in computers or computer hard drives; any removable or transportable digital memory medium such as magnetic tape or disk, optical disk, or digital memory card; or transmission media used to exchange information already in electronic storage media. Transmission media includes but is not limited to the internet (wide-open), extranet (using internet technology to link a business with information accessible only to collaborating parties), leased lines, dial-up lines, private networks, and the physical movement of removable or transportable electronic storage media. Certain transmissions, including paper via facsimile and voice via telephone, are not considered transmissions by electronic media because the information being exchanged did not exist in electronic form before transmission.(19) "Electronic Media Claims (EMC)" means an electronic media means of submitting claims or encounters for payment of services or supplies provided by a provider, CCO, PHP, clinic, or allied agency to a covered individual.(20) "Electronic Remittance Advice (ERA)" means an electronic file in X12 format containing information pertaining to the disposition of a specific claim for payment of services or supplies rendered to covered individuals which are filed with the Authority on behalf of covered individuals by providers, clinics, or allied agencies. The documents include, without limitation, the provider name and address, individual name, date of service, amount billed, amount paid, whether the claim was approved or denied, and if denied, the specific reason for the denial. For CCOs or PHPs, the remittance advice file contains information on the adjudication status of encounter claims submitted.(21) "Electronic Data Transaction (EDT)" means a transaction governed by the Health Insurance Portability and Accountability Act (HIPAA) transaction rule, conducted by either web portal or EDI.(22) "Envelope" means a control structure in a mutually agreed upon format for the electronic interchange of one or more encoded data transmissions either sent or received by an EDI submitter or the Authority.(23) "HIPAA Transaction Rule" means the standards for electronic transactions at 45 CFR Part 160 and 162 as revised effective January 16, 2009 (from version in effect on January 1, 2008) adopted by the Department of Health and Human Services (DHHS) to implement the Health Insurance Portability and Accountability Act of 1996, 42 USC 1320 d et. seq.(24) "Incident" means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of an information system or information asset including but not limited to unauthorized disclosure of information, failure to protect user IDs, and theft of computer equipment using or storing Authority information assets or confidential information.(25) "Individual User Profile (IUP)" means Authority forms used to authorize a user, identify their job assignment, and the required access to the Authority's network and information system. It generates a unique security access code used to access the Authority's network and information system.(26) "Information Asset" means all information, also known as data, provided through the Authority, regardless of the source, which requires measures for security and privacy of the information.(27) "Information System" means an interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and trained personnel necessary for successful data transmission.(28) "Lost or Indecipherable Transmission" means a data transmission which is never received by or cannot be processed to completion by the receiving party in the format or composition received because it is garbled or incomplete, regardless of how or why the message was rendered garbled or incomplete.(29) "Mailbox" means the term used by the Authority to indicate trading partner-specific locations on the Authority's secure file transfer protocol (SFTP) server to deposit and retrieve electronic data identified by a unique Authority assigned trading partner number.(30) "Password" means the alpha-numeric codes and special characters assigned to an EDI submitter by the Authority for the purpose of allowing access to the Authority's information system, including the web portal, for the purpose of successfully executing data transmissions or otherwise carrying out the express terms of a trading partner agreement or provider enrollment agreement and these rules.(31) "Personal Identification Number (PIN)" means the alpha-numeric codes assigned to web portal submitters by the Authority for the purpose of allowing access to the Authority's information system, including the web portal, for the purpose of successfully executing DDE, data transmissions, or otherwise carrying out the express terms of a trading partner agreement, provider enrollment agreement, and these rules.(32) "Prepaid Health Plan (PHP) or Plan" means a managed health care, dental care, chemical dependency, physician care organization, or mental health care organization that contracts with the Authority on a case managed, prepaid, capitated basis under the Oregon Health Plan (OHP).(33) "Provider" means an individual, facility, institution, corporate entity, or other organization which supplies or provides for the supply of services, goods or supplies to covered individuals pursuant to a contract, including but not limited to a provider enrollment agreement with the Authority. A provider does not include billing providers as used in the Division of Medical Assistance (DMAP) general rules but does include non -healthcare providers such as foster care homes. DMAP billing providers are defined in these rules as agents, except for DMAP billing providers that are clinics.(34) "Provider Enrollment Agreement" means an agreement between the Authority and a provider for payment for the provision of covered services to covered individuals.(35) "Registered Transaction" means each type of EDI transaction applicable to a trading partner that must be registered with the Authority before it can be tested or approved for EDI transmission.(36) "Security Access Codes" means the access code assigned by the Authority to the web portal submitter or EDI submitter for the purpose of allowing access to the Authority's information system, including the web portal, to execute data transmissions or otherwise carry out the express terms of a trading partner agreement, provider enrollment agreement, and these rules. Security access codes may include passwords, PINs, or other codes. For password standards, refer to the Authority's ISPO best practice: http://www.dhs.state.or.us/policy/admin/security/090_002.htm [File Link Not Available].(37) "Source Documents" means documents or electronic files containing underlying data which is or may be required as part of a data transmission with respect to a claim for payment of charges for medical services or supplies provided to a covered individual, or with respect to any other transaction. Examples of data contained within a specific source document include but are not limited to an individual's name and identification number, claim number, diagnosis code for the services provided, dates of service, service procedure description, applicable charges for the services provided, and a provider's, CCOs, PHP's, clinic's, or allied agency's name, identification number, and signature.(38) "Standard" means a rule, condition, or requirement describing the following information for products, systems, or practices: (a) Classification of components; (b) Specification of materials, performance, or operations; or(c) Delineation of procedures.(39) "Standards for Electronic Transactions" mean a transaction that complies with the applicable standard adopted by DHHS to implement standards for electronic transactions.(40) "Submitter" means a provider, CCO, PHP, clinic, or allied agency that may or may not have entered into a Trading Partner Agreement depending upon whether the need is to exchange Electronic Data Transactions or access the Authority's Web Portal.(41) "Transaction" means the exchange of data between the Authority and a provider using web portal access or a trading partner using electronic media to carry out financial or administrative activities.(42) "Trade Data Log" means the complete written summary of data and data transmissions exchanged between the Authority and an EDI submitter during the period of time a trading partner agreement is in effect and includes but is not limited to sender and receiver information, date and time of transmission, and the general nature of the transmission.(43) "Trading Partner" means a provider, CCO, PHP, clinic, or allied agency that has entered into a trading partner agreement with the Authority in order to satisfy all or part of its obligations under a contract by means of EDI, ERA, or EMC, or any other mutually agreed means of electronic exchange or transfer of data.(44) "Trading Partner Agreement (TPA)" means a specific written request by a provider, CCO, PHP, clinic, or allied agency to conduct EDI transactions that governs the terms and conditions for EDI transactions in the performance of obligations under a contract. A provider, CCO, PHP, clinic, or allied agency that has executed a TPA will be referred to as a trading partner in relation to those functions.(45) "User" means any individual or entity authorized by the Authority to access network and information systems or information assets.(46) "User Identification Security (UIS)" means a control method required by the Authority to ensure that only authorized users gain access to specified information assets. One method of control is the use of passwords and PINs with unique user identifications.(47) "Web Portal" means a site on the World Wide Web that provides secure access with personalized capabilities to its visitors and a pathway to other content designed for use with the Authority specific DDE applications.(48) "Web Portal Submitter" means an individual or entity authorized to establish an electronic media connection with the Authority to conduct a DDE transaction. A web portal submitter may be a provider or a provider's agent.Or. Admin. Code § 943-120-0100
OHA 13-2011(Temp), f. & cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11; OHA 4-2012(Temp), f. & cert. ef. 7-12-12 thru 1-6-13; OHA 7-2012, f. 10-9-12, cert. ef. 10-10-12Stat. Auth.: ORS 413.042 &414.065
Stats. Implemented: ORS 413.042 & 414.065