NCTracks is live!

Go Now


Office of HIPAA Compliance

For questions or concerns please contact CSC Support at (866) 844-1113.

In accordance with 45 CFR Part 162 — Health Insurance Reform; Modifications to the Health Insurance Portability and Accountability Act (HIPAA); Final Rule — HIPAA-covered entities, which include state Medicaid agencies, must adopt modifications to the HIPAA required standard transactions by January 1, 2012. The modifications are to the HIPAA named transactions to adopt and implement ASC X12 version 5010 and NCPDP Telecommunication version D.0. HIPAA is the federal law that introduced standards for the electronic exchange of information between health care plans (payers), clearinghouses, and providers.

HIPAA Privacy Regulations

HIPAA also introduced regulations to protect patient rights and to guard against the misuse or disclosure of their health records.

The privacy rule establishes accountability and responsibility for the use or disclosure of any protected health information (PHI) for the purposes of treatment, payment or health care operations. This includes all medical records and health information used or disclosed in any form, whether electronic, written or oral.

The HIPAA Privacy Rule (45 CFR 164.502 and .508) as well as the Federal Social Security Act 1902(a)27, 45 CFR 431.107, and the N.C. Medicaid provider enrollment agreements all allow providers to share information with the Division of Medical Assistance or its agents without additional patient authorization. This includes information needed for payment of claims as well as additional information that may be requested for audits, investigations, and civil, criminal or administrative proceedings.

The privacy rule does require the disclosure must be limited to the minimum amount of information that is necessary to accomplish the intended purpose. The complete medical record should not be sent to the Division of Medical Assistance or its agents unless it is specifically requested.

HIPAA Trading Partner Agreements

NCTracks, the replacement DHHS claims system, will accept and process various electronic data interchange (EDI) transactions that comply with the Health Insurance Portability and Accountability Act (HIPAA) ASC X12 5010 standards.  This includes ASC X12 5010 transactions submitted for the North Carolina Division of Medical Assistance, Division of Mental Health, Developmental Disabilities and Substance Abuse Services, Division of Public Health, and the Office of Rural Health and Community Care. 

Organizations who submit ASC X12 5010 transactions to the NCTracks system are referred to as Trading Partners.  Before being granted access to the NCTracks production environment, all Trading Partners must sign a Trading Partner Agreement and be certified for each transaction type they intend to submit.  Trading Partners include Billing Agents, Value Added Networks, and Clearing Houses who will be billing the NCTracks system on behalf of providers.  Trading Partners also include individual providers and provider groups who will submit ASC X12 5010 transactions directly to NCTracks, without using a Billing Agent, Value Added Network, or Clearing House.

Communication is being sent to all known Trading Partners to confirm contact information and invite them to begin the certification process.  Certification must be completed prior to NCTracks go-live on July 1, 2013.  If you have questions or concerns about trading partner certification, please contact CSC via email at or phone at 1.866.844.1113 and select Option 3.

HIPAA Compliant Transactions

Transactions, as defined under HIPAA, are electronic communications between covered entities. Standards for electronic transactions and their applicable code sets were adopted and made effective on October 16, 2000 and all covered entities were required to comply with these standards by October 16, 2002.

Health plans (payers) and those providers who conduct transactions electronically are defined as covered entities.

Providers who submit transactions through a clearinghouse or vendor should contact their clearinghouse or vendor to ensure proper measures are being taken for HIPAA compliance.

The revised ASC X12 5010 transaction standards were mandated under 45 CFR Part 162 – Health Insurance Reform; Modifications to the Health Insurance Portability and Accountability Act (HIPAA); Final Rule, HIPAA-covered entities, must adopt modifications to the HIPAA required standard transactions by January 1, 2012.


Benefit Enrollment & Maintenance



Health Care Claim: Dental

837 D


Health Care Claim: Institutional

837 I


Health Care Claim: Professional

837 P


Health Care Claim Payment/Advice



Health Care Claim Status Request & Response



Health Care Eligibility Benefit Inquiry & Response



Implementation Acknowledgment For Health Care Insurance



Payroll Deducted & Other Premium Payment



Pending Status Information

277 P






State of North Carolina Home Page NC DHHS Logo OMMISS Logo NCTracks Logo DHHS Excels Logo
© 2014 North Carolina Department of Health and Human Services - Office of MMIS Services.

Jobs at N.C. DHHS | Disclaimer | Accessibility | Contact the Webmaster