Daily Rules, Proposed Rules, and Notices of the Federal Government
This rule adopts a standard unique health plan identifier (HPID) and a data element that will serve as an other entity identifier (OEID). This rule also adopts an addition to the National Provider Identifier (NPI) requirements. Finally, this rule changes the compliance date for the ICD-10-CM and ICD-10-PCS medical data code sets (hereinafter “code sets”) from October 1, 2013 to October 1, 2014.
Currently, health plans and other entities that perform health plan functions, such as third party administrators and clearinghouses, are identified in Health Insurance Portability and Affordability Act of 1996 (HIPAA) standard transactions with multiple identifiers that differ in length and format. Covered health care providers are frustrated by various problems associated with the lack of a standard identifier, such as: improper routing of transactions; rejected transactions due to insurance identification errors; difficulty in determining patient eligibility; and challenges resulting from errors in identifying the correct health plan during claims processing.
The adoption of the HPID and the OEID will increase standardization within HIPAA standard transactions and provide a platform for other regulatory and industry initiatives. Their adoption will allow for a higher level of automation for health care provider offices, particularly for provider processing of billing and insurance related tasks, eligibility responses from health plans, and remittance advice that describes health care claim payments.
In the January 23, 2004
In the January 16, 2009
Since that time, some provider groups have expressed strong concern about their ability to meet the October 1, 2013 compliance date and the serious claims payment issues that might ensue if they do not meet the date. Some providers' concerns about being able to meet the ICD-10 compliance date are based, in part, on difficulties they had meeting the compliance deadline for the adopted Associated Standard Committee's (ASC) X12 Version 5010 standards (Version 5010) for electronic health care transactions. Compliance with Version 5010 and ICD-10 by all covered entities is essential to a smooth transition to the updated medical data code sets, as the failure of any one industry segment to achieve compliance would negatively affect all other industry segments and result in returned claims and provider payment delays. We believe the change in the compliance date for ICD-10 gives covered health care providers and other covered entities more time to prepare and fully test their systems to ensure a smooth and coordinated transition by all covered entities.
This final rule implements section 1104(c)(1) of the Affordable Care Act and section 1173(b) of the Social
This final rule imposes an additional requirement on organization health care providers under the authority of sections 1173(b) and 1175(b) of the Act. It also accommodates the needs of certain types of health care providers in the use of the covered transactions, as required by section 1173(a)(3) of the Act.
This final rule sets a new compliance date for the ICD-10 code sets, in accordance with section 1175(b)(2) of the Act, under which the Secretary determines the date by which covered entities must comply with modified standards and implementation specifications.
This rule adopts the HPID as the standard unique identifier for health plans and defines the terms “Controlling Health Plan” (CHP) and “Subhealth Plan” (SHP). The definitions of these two terms differentiate health plan entities that are required to obtain an HPID, and those that are eligible, but not required, to obtain an HPID. This rule requires all covered entities to use an HPID whenever a covered entity identifies a health plan in a covered transaction. Because health plans today have many different business structures and arrangements that affect how health plans are identified in standard transactions, we established requirements for CHPs and SHPs in order to enable health plans to obtain HPIDs to reflect different business arrangements so they can be identified appropriately in standard transactions.
This rule also adopts a data element to serve as an other entity identifier. The OEID will function as an identifier for entities that are not health plans, health care providers, or individuals (as defined in 45 CFR 160.103), but that need to be identified in standard transactions (including, for example, third party administrators, transaction vendors, clearinghouses, and other payers). Under this final rule, other entities are not required to obtain an OEID, but they could obtain and use one if they need to be identified in covered transactions. Because other entities are identified in standard transactions in a similar manner as health plans, we believe that establishing an identifier for other entities will increase efficiency by facilitating the use of a uniform identifier.
This rule requires an organization covered health care provider to require certain noncovered individual health care providers who are prescribers to: (1) obtain NPIs; and (2) to the extent the prescribers write prescriptions while acting within the scope of the prescribers' relationship with the organization, disclose them to any entity that needs the NPIs to identify the prescribers in standard transactions. This addition to the NPI requirements would address the issue that pharmacies are encountering when the NPI of a prescribing health care provider needs to be included on a pharmacy claim, but the prescribing health care provider does not have, or has not disclosed, an NPI.
This rule changes the compliance date for ICD-10-CM and ICD-10-PCS from October 1, 2013 to October 1, 2014. We believe this change will give covered entities the additional time needed to synchronize system and business process preparation and changeover to the updated medical data code sets.
The HPID is expected to yield the most benefit for providers, while health plans will bear most of the costs. Costs to all commercial and government health plans together (Medicare, Medicaid programs, Indian Health Service (IHS), and Veterans Health Administration (VHA)) are estimated to be $650 million to $1.3 billion. However, commercial and government health plans are expected to make up those costs in savings. Further, it is our understanding that the industry will not find the HPID requirements to be overly burdensome. Many entities have indicated that they have delayed regular system updates and maintenance, as well as the issuance of new health plan identification cards, in order to accommodate the adoption of the HPID.
Health care providers can expect savings from two indirect consequences of HPID implementation: (1) The cost avoidance of decreased administrative time spent by providers interacting with health plans; and (2) a material cost savings through automation of processes for every transaction that moves from manual to electronic implementation. HPID's anticipated 10-year return on investment for the entire health care industry is expected to be between $1.3 billion to $6 billion. (This estimate includes savings resulting from the ongoing effects of adopting the HPID rather than the immediate and direct budgetary effects.)
The addition to the requirements for the NPI will have little impact on health care providers and on the health industry at large because few health care providers do not already have an NPI. In addition, covered organization health care providers may comply by various means. For example, a covered organization could use a simple verbal directive to prescribers whom they employ or contract with to meet the requirements. Alternately, a covered organization could update employment or contracting agreements with the prescribers. For these reasons, we believe the additional NPI requirements do not impose spending costs on State government or the private sector in any 1 year of $136 million or more, the threshold specified in the Unfunded Mandates Reform Act (UMRA).
According to a recent survey conducted by the Centers for Medicare & Medicaid Services (CMS), up to one quarter of health care providers believe they will not be ready for an October 1, 2013 compliance date.
By delaying the compliance date of ICD-10 from October 1, 2013 to October 1, 2014, we are allowing more time for covered entities to prepare for the transition to ICD-10 and to conduct
Savings will come from the avoidance of costs that would occur as a consequence of significant numbers of providers being unprepared for the transition to ICD-10. In the Regulatory Impact Analysis (RIA) of this final rule, we estimate that there would be a cost avoidance of approximately $3.6 billion to nearly $8 billion in this regard. This range of estimates reflects the avoidance of two costly consequences that could occur should the compliance date remain October 1, 2013: (1) both health care providers and health plans could have to process health care claims manually in order for claims to be paid; and (2) small health care providers could have to take out loans or apply for lines of credit in order to continue to provide health care in the face of delayed payments.
In terms of costs, commercial health plans, medium and large hospitals, and large physician practices are far along in their ICD-10 implementation planning, and therefore have devoted funds, resources, and staff to the effort. According to our estimates, a 1-year delay of the ICD-10 compliance date would add 10 to 30 percent to the total cost that these entities have already spent or budgeted for the transition—an additional cost to commercial entities of approximately $1 billion to $6.4 billion. Medicare and State Medicaid Agencies have also reported estimates of costs of a change in the compliance date in recent informal polls. Accordingly, the calculations in the RIA in this final rule demonstrate that a 1-year delay in the compliance date of ICD-10 would cost the entire health care industry approximately $1 billion to $6.6 billion.
We assume that the costs and cost avoidance calculated in the RIA will be incurred roughly over a 6- to 12-month period, from October 1, 2013 to October 1, 2014. For simplicity sake, however, both the costs and the cost avoidance that result from a change in the compliance date of ICD-10 are calculated over the calendar year, 2014.
We solicited comments on our assumptions and conclusions in the RIA.
In the April 17, 2012
Section 1104(c)(1) of the Affordable Care Act directs the Secretary to promulgate a final rule establishing a unique health plan identifier that is based on the input of a Federal advisory committee, the National Committee on Vital and Health Statistics (NCVHS). Congress created the NCVHS to serve as an advisory body to the Secretary on health data, statistics, and national health information policy. Section 1104 of the Affordable Care Act authorizes the Secretary to promulgate the rule on an interim final basis and indicates that such rule shall be effective not later than October 1, 2012.
Health plans are currently identified for different purposes using different identifiers that have different sources, formats, and meaning. A health plan may have multiple identifiers, each assigned by a different organization for a different purpose. The following discussion focuses on the types of identifiers that currently may be used to identify health plans in standard transactions. State regulators, for instance, use the National Association of Insurance Commissioners' (NAIC) Company code to identify health plans when a health plan is licensed to sell or offer health insurance in a particular State. The U.S. Department of Labor (DOL) and the Internal Revenue Service (IRS) use the 9-digit Employer Identification Number (EIN) and a 1-digit alphabetic or a 3-digit plan number to identify health plans. Employers, sole proprietorships, corporations, partnerships, non-profit associations, trusts, estates of decedents, government agencies, certain individuals, and other business entities, use EINs to identify health plans for a host of purposes and transactions. The IRS uses the EIN to identify taxpayers that are required to file various business tax returns. Health care clearinghouses assign proprietary identifiers to health plans for use in standard transactions. Multiple clearinghouses may identify the same health plan using different proprietary identifiers in different covered transactions. Health plans may use other identifiers, such as a tax identification number (TIN) or an EIN, to identify themselves in the standard transactions, to more easily integrate into existing proprietary systems, or for use on health insurance cards that they issue to health plan enrollees.
Not only are health plans identified using a variety of identifiers, but these identifiers have different formats. For instance, some identifiers are alphanumeric while other identifiers are only numeric. Identifiers also differ in length; for example, NAIC codes are typically five digits while an EIN is nine digits.
The current versions of the adopted standards (ASC X12N and NCPDP) allow health plans to use these and other identifiers in standard transactions. Therefore, for the covered transactions there is currently no requirement for consistency in the use of identifiers for health plans. The transaction standards implementation guides, though, do provide for the use of the HPID once its use is mandated and during a phase-in period. Prior to this rule, health care providers, health plans, and health care clearinghouses consequently could use EINs, TINs, NAIC numbers, or health care clearinghouse or health plan-assigned proprietary numbers to identify health plans in standard transactions. Industry stakeholders, especially health care providers, have indicated that the lack of a standard unique health plan identifier has resulted in increased costs and inefficiencies in the health care system. Health care providers are frustrated by problems with: the routing of transactions; rejected transactions due to insurance identification errors; difficulty determining patient eligibility; and challenges resolving errors identifying the health plan during claims processing.
The Affordable Care Act specifically calls for the establishment of a unique identifier for health plans. There are however, other entities that are not health plans but that perform certain health plan functions and are currently identified in the standard transactions in the same fields using the same types of identifiers as health plans. For example, health care clearinghouses, third party administrators (TPAs), and repricers often contract with insurance companies, self-funded group health plans, and provider- or hospital-run health plans to perform claims administration, premium collection, enrollment, and other administrative functions. As explained later in this final rule, we are adopting a data element—an other entity identifier—to
The NCVHS has been assigned a significant role in the Secretary's adoption of all standards, code sets, and operating rules under HIPAA, including the unique health plan identifier. In section 1104(c)(1) of the Affordable Care Act, the Secretary is directed to conduct rulemaking to establish a unique health plan identifier based on input of the NCVHS.
The NCVHS Subcommittee on Standards fulfilled these duties by conducting public hearings on the health plan identifier on July 19 through 21, 2010. Industry stakeholders, including representatives from health plans, health care provider organizations, health care clearinghouses, pharmacy industry representatives, standards developers, professional associations, representatives of Federal and State public programs, the Workgroup on Electronic Data Interchange (WEDI), the National Uniform Billing Committee (NUBC), the National Uniform Claim Committee (NUCC), and individuals with health plan identifier proposals provided in-person and written testimony. Stakeholder testimony at the hearings focused on the use and need for an HPID to: facilitate the appropriate routing of transactions; reduce the cost of managing financial and administrative information; improve the accuracy and timeliness of claims payment; and reduce dissatisfaction among health care providers and patients/members by improving communications with health plans and their intermediaries. Stakeholders provided suggestions on the types of entities that need to be identified in standard transactions, those that should be eligible to obtain an HPID, and the level of enumeration for each plan (for example, the legal entity, product, benefit package etc.).
For a full discussion of the key topics and recommendations from the July 19 through 21, 2010 NCVHS hearings, we refer the reader to the April 2012 proposed rule (77 FR 22950). For the complete text of the NCVHS' observations and recommendations, go to
The regulatory definition of health plan at 45 CFR 160.103 was initially adopted in the August 17, 2000 Standards for Electronic Transactions final rule (65 FR 50312) (hereafter Transactions and Code Sets final rule). The basis for the additions to, and clarifications of, the definition of health plan is further discussed in the preamble to the December 28, 2000 final rule (65 FR 82478 and 82576) titled “Standards for Privacy of Individually Identifiable Health Information” (hereinafter referred to as the Privacy Rule). For additional information on the definition of health plan, we refer readers to these rules.
In the April 2012 proposed rule, we proposed the following:
• The adoption of the standard for a national unique HPID for use in all transactions for which the Secretary has adopted a standard (hereinafter referred to as standard transactions).
• An OEID for use by entities that do not meet the definition of a health plan, but that need to be identified in the standard transactions.
• Requirements and provisions for the implementation of both the HPID and OEID.
• Additions to the NPI requirements mandating that covered health care providers require certain noncovered individual health care providers who are prescribers to obtain NPIs.
• To change the compliance date for ICD-10 code sets from October 1, 2013 to October 1, 2014.
In the April 2012 proposed rule, we solicited public comments on a number of proposals. In response to our solicitation, we received approximately 536 timely pieces of correspondence. Summaries of the public comments that are within the scope of the proposed rule and our responses to those comments are set forth in the various sections of this final rule under the corresponding headings.
We proposed HPID as the standard unique identifier for health plans. We also proposed: (1) Instructions and guidance concerning how health plans may obtain an HPID; (2) the requirements that covered entities will have to meet to use the HPID in standard transactions; and (3) provisions for the HPID in a new subpart (subpart E) at 45 CFR part 162.
Health plans today have many different business structures and arrangements that affect how health plans are identified in standard transactions. There is often a “parent” corporation that meets the definition of health plan, which may be controlled by entities, such as holding companies, that do not meet the definition of health plan. This “parent” health plan may own and operate several other entities and organizations, which may also meet the definition of a health plan. While these individual health plans that are owned by the same “parent” corporation may have their own EIN or NAIC number, they may all use a single identifier in covered transactions because of data processing arrangements. In these situations, some health plans may not need to be identified separately in covered transactions, and may not need their own health plan identifier. To differentiate between health plan entities that would be required to obtain an HPID, and those that would be eligible, but not required, to obtain an HPID, we proposed and are adopting in this final rule, to categorize health plans as controlling health plans (CHPs) and subhealth plans (SHPs).
The definitions of CHPs and SHPs are established in 45 CFR 162.103 as follows:
A CHP means a health plan that—(1) controls its own business activities, actions, or policies; or (2)(i) is controlled by an entity that is not a health plan; and (ii) if it has a subhealth plan(s), exercises sufficient control over the subhealth plan(s) to direct its/their business activities, actions, or policies.
We suggested that the following considerations may be helpful in determining if an entity is a CHP:
• Does the entity itself meet the definition of health plan at 45 CFR 160.103?
• Does either the entity itself or a non health plan organization control the business activities, actions, or policies of the entity?
If the answer to both questions is “yes,” then the entity would meet the definition of CHP. We proposed that an entity that meets the definition of CHP would be required to obtain a health plan identifier.
We proposed that a SHP means a health plan whose business activities, actions, or policies are directed by a controlling health plan.
We suggested that the following considerations may be helpful in determining whether an entity is a SHP:
• Does the entity meet the definition of health plan at § 160.103?
• Does a CHP direct the business activities, actions, or policies of the health plan entity?
If the answer to both questions is “yes,” then the entity meets the definition of SHP. We proposed that a SHP would not be required to obtain an HPID, but may choose to obtain an HPID, or its CHP may obtain an HPID on its behalf.
After consideration of the public comments received, we are finalizing the definitions of CHP and SHP without modification.
In 45 CFR 162.510, we proposed that all covered entities would be required to use an HPID where a covered entity identifies a health plan in a covered transaction. We proposed further that, if a covered entity uses a business associate to conduct standard transactions on its behalf, the covered entity must require its business associate to use an HPID to identify a health plan where the business associate identifies a health plan in all covered transactions.
We proposed in § 162.506 that the HPID could also be used for any other lawful purpose, and provided some examples of permitted uses including the following:
• Health plans may use HPIDs in their internal files to facilitate processing of health care transactions.
• A health plan may use an HPID on a health insurance card.
• The HPID may be used as a cross-reference in health care fraud and abuse files and other program integrity files.
• Health care clearinghouses may use HPIDs in their internal files to create and process standard and nonstandard transactions and in communications with health plans and health care providers.
• HPIDs may be used in patient medical records to help specify patients' health care benefit package(s).
• HPIDs may be used to identify health plans in electronic health records (EHRs).
• HPIDs may be used to identify health plans in Health Information Exchanges (HIEs).
• HPIDs may be used to identify health plans in Federal and State health insurance exchanges.
• HPIDs may be used to identify health plans for public health data reporting purposes.
In their request for clarification, some of these commenters appeared confused regarding the affirmative obligation in 45 CFR 162.510 for covered entities to use an HPID to identify a health plan in standard transactions, when a SHP may not have its own HPID. In those cases, covered entities would use the HPID that the SHP indicates should be used to identify that SHP, which may be the HPID of its controlling health plan. If an entity has in good faith sought to identify the HPID that should be used for a SHP that has no HPID and has been unsuccessful, then it obviously cannot use an HPID to identify that SHP. However, we would anticipate that those circumstances would be rare. Nevertheless, consistent with these commenters' request to clarify the requirement, we have inserted “that has an HPID” immediately after “health plan” in § 162.510(a) and (b). We consider a health plan as “having an HPID” if that health plan communicates with its trading partners that it consistently uses a particular HPID, even if the HPID it uses is associated with another health plan, such as its controlling health plan.
As we explained in the April 2012 proposed rule, a health plan may need to be identified in different fields in the transactions and these fields may not always require the use of a health plan identifier. For instance, the information source, in the eligibility response transaction (271), Loop 2100A, Segment NM1, may be a health plan, or an other entity that performs health plan functions, like a third party administrator. So after the applicable compliance date of the HPID, if a covered entity is identifying a health plan as the information source in the eligibility response transaction (271), Loop 2100A, Segment NM1, then the covered entity will be required to use an HPID to identify that health plan in the standard transactions. However, if after the adoption of the HPID, the covered entity is identifying a third party administrator as the information source in the eligibility response transaction (271), Loop 2100A, Segment NM1, the covered entity can use whatever identifier it was using previously or an OEID to identify that third party administrator. This final rule does not impose any new requirement for when to identify a health plan that has an HPID in standard transactions. It merely requires the use of the HPID where the health plan is identified. We did provide an example of a use of the HPID in transaction standards in the April 2012 proposed rule (77 FR 22961).
After consideration of the public comments, we are finalizing the required and permitted uses of the HPID with the minor clarifying modifications to § 162.510(a) and (b), adding “that has an HPID” immediately after “health plan.”
This final rule discusses how CHPs and SHPs will obtain an HPID from the Enumeration System. In 45 CFR 162.512, we proposed to require a CHP to obtain an HPID for itself from the Enumeration System. In addition, we proposed that a CHP may obtain an HPID from the Enumeration System for its SHP, or direct a SHP to obtain an HPID from the Enumeration System. We proposed that any SHP would be able to obtain an HPID regardless of whether or not its CHP directed it to obtain an HPID. While a CHP could only obtain one HPID for itself, a CHP could use the HPID of its SHPs for any lawful purpose.
While a CHP would be required to obtain an HPID, there would be different options available for the enumeration of SHPs based on a CHP's organizational structure and business needs. The CHP would analyze its organizational structure to determine if and which of its SHPs need an HPID based on whether the SHP needs to be identified in covered transactions. We encouraged CHPs and SHPs to coordinate their HPID applications to prevent duplication and possible confusion. See Table 1 for a comparison of requirements for obtaining an HPID.
For further illustrations and examples of enumeration options to demonstrate the ways a CHP could choose to enumerate itself and its SHPs, see the April 2012 proposed rule (77 FR 22957 through 22962).
In the proposed rule, we clarified that self-insured group health plans are included in the definition of health plan in § 160.103 and therefore will need to obtain a health plan identifier if they meet the definition of a CHP. We specifically mentioned self-insured group health plans as there was industry discussion about whether these health plans should be required to obtain HPIDs because they do not often need to be identified in the standard transactions. Some industry stakeholders noted that many self-insured group health plans contract with third party administrators or other entities to perform health plan functions on their behalf and those entities, not the self-insured group health plans, may be identified in the standard transactions. Therefore, many in the industry suggested not requiring self-insured group health plans to obtain HPIDs, while others recommended requiring these plans to obtain HPIDs because they are typically the financially responsible party. Given that self-insured group health plans are included in the definition of health plan and potentially need to be identified in the standard transactions, we proposed that they be required to obtain an HPID if they meet the definition of a CHP. We solicited comments on this issue.
As discussed previously in this final rule, stakeholders at the NCVHS hearings expressed differing viewpoints on the appropriate level of health plan enumeration. Some industry stakeholders encouraged health plan enumeration at a very high level (for example, at the level of the health plan's legal entity), while other stakeholders supported enumeration at the benefit package level. We analyzed and considered these viewpoints when we developed the policies associated with HPID adoption and implementation.
In the April 2012 proposed rule, we considered multiple uses for the HPID. We determined that the primary purpose of the HPID was for use in standard transactions in order to identify health plans in the appropriate loops and segments and to provide a consistent standard identifier for covered entities to use when identifying health plans in standard transactions. We analyzed the transaction standards to determine the existing segments and loops where a health plan may need to be identified, what identifiers are currently used in those loops and segments to identify health plans, and what information a loop or segment conveys when a health plan is being identified. We also carefully considered the information that industry stakeholders reported was missing in covered transactions, such as information related to patient financial responsibility.
We determined that much of the information testifiers wanted to obtain from the HPID might already be available in other parts of the transaction standards and associated operating rules. To illustrate this point, in the proposed rule, we discussed the CAQH CORE 154 Eligibility and Benefits 270/271 Data Content Rule, which we adopted through an interim final rule with comment period in the July 8, 2011
We discussed in the April 2012 proposed rule how requiring health plans to enumerate at a more granular level may prove burdensome to the industry as benefit package information and offerings change frequently and would require constant updates by health plans. For example, health care providers would need to update their software and systems frequently to ensure the accuracy of information. A failure of either health care providers or health plans to ensure that the HPIDs and the corresponding health plan information is up-to-date could result in increased time spent by health plan and health care provider staff to ensure the most accurate information is being used for eligibility determinations and claim payments.
As discussed in the April 2012 proposed rule, we developed the policies associated with HPID adoption and implementation after considering stakeholder testimony, analyzing transaction standards' loops and segments where the health plan identifier will be used, and taking into account newer versions of the transaction standards and the adoption of associated operating rules.
We received many comments on the enumeration requirements for CHPs and SHPs.
In a previous response, we provided clarification about the affirmative obligation in 45 CFR 162.510 for covered entities to use an HPID to identify a health plan in standard transactions, when a SHP may not have its own HPID, and we believe the discussion is applicable to this comment. As we explained previously, in those cases, covered entities would use the HPID that the SHP indicates should be used to identify that SHP, which may be the HPID of its controlling health plan. If an entity has in good faith sought to identify the HPID that should be used for a SHP that has no HPID and has been unsuccessful, then it obviously cannot use an HPID to identify that SHP. While we anticipate those circumstances would be rare, we have inserted “that has an HPID” immediately after “health plan” in § 162.510(a) and (b). We consider a health plan as “having an HPID” if that health plan communicates with its trading partners that it consistently uses a particular HPID, even if the HPID it uses is associated with another health plan, such as its controlling health