thefederalregister.com

Daily Rules, Proposed Rules, and Notices of the Federal Government

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Centers for Medicare & Medicaid Services

45 CFR Part 162

[CMS-0040-F]

RIN 0938-AQ13

Administrative Simplification: Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for the International Classification of Diseases, 10th Edition (ICD-10-CM and ICD-10-PCS) Medical Data Code Sets

AGENCY: Office of the Secretary, HHS.
ACTION: Final rule.
SUMMARY: This final rule adopts the standard for a national unique health plan identifier (HPID) and establishes requirements for the implementation of the HPID. In addition, it adopts a data element that will serve as an other entity identifier (OEID), or an identifier for entities that are not health plans, health care providers, or individuals, but that need to be identified in standard transactions. This final rule also specifies the circumstances under which an organization covered health care provider must require certain noncovered individual health care providers who are prescribers to obtain and disclose a National Provider Identifier (NPI). Lastly, this final rule changes the compliance date for the International Classification of Diseases, 10th Revision, Clinical Modification (ICD-10-CM) for diagnosis coding, including the Official ICD-10-CM Guidelines for Coding and Reporting, and the International Classification of Diseases, 10th Revision, Procedure Coding System (ICD-10-PCS) for inpatient hospital procedure coding, including the Official ICD-10-PCS Guidelines for Coding and Reporting, from October 1, 2013 to October 1, 2014.
DATES: Effective date:These regulations are effective on November 5, 2012.Compliance dates:Health plans with the exception of small health plans must obtain an HPID by November 5, 2014. Small health plans must obtain an HPID by November 5, 2015. Covered entities must use HPIDs in the standard transactions on or after November 7, 2016. An organization covered health care provider must comply with the implementation specifications in SS 162.410(b) by May 6, 2013.
FOR FURTHER INFORMATION CONTACT: Kari Gaare (410) 786-8612, Matthew Albright (410) 786-2546, and Denise Buenning (410) 786-6711.
SUPPLEMENTARY INFORMATION: I. Executive Summary and Background A. Executive Summary for This Final Rule 1. Purpose a. Need for the Regulatory Action

This rule adopts a standard unique health plan identifier (HPID) and a data element that will serve as an other entity identifier (OEID). This rule also adopts an addition to the National Provider Identifier (NPI) requirements. Finally, this rule changes the compliance date for the ICD-10-CM and ICD-10-PCS medical data code sets (hereinafter “code sets”) from October 1, 2013 to October 1, 2014.

(1) HPID

Currently, health plans and other entities that perform health plan functions, such as third party administrators and clearinghouses, are identified in Health Insurance Portability and Affordability Act of 1996 (HIPAA) standard transactions with multiple identifiers that differ in length and format. Covered health care providers are frustrated by various problems associated with the lack of a standard identifier, such as: improper routing of transactions; rejected transactions due to insurance identification errors; difficulty in determining patient eligibility; and challenges resulting from errors in identifying the correct health plan during claims processing.

The adoption of the HPID and the OEID will increase standardization within HIPAA standard transactions and provide a platform for other regulatory and industry initiatives. Their adoption will allow for a higher level of automation for health care provider offices, particularly for provider processing of billing and insurance related tasks, eligibility responses from health plans, and remittance advice that describes health care claim payments.

(2) NPI

In the January 23, 2004Federal Register(69 FR 3434), the U.S. Department of Health and Human Services (HHS) published a final rule establishing the standard for a unique health identifier for health care providers for use in the health care system and adopting the National Provider Identifier (NPI) as that standard (“2004 NPI final rule”). The rule also established the implementation specifications for obtaining and using the NPI. Since that time, pharmacies have encountered situations where they need to include the NPI of a prescribing health care provider in a pharmacy claim, but where the prescribing health care provider has been a noncovered health care provider who did not have an NPI because he or she was not required to obtain one. This situation has become particularly problematic in the Medicare Part D program. The addition to the NPI requirements addresses this issue.

(3) ICD-10-CM and ICD-10-PCS Code Sets

In the January 16, 2009Federal Register(74 FR 3328), HHS published a final rule in which the Secretary of HHS (the Secretary) adopted the ICD-10-CM and ICD-10-PCS (ICD-10) code sets as the HIPAA standards to replace the previously adopted International Classification of Diseases, 9th Revision, Clinical Modification, Volumes 1 and 2 (diagnoses), and 3 (procedures) including the Official ICD-9-CM Guidelines for Coding and Reporting. The compliance date set by the final rule was October 1, 2013.

Since that time, some provider groups have expressed strong concern about their ability to meet the October 1, 2013 compliance date and the serious claims payment issues that might ensue if they do not meet the date. Some providers' concerns about being able to meet the ICD-10 compliance date are based, in part, on difficulties they had meeting the compliance deadline for the adopted Associated Standard Committee's (ASC) X12 Version 5010 standards (Version 5010) for electronic health care transactions. Compliance with Version 5010 and ICD-10 by all covered entities is essential to a smooth transition to the updated medical data code sets, as the failure of any one industry segment to achieve compliance would negatively affect all other industry segments and result in returned claims and provider payment delays. We believe the change in the compliance date for ICD-10 gives covered health care providers and other covered entities more time to prepare and fully test their systems to ensure a smooth and coordinated transition by all covered entities.

b. Legal Authority for the Regulatory Action (1) HPID

This final rule implements section 1104(c)(1) of the Affordable Care Act and section 1173(b) of the SocialSecurity Act (the Act) which require the adoption of a standard unique health plan identifier.

(2) NPI

This final rule imposes an additional requirement on organization health care providers under the authority of sections 1173(b) and 1175(b) of the Act. It also accommodates the needs of certain types of health care providers in the use of the covered transactions, as required by section 1173(a)(3) of the Act.

(3) ICD-10-CM and ICD-10-PCS

This final rule sets a new compliance date for the ICD-10 code sets, in accordance with section 1175(b)(2) of the Act, under which the Secretary determines the date by which covered entities must comply with modified standards and implementation specifications.

2. Summary of the Major Provisions a. HPID

This rule adopts the HPID as the standard unique identifier for health plans and defines the terms “Controlling Health Plan” (CHP) and “Subhealth Plan” (SHP). The definitions of these two terms differentiate health plan entities that are required to obtain an HPID, and those that are eligible, but not required, to obtain an HPID. This rule requires all covered entities to use an HPID whenever a covered entity identifies a health plan in a covered transaction. Because health plans today have many different business structures and arrangements that affect how health plans are identified in standard transactions, we established requirements for CHPs and SHPs in order to enable health plans to obtain HPIDs to reflect different business arrangements so they can be identified appropriately in standard transactions.

This rule also adopts a data element to serve as an other entity identifier. The OEID will function as an identifier for entities that are not health plans, health care providers, or individuals (as defined in 45 CFR 160.103), but that need to be identified in standard transactions (including, for example, third party administrators, transaction vendors, clearinghouses, and other payers). Under this final rule, other entities are not required to obtain an OEID, but they could obtain and use one if they need to be identified in covered transactions. Because other entities are identified in standard transactions in a similar manner as health plans, we believe that establishing an identifier for other entities will increase efficiency by facilitating the use of a uniform identifier.

b. NPI

This rule requires an organization covered health care provider to require certain noncovered individual health care providers who are prescribers to: (1) obtain NPIs; and (2) to the extent the prescribers write prescriptions while acting within the scope of the prescribers' relationship with the organization, disclose them to any entity that needs the NPIs to identify the prescribers in standard transactions. This addition to the NPI requirements would address the issue that pharmacies are encountering when the NPI of a prescribing health care provider needs to be included on a pharmacy claim, but the prescribing health care provider does not have, or has not disclosed, an NPI.

c. ICD-10-CM and ICD-10-PCS

This rule changes the compliance date for ICD-10-CM and ICD-10-PCS from October 1, 2013 to October 1, 2014. We believe this change will give covered entities the additional time needed to synchronize system and business process preparation and changeover to the updated medical data code sets.

3. Summary of Costs and Benefits a. HPID

The HPID is expected to yield the most benefit for providers, while health plans will bear most of the costs. Costs to all commercial and government health plans together (Medicare, Medicaid programs, Indian Health Service (IHS), and Veterans Health Administration (VHA)) are estimated to be $650 million to $1.3 billion. However, commercial and government health plans are expected to make up those costs in savings. Further, it is our understanding that the industry will not find the HPID requirements to be overly burdensome. Many entities have indicated that they have delayed regular system updates and maintenance, as well as the issuance of new health plan identification cards, in order to accommodate the adoption of the HPID.

Health care providers can expect savings from two indirect consequences of HPID implementation: (1) The cost avoidance of decreased administrative time spent by providers interacting with health plans; and (2) a material cost savings through automation of processes for every transaction that moves from manual to electronic implementation. HPID's anticipated 10-year return on investment for the entire health care industry is expected to be between $1.3 billion to $6 billion. (This estimate includes savings resulting from the ongoing effects of adopting the HPID rather than the immediate and direct budgetary effects.)

b. NPI

The addition to the requirements for the NPI will have little impact on health care providers and on the health industry at large because few health care providers do not already have an NPI. In addition, covered organization health care providers may comply by various means. For example, a covered organization could use a simple verbal directive to prescribers whom they employ or contract with to meet the requirements. Alternately, a covered organization could update employment or contracting agreements with the prescribers. For these reasons, we believe the additional NPI requirements do not impose spending costs on State government or the private sector in any 1 year of $136 million or more, the threshold specified in the Unfunded Mandates Reform Act (UMRA).

c. Change of Compliance Date of ICD-10

According to a recent survey conducted by the Centers for Medicare & Medicaid Services (CMS), up to one quarter of health care providers believe they will not be ready for an October 1, 2013 compliance date.1 While the survey found no significant differences among practice settings regarding the likelihood of achieving compliance before the deadline, based on recent industry feedback we believe that larger health care plans and providers generally are more prepared than smaller entities. The uncertainty about provider readiness is confirmed in another recent readiness survey in which nearly 50 percent of the 2,140 provider respondents did not know when they would complete their impact assessment of the ICD-10 transition.2

1Version 5010 and ICD-10 Readiness Assessment: Conducted among health Care providers, payers and Vendors for the Centers for Medicare & Medicaid Services (CMS), December 2011 (OMB Approval No: 09938-1149). The assessment surveyed 404 providers, 101 payers, and 90 vendors, which represents 0.1% of all physician practices, 3% of hospitals, and 5% of health plans.

2An impact assessment for ICD-10 is performed by a covered entity to determine business areas, policies, processes and systems, and trading partners that will be affected by the transition to ICD-10. An impact assessment is a tool to aid in planning for implementation. “Survey: ICD-10 Brief Progress,” February 2012, conducted by the Workgroup for Electronic Data Interchange (WEDI).

By delaying the compliance date of ICD-10 from October 1, 2013 to October 1, 2014, we are allowing more time for covered entities to prepare for the transition to ICD-10 and to conductthorough testing. By allowing more time to prepare, covered entities may be able to avoid costly obstacles that would otherwise emerge while in production.

Savings will come from the avoidance of costs that would occur as a consequence of significant numbers of providers being unprepared for the transition to ICD-10. In the Regulatory Impact Analysis (RIA) of this final rule, we estimate that there would be a cost avoidance of approximately $3.6 billion to nearly $8 billion in this regard. This range of estimates reflects the avoidance of two costly consequences that could occur should the compliance date remain October 1, 2013: (1) both health care providers and health plans could have to process health care claims manually in order for claims to be paid; and (2) small health care providers could have to take out loans or apply for lines of credit in order to continue to provide health care in the face of delayed payments.

In terms of costs, commercial health plans, medium and large hospitals, and large physician practices are far along in their ICD-10 implementation planning, and therefore have devoted funds, resources, and staff to the effort. According to our estimates, a 1-year delay of the ICD-10 compliance date would add 10 to 30 percent to the total cost that these entities have already spent or budgeted for the transition—an additional cost to commercial entities of approximately $1 billion to $6.4 billion. Medicare and State Medicaid Agencies have also reported estimates of costs of a change in the compliance date in recent informal polls. Accordingly, the calculations in the RIA in this final rule demonstrate that a 1-year delay in the compliance date of ICD-10 would cost the entire health care industry approximately $1 billion to $6.6 billion.

We assume that the costs and cost avoidance calculated in the RIA will be incurred roughly over a 6- to 12-month period, from October 1, 2013 to October 1, 2014. For simplicity sake, however, both the costs and the cost avoidance that result from a change in the compliance date of ICD-10 are calculated over the calendar year, 2014.

We solicited comments on our assumptions and conclusions in the RIA.

B. Background 1. Legislative and Regulatory Overview

In the April 17, 2012Federal Register(77 FR 22950), we published a proposed rule titled “Administrative Simplification: Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for ICD-10-CM and ICD-10-PCS Medical Data Code Sets” (hereinafter referred to as the April 2012 proposed rule). The April 2012 proposed rule provides an overview of the statutory provisions and regulations that are relevant for purposes of the April 2012 proposed rule (77 FR 22952 through 22954) and this final rule. We refer readers to that discussion.

C. The Unique Health Plan Identifier (HPID) and the Affordable Care Act

Section 1104(c)(1) of the Affordable Care Act directs the Secretary to promulgate a final rule establishing a unique health plan identifier that is based on the input of a Federal advisory committee, the National Committee on Vital and Health Statistics (NCVHS). Congress created the NCVHS to serve as an advisory body to the Secretary on health data, statistics, and national health information policy. Section 1104 of the Affordable Care Act authorizes the Secretary to promulgate the rule on an interim final basis and indicates that such rule shall be effective not later than October 1, 2012.

Health plans are currently identified for different purposes using different identifiers that have different sources, formats, and meaning. A health plan may have multiple identifiers, each assigned by a different organization for a different purpose. The following discussion focuses on the types of identifiers that currently may be used to identify health plans in standard transactions. State regulators, for instance, use the National Association of Insurance Commissioners' (NAIC) Company code to identify health plans when a health plan is licensed to sell or offer health insurance in a particular State. The U.S. Department of Labor (DOL) and the Internal Revenue Service (IRS) use the 9-digit Employer Identification Number (EIN) and a 1-digit alphabetic or a 3-digit plan number to identify health plans. Employers, sole proprietorships, corporations, partnerships, non-profit associations, trusts, estates of decedents, government agencies, certain individuals, and other business entities, use EINs to identify health plans for a host of purposes and transactions. The IRS uses the EIN to identify taxpayers that are required to file various business tax returns. Health care clearinghouses assign proprietary identifiers to health plans for use in standard transactions. Multiple clearinghouses may identify the same health plan using different proprietary identifiers in different covered transactions. Health plans may use other identifiers, such as a tax identification number (TIN) or an EIN, to identify themselves in the standard transactions, to more easily integrate into existing proprietary systems, or for use on health insurance cards that they issue to health plan enrollees.

Not only are health plans identified using a variety of identifiers, but these identifiers have different formats. For instance, some identifiers are alphanumeric while other identifiers are only numeric. Identifiers also differ in length; for example, NAIC codes are typically five digits while an EIN is nine digits.

The current versions of the adopted standards (ASC X12N and NCPDP) allow health plans to use these and other identifiers in standard transactions. Therefore, for the covered transactions there is currently no requirement for consistency in the use of identifiers for health plans. The transaction standards implementation guides, though, do provide for the use of the HPID once its use is mandated and during a phase-in period. Prior to this rule, health care providers, health plans, and health care clearinghouses consequently could use EINs, TINs, NAIC numbers, or health care clearinghouse or health plan-assigned proprietary numbers to identify health plans in standard transactions. Industry stakeholders, especially health care providers, have indicated that the lack of a standard unique health plan identifier has resulted in increased costs and inefficiencies in the health care system. Health care providers are frustrated by problems with: the routing of transactions; rejected transactions due to insurance identification errors; difficulty determining patient eligibility; and challenges resolving errors identifying the health plan during claims processing.

The Affordable Care Act specifically calls for the establishment of a unique identifier for health plans. There are however, other entities that are not health plans but that perform certain health plan functions and are currently identified in the standard transactions in the same fields using the same types of identifiers as health plans. For example, health care clearinghouses, third party administrators (TPAs), and repricers often contract with insurance companies, self-funded group health plans, and provider- or hospital-run health plans to perform claims administration, premium collection, enrollment, and other administrative functions. As explained later in this final rule, we are adopting a data element—an other entity identifier—toserve as an identifier for these other entities.

D. The National Committee on Vital and Health Statistics (NCVHS)

The NCVHS has been assigned a significant role in the Secretary's adoption of all standards, code sets, and operating rules under HIPAA, including the unique health plan identifier. In section 1104(c)(1) of the Affordable Care Act, the Secretary is directed to conduct rulemaking to establish a unique health plan identifier based on input of the NCVHS.

The NCVHS Subcommittee on Standards fulfilled these duties by conducting public hearings on the health plan identifier on July 19 through 21, 2010. Industry stakeholders, including representatives from health plans, health care provider organizations, health care clearinghouses, pharmacy industry representatives, standards developers, professional associations, representatives of Federal and State public programs, the Workgroup on Electronic Data Interchange (WEDI), the National Uniform Billing Committee (NUBC), the National Uniform Claim Committee (NUCC), and individuals with health plan identifier proposals provided in-person and written testimony. Stakeholder testimony at the hearings focused on the use and need for an HPID to: facilitate the appropriate routing of transactions; reduce the cost of managing financial and administrative information; improve the accuracy and timeliness of claims payment; and reduce dissatisfaction among health care providers and patients/members by improving communications with health plans and their intermediaries. Stakeholders provided suggestions on the types of entities that need to be identified in standard transactions, those that should be eligible to obtain an HPID, and the level of enumeration for each plan (for example, the legal entity, product, benefit package etc.).

For a full discussion of the key topics and recommendations from the July 19 through 21, 2010 NCVHS hearings, we refer the reader to the April 2012 proposed rule (77 FR 22950). For the complete text of the NCVHS' observations and recommendations, go tohttp://www.ncvhs.hhs.gov/100930lt1.pdf.

E. Definition of Health Plan

The regulatory definition of health plan at 45 CFR 160.103 was initially adopted in the August 17, 2000 Standards for Electronic Transactions final rule (65 FR 50312) (hereafter Transactions and Code Sets final rule). The basis for the additions to, and clarifications of, the definition of health plan is further discussed in the preamble to the December 28, 2000 final rule (65 FR 82478 and 82576) titled “Standards for Privacy of Individually Identifiable Health Information” (hereinafter referred to as the Privacy Rule). For additional information on the definition of health plan, we refer readers to these rules.

F. The April 2012 Proposed Rule and Analysis of and Responses to Public Comments

In the April 2012 proposed rule, we proposed the following:

• The adoption of the standard for a national unique HPID for use in all transactions for which the Secretary has adopted a standard (hereinafter referred to as standard transactions).

• An OEID for use by entities that do not meet the definition of a health plan, but that need to be identified in the standard transactions.

• Requirements and provisions for the implementation of both the HPID and OEID.

• Additions to the NPI requirements mandating that covered health care providers require certain noncovered individual health care providers who are prescribers to obtain NPIs.

• To change the compliance date for ICD-10 code sets from October 1, 2013 to October 1, 2014.

In the April 2012 proposed rule, we solicited public comments on a number of proposals. In response to our solicitation, we received approximately 536 timely pieces of correspondence. Summaries of the public comments that are within the scope of the proposed rule and our responses to those comments are set forth in the various sections of this final rule under the corresponding headings.

II. Adopting a Standard for a Unique Health Plan Identifier (HPID) A. The Health Plan Identifier

We proposed HPID as the standard unique identifier for health plans. We also proposed: (1) Instructions and guidance concerning how health plans may obtain an HPID; (2) the requirements that covered entities will have to meet to use the HPID in standard transactions; and (3) provisions for the HPID in a new subpart (subpart E) at 45 CFR part 162.

1. Definition of “Controlling Health Plan” and “Subhealth Plan”

Health plans today have many different business structures and arrangements that affect how health plans are identified in standard transactions. There is often a “parent” corporation that meets the definition of health plan, which may be controlled by entities, such as holding companies, that do not meet the definition of health plan. This “parent” health plan may own and operate several other entities and organizations, which may also meet the definition of a health plan. While these individual health plans that are owned by the same “parent” corporation may have their own EIN or NAIC number, they may all use a single identifier in covered transactions because of data processing arrangements. In these situations, some health plans may not need to be identified separately in covered transactions, and may not need their own health plan identifier. To differentiate between health plan entities that would be required to obtain an HPID, and those that would be eligible, but not required, to obtain an HPID, we proposed and are adopting in this final rule, to categorize health plans as controlling health plans (CHPs) and subhealth plans (SHPs).

The definitions of CHPs and SHPs are established in 45 CFR 162.103 as follows:

a. Controlling Health Plan (CHP)

A CHP means a health plan that—(1) controls its own business activities, actions, or policies; or (2)(i) is controlled by an entity that is not a health plan; and (ii) if it has a subhealth plan(s), exercises sufficient control over the subhealth plan(s) to direct its/their business activities, actions, or policies.

We suggested that the following considerations may be helpful in determining if an entity is a CHP:

• Does the entity itself meet the definition of health plan at 45 CFR 160.103?

• Does either the entity itself or a non health plan organization control the business activities, actions, or policies of the entity?

If the answer to both questions is “yes,” then the entity would meet the definition of CHP. We proposed that an entity that meets the definition of CHP would be required to obtain a health plan identifier.

b. Subhealth Plan (SHP)

We proposed that a SHP means a health plan whose business activities, actions, or policies are directed by a controlling health plan.

We suggested that the following considerations may be helpful in determining whether an entity is a SHP:

• Does the entity meet the definition of health plan at § 160.103?

• Does a CHP direct the business activities, actions, or policies of the health plan entity?

If the answer to both questions is “yes,” then the entity meets the definition of SHP. We proposed that a SHP would not be required to obtain an HPID, but may choose to obtain an HPID, or its CHP may obtain an HPID on its behalf.

Comment:We received a few comments on the proposed definitions of CHP and SHP. Some commenters liked the proposed definitions, believing they would aid health plans in determining the appropriate enumeration level. A few commenters suggested alternatives to either broaden or narrow the definition of CHP. Commenters that requested a broader definition were generally concerned that the definition was not sufficiently broad to encompass the legal structures utilized by various third party payors. As a result, ambiguity in the standard transactions occurs because of the numerous different ways in which health plans functions are performed by different entities and the numerous ways the term “health plan” is interpreted. These commenters suggested that HHS expand the definition of CHP to encompass any and all potential legal relationships between holding companies and their subsidiaries that hold health insurance licenses. These commenters also requested that after HHS broadens the definition of CHP, that the CHP be required to obtain a separate HPID for each of the health plans' subsidiaries involved in the healthcare delivery system, specifically for the entities that are involved as fiduciaries with legal responsibilities for paying claims, any administrator responsible for administering any aspect of the benefits, and any holder of the participation contract with the physicians or other health care providers. These commenters suggested that HHS revisit the definition of health plan at 45 CFR 160.103 to include each of the intermediaries involved in the multitude of transactions that occur in administering payment.

Response:HHS was tasked with creating a unique health plan identifier. The term “health plan” is defined in section 1171(5) of the Act and at 45 CFR 160.103 of the regulations. We do not believe Congress intended to include in the definition of health plan entities that solely perform the functions of third party administrators or repricers. In addition, while we recognize that health plans and other entities that perform health plan functions may be identified in similar fields in the standard transactions, they are distinctly different organizations with different purposes. Furthermore, we proposed the adoption of a data element that will serve as the OEID discussed in section II.B. of this final rule to meet industry's need for a standard identifier for entities that do not meet the definition of health plan, but that perform related functions.

Comment:A commenter suggested that HHS narrow the definition of a CHP so that it means “a health plan that—(1) controls its own business activities, actions,andpolicies; or (2) (i) is controlled by an entity that is not a health plan; and (ii) if it has a subhealth plan(s) (as defined in this section), exercises sufficient control over the subhealth plan(s) to direct its/their business activities, actions,andpolicies.”

Response:We believe that a narrow definition of CHP would not capture all of the “parent” organizations that should be required to obtain HPIDs for themselves and be authorized to obtain HPIDs for their subhealth plans, to accomplish the goals at this stage of standardization. We distinguish between CHPs and SHPs because health plans have different business structures and arrangements that determine how they are identified in the standard transactions. We recognize that different organizations may divide business responsibilities in various ways. For example, a “parent” organization that meets the definition of health plan may dictate some business activities, actions, or policies, but may not control all business activities, actions, or policies of entities that they own or operate that also meet the definition of health plan. Given the variations in structures and relationships, we used the word “or” rather than “and” to provide more flexibility to health plans and ensure that “parent” organizations are classified as CHPs and are required to obtain HPIDs.

After consideration of the public comments received, we are finalizing the definitions of CHP and SHP without modification.

2. Use of the HPID

In 45 CFR 162.510, we proposed that all covered entities would be required to use an HPID where a covered entity identifies a health plan in a covered transaction. We proposed further that, if a covered entity uses a business associate to conduct standard transactions on its behalf, the covered entity must require its business associate to use an HPID to identify a health plan where the business associate identifies a health plan in all covered transactions.

We proposed in § 162.506 that the HPID could also be used for any other lawful purpose, and provided some examples of permitted uses including the following:

• Health plans may use HPIDs in their internal files to facilitate processing of health care transactions.

• A health plan may use an HPID on a health insurance card.

• The HPID may be used as a cross-reference in health care fraud and abuse files and other program integrity files.

• Health care clearinghouses may use HPIDs in their internal files to create and process standard and nonstandard transactions and in communications with health plans and health care providers.

• HPIDs may be used in patient medical records to help specify patients' health care benefit package(s).

• HPIDs may be used to identify health plans in electronic health records (EHRs).

• HPIDs may be used to identify health plans in Health Information Exchanges (HIEs).

• HPIDs may be used to identify health plans in Federal and State health insurance exchanges.

• HPIDs may be used to identify health plans for public health data reporting purposes.

Comment:Many commenters requested further clarification of the purpose, intent, and use of the HPID, specifically if and how the HPID should be used in the standard transactions. For instance, they suggested more guidance on if and where the HPID should be used in the standard transactions and on the ISA envelope.

Response:We direct these commenters to the adopted transaction standards, the relevant implementation guides, and as appropriate, adopted operating rules, for direction on if and when to use the HPID. We note that the only required use of the HPID is that a covered entity must use an HPID to identify a health plan that has an HPID in the standard transactions where the covered entity is identifying a health plan in the standard transaction. This final rule does not require that health plans now be identified in the standard transactions if they were not identified before this rule. For instance, if a covered entity is currently identifying a health plan as the information source in the eligibility response transaction (271), Loop 2100A, Segment NM1—information source name, the covered entity will be required to use an HPID to identify that health plan as the information source once the HPID isrequired. If a covered entity is currently identifying a third party administrator as the information source, the covered entity can continue to identify that third party administrator as the information source using whatever identifier the third party administrator uses after the adoption of the HPID. We anticipate we will provide additional examples of how the HPID can be used in the standard transactions outside of this final rule.

In their request for clarification, some of these commenters appeared confused regarding the affirmative obligation in 45 CFR 162.510 for covered entities to use an HPID to identify a health plan in standard transactions, when a SHP may not have its own HPID. In those cases, covered entities would use the HPID that the SHP indicates should be used to identify that SHP, which may be the HPID of its controlling health plan. If an entity has in good faith sought to identify the HPID that should be used for a SHP that has no HPID and has been unsuccessful, then it obviously cannot use an HPID to identify that SHP. However, we would anticipate that those circumstances would be rare. Nevertheless, consistent with these commenters' request to clarify the requirement, we have inserted “that has an HPID” immediately after “health plan” in § 162.510(a) and (b). We consider a health plan as “having an HPID” if that health plan communicates with its trading partners that it consistently uses a particular HPID, even if the HPID it uses is associated with another health plan, such as its controlling health plan.

Comment:A few commenters stated that they saw the primary purpose of the HPID as a way to eliminate the ambiguity that currently exists in the covered transactions. They note that various nonhealth plans perform certain administrative functions currently performed by health plans.

Response:These comments imply that the Department should expand the definition of “health plan” to include entities that are not health plans as defined by statute and regulation. Previously, we addressed why this rule does not expand the definition of health plan, and further, why we take an incremental approach in the adoption of the HPID and OEID. We seek to allow the industry time and flexibility for implementing these unique identifiers. We created the other entity identifier to provide standardization for these entities that do not meet the definition of health plan, for instance. While the use of the OEID is voluntary, its use can facilitate the standardization of electronic administrative and financial transactions.

Comment:Some commenters expressed concern that the HPID requirements and provisions are not clearly defined for industry implementation. Commenters recommended that pilot testing occur prior to the adoption of the HPID, to ensure proper and consistent implementation. Some commenters suggested that the Department work with the NCVHS to determine if operating rules for the use of HPID are necessary to clarify any implementation issues that arise following HPID implementation.

Response:We anticipate this rule serving as a first step in standardizing the way health plans are identified in the standard transactions. We note that the only required use of the HPID is to identify a health plan that has an HPID where a health plan is identified in the standard transactions. Health plans, except small health plans, have until 2 years after the effective date of this rule to obtain HPIDs. Small health plans have until 3 years after the effective date of this rule to obtain HPIDs. Covered entities are not required to use HPIDs in the standard transactions until 4 years after the effective date of this rule. (For further discussion of the HPID compliance date see section II.E. of this final rule.) The rule provides ample time for covered entities to develop their own implementation timelines, which we suggest could include pilot testing, and milestones to ensure they meet the compliance dates.

As we explained in the April 2012 proposed rule, a health plan may need to be identified in different fields in the transactions and these fields may not always require the use of a health plan identifier. For instance, the information source, in the eligibility response transaction (271), Loop 2100A, Segment NM1, may be a health plan, or an other entity that performs health plan functions, like a third party administrator. So after the applicable compliance date of the HPID, if a covered entity is identifying a health plan as the information source in the eligibility response transaction (271), Loop 2100A, Segment NM1, then the covered entity will be required to use an HPID to identify that health plan in the standard transactions. However, if after the adoption of the HPID, the covered entity is identifying a third party administrator as the information source in the eligibility response transaction (271), Loop 2100A, Segment NM1, the covered entity can use whatever identifier it was using previously or an OEID to identify that third party administrator. This final rule does not impose any new requirement for when to identify a health plan that has an HPID in standard transactions. It merely requires the use of the HPID where the health plan is identified. We did provide an example of a use of the HPID in transaction standards in the April 2012 proposed rule (77 FR 22961).

Comment:Some commenters question what the HPID will actually accomplish.

Response:The establishment of the HPID and the requirement to use it in the standard transactions to identify health plans is another step towards standardization. In standard transactions, the HPID will replace proprietary identifiers for health plans which have different lengths and formats. In addition, it will provide public access to information necessary to accurately identify health plans. This will save providers time when verifying a health plan's identity. Standardization of the health plan identifier is also expected to ameliorate some electronic transaction routing problems. The HPID and OEID will add consistency to identifiers, may provide for a higher level of automation, particularly for provider processing of the X12 271 (eligibility response) and X12 835 (remittance advice). In the case of the X12 835, the HPID and OEID may allow reconciliation of claims with the claim payments to be automated at a higher level. While the implementation of HPID, in and of itself, may not immediately provide significant monetary savings for covered entities, it is expected to provide significant time savings by immediately resolving certain transaction routing problems.

Comment:Commenters raised issues about whether the early use of the HPID in the standard transactions could result in denied or misrouted claims with the potential to cause privacy or security breaches.

Response:We believe the HPID will reduce denied and misrouted claims once fully implemented, given that all HPIDs and information related to HPIDs will be available in one database. While we recognize that there is the potential for misrouted or denied claims during the transition to the HPID, we believe that privacy or security breaches can be avoided, particularly with prior implementation planning. We believe there is more than adequate time between the compliance date for when health plans obtain HPIDs and when covered entities are required to use HPIDs in the standard transactions, which will allow industry ample opportunity to make system changes and perform extensive testing with trading partners. This additional timeand phased-in approach to compliance should reduce denied or misrouted claims during the early use of the HPID.

Comment:Some commenters requested more specific guidance about how the HPID should be used in business models, for instance in situations where one health plan may be adjudicating the claim and a separate health plan may hold the actual contract with the provider.

Response:The implementation of the HPID does not require a change to health plans' business models. Changing a health plan's current identifiers to an HPID does not change the structural organization and/or its contractual relationships with other entities, or whether it is identified in the standard transactions. For example, if the health plan that adjudicates the claim needs to be identified in a standard transaction, then the HPID of that health plan should be used. If the health plan that holds the actual contract with the provider needs to be identified in a standard transaction, then the HPID of that health plan should be used.

Comment:Several commenters raised concerns about the use of the HPID on health plan members' ID cards. Commenters were split between making the use of the HPID on member ID cards mandatory or optional. Others raised concerns that the cost of re-issuing all member ID cards far outweighs any benefit.

Response:In this rule, we only require the use of the HPID in the standard transactions. The HPID is permitted to be used for any other lawful purpose and inclusion of the HPID on health plan members' ID cards is just one example of an optional use of the HPID. While health plans are permitted to put the HPID on member ID cards, we do not require it, so the determination of whether to reissue cards, and the associated costs, lie with the health plans.

Comment:Other commenters recommended that health plans be required to comply with the health plan ID card standards set forth in the Workgroup for Electronic Data Interchange (WEDI) Health ID Card Implementation Guide, Version 1.0 (November 30, 2007).

Response:We did not address or propose the adoption of a standard format for a health plan identification card. The goal of this rule was to adopt a standard health plan identifier for use in the standard transactions. While the use of the HPID on a health plan ID card is a permitted use, we did not require it in this rule because further analysis and industry feedback is needed on standard identification cards after the implementation of the HPID.

After consideration of the public comments, we are finalizing the required and permitted uses of the HPID with the minor clarifying modifications to § 162.510(a) and (b), adding “that has an HPID” immediately after “health plan.”

3. Health Plan Identifier Requirements a. Requirements and Options for Obtaining an HPID

This final rule discusses how CHPs and SHPs will obtain an HPID from the Enumeration System. In 45 CFR 162.512, we proposed to require a CHP to obtain an HPID for itself from the Enumeration System. In addition, we proposed that a CHP may obtain an HPID from the Enumeration System for its SHP, or direct a SHP to obtain an HPID from the Enumeration System. We proposed that any SHP would be able to obtain an HPID regardless of whether or not its CHP directed it to obtain an HPID. While a CHP could only obtain one HPID for itself, a CHP could use the HPID of its SHPs for any lawful purpose.

While a CHP would be required to obtain an HPID, there would be different options available for the enumeration of SHPs based on a CHP's organizational structure and business needs. The CHP would analyze its organizational structure to determine if and which of its SHPs need an HPID based on whether the SHP needs to be identified in covered transactions. We encouraged CHPs and SHPs to coordinate their HPID applications to prevent duplication and possible confusion. See Table 1 for a comparison of requirements for obtaining an HPID.

Table 1—Enumeration Requirements and Options for CHPs and SHPs Entity Enumeration requirements Enumeration options CHPs Must obtain an HPID for itself May obtain an HPID(s) for its SHP(s).
  • May direct its SHP(s) to obtain an HPID(s).
  • SHPs Not required to obtain an HPID May obtain an HPID at the direction of its CHP.
  • May obtain an HPID on its own initiative.
  • For further illustrations and examples of enumeration options to demonstrate the ways a CHP could choose to enumerate itself and its SHPs, see the April 2012 proposed rule (77 FR 22957 through 22962).

    In the proposed rule, we clarified that self-insured group health plans are included in the definition of health plan in § 160.103 and therefore will need to obtain a health plan identifier if they meet the definition of a CHP. We specifically mentioned self-insured group health plans as there was industry discussion about whether these health plans should be required to obtain HPIDs because they do not often need to be identified in the standard transactions. Some industry stakeholders noted that many self-insured group health plans contract with third party administrators or other entities to perform health plan functions on their behalf and those entities, not the self-insured group health plans, may be identified in the standard transactions. Therefore, many in the industry suggested not requiring self-insured group health plans to obtain HPIDs, while others recommended requiring these plans to obtain HPIDs because they are typically the financially responsible party. Given that self-insured group health plans are included in the definition of health plan and potentially need to be identified in the standard transactions, we proposed that they be required to obtain an HPID if they meet the definition of a CHP. We solicited comments on this issue.

    b. Options for Enumeration of Health Plans

    As discussed previously in this final rule, stakeholders at the NCVHS hearings expressed differing viewpoints on the appropriate level of health plan enumeration. Some industry stakeholders encouraged health plan enumeration at a very high level (for example, at the level of the health plan's legal entity), while other stakeholders supported enumeration at the benefit package level. We analyzed and considered these viewpoints when we developed the policies associated with HPID adoption and implementation.

    In the April 2012 proposed rule, we considered multiple uses for the HPID. We determined that the primary purpose of the HPID was for use in standard transactions in order to identify health plans in the appropriate loops and segments and to provide a consistent standard identifier for covered entities to use when identifying health plans in standard transactions. We analyzed the transaction standards to determine the existing segments and loops where a health plan may need to be identified, what identifiers are currently used in those loops and segments to identify health plans, and what information a loop or segment conveys when a health plan is being identified. We also carefully considered the information that industry stakeholders reported was missing in covered transactions, such as information related to patient financial responsibility.

    We determined that much of the information testifiers wanted to obtain from the HPID might already be available in other parts of the transaction standards and associated operating rules. To illustrate this point, in the proposed rule, we discussed the CAQH CORE 154 Eligibility and Benefits 270/271 Data Content Rule, which we adopted through an interim final rule with comment period in the July 8, 2011Federal Register(76 FR 40458). That operating rule is to be used with the ASC X12 Version 5010 Standard for Electronic Data Interchange Technical Report Type 3—Health Care Eligibility Benefit Inquiry and Response (270/271) (hereinafter referred to as the Version 5010 270/271 eligibility inquiry/response standard. The operating rule requires certain additional information to be included in the Version 5010 270/271 eligibility inquiry/response transaction standard, including information about a patient's health plan name, coinsurance, copayment, and deductibles including in-network and out-of-network, as well as remaining deductible amounts. Moreover, we believe that the transaction standards themselves could more appropriately address many of the other issues raised by stakeholders about the appropriate level of enumeration. Therefore, HPID does not need to provide the level of detail that some testifiers suggested.

    We discussed in the April 2012 proposed rule how requiring health plans to enumerate at a more granular level may prove burdensome to the industry as benefit package information and offerings change frequently and would require constant updates by health plans. For example, health care providers would need to update their software and systems frequently to ensure the accuracy of information. A failure of either health care providers or health plans to ensure that the HPIDs and the corresponding health plan information is up-to-date could result in increased time spent by health plan and health care provider staff to ensure the most accurate information is being used for eligibility determinations and claim payments.

    As discussed in the April 2012 proposed rule, we developed the policies associated with HPID adoption and implementation after considering stakeholder testimony, analyzing transaction standards' loops and segments where the health plan identifier will be used, and taking into account newer versions of the transaction standards and the adoption of associated operating rules.

    We received many comments on the enumeration requirements for CHPs and SHPs.

    Comment:Some commenters generally supported our proposal that a CHP be required to obtain an HPID, while a SHP would be eligible but not required to obtain one. These commenters supported the flexibility this approach provided to a health plan to determine the appropriate level of enumeration for its organization and enumerate itself in a way that supports its business needs.

    Response:We thank commenters for their support.

    Comment:Some commenters emphasized that it is critical that the approach in the proposed rule be finalized so that health plans have the flexibility to determine how the health plan chooses to enumerate itself for use in the standard transaction. For instance, whether it chooses to have one HPID for its entire organization or whether it chooses to obtain separate HPIDs for its subhealth plans. While these commenters supported the proposed enumeration requirements and required uses of the HPID, they expressed concerns that future rulemaking could result in requiring divisions within health plans to be enumerated.

    Response:While we appreciate the commenters' support for our proposed approach to establishing an HPID, we find the concerns expressed about future rulemaking to be outside the scope of this rule. Nevertheless, we anticipate that future changes in the requirements or prohibitions will be aligned with industry business needs and experience.

    Comment:A commenter expressed concern about limiting a health plan to a single HPID. This commenter was concerned that a single HPID may present issues from a routing perspective because a single health plan may use multiple processing systems or administrators. The commenter also noted that if a health plan were limited to being enumerated with a single HPID, there would need to be intelligence associated with the HPID, such as a data element to redirect incoming transactions from the single receiving site to the multiple processing sites. This commenter further suggested that a health plan be able to obtain and use subordinate identifiers for routing purposes.

    Response:This final rule limits CHPs to obtaining one HPID for themselves. Permitting a CHP to obtain multiple HPIDs would lead to unnecessary complexity and potential confusion for no discernible benefit. Any additional information necessary for the transaction should be included within the transaction standard, implementation specifications, or associated operating rule. However, we note that we do allow CHPs to obtain HPIDs for their subhealth plans based on their business needs and arrangements and allow CHPs to use the HPID of their SHPs in the standard transactions.

    Comment:Some commenters supported not enumerating at a more granular level of enumeration because certain information about patient eligibility or financial information can be provided in other data fields in the transactions. They stressed that a more granular approach would add significant administrative costs to the implementation of the HPID and would require the creation of a clearinghouse to maintain the various separate identifiers and this would not benefit vendors, health care providers or health plans.

    Response:We agree with these commenters that a greater level of granularity has the potential to be unnecessarily burdensome and expensive for all segments of industry. If the industry determines that additional information is needed for certain electronic transactions, changes to the transaction standards would likely be more appropriate.

    Comment:Commenters recommended that HHS work with the Operating Rules Authoring Entity for the applicable transactions if additional information is needed in the future.

    Response:The Affordable Care Act authorized the Secretary to establish a review committee to conduct hearings to evaluate and review the adopted standards and operating rules. Thereview committee will provide recommendations for updating and improving such standards and operating rules. We believe that the industry will have sufficient opportunities to provide information about developing needs and ways to address those needs with possible changes to standards and operating rules.

    Comment:Some commenters suggested that HHS provide additional guidance on enumeration to support health plans in making informed decisions on the most appropriate approach for enumeration. These commenters cautioned that, without more guidance, the proposed enumeration approach would result in health plans enumerating their organizations in different ways and this lack of consistency across health plans would impact the industry.

    Response:We do not believe additional guidance on enumeration is needed at this time. This final rule seeks in large part to substitute the use of proprietary and other non-standard identifiers with a unique standard health plan identifier in HIPAA standard transactions. Covered entities nevertheless retain certain flexibility to use identifiers in ways that best serve their own business needs, even within standard transactions. As health plans are enumerated, HHS will monitor the industry and assess whether any clarification or guidance is necessary. More likely, the industry will quickly identify best practices for health plan enumeration and HHS will seek to facilitate the dissemination of this information.

    Comment:Commenters urged HHS to require a greater level of health plan enumeration granularity. For example, some commenters suggested that a patient-specific benefit plan ID is needed. They stated that an identifier should include this information because from the perspective of patients, physicians, and other health care providers, the patient-specific benefit plan information is routinely necessary prior to the patient encounter. They also stated that while the current set of adopted operating rules will ensure additional information is available, they will not provide all the information associated with the patient-specific benefit plan the commenters believe is needed. They suggested that the need for a patient-specific benefit plan ID will only increase as the number of people purchasing coverage directly from Exchanges grows. According to these commenters, this information is needed at the point of service, on the eligibility response, and on the electronic remittance advice (ERA). Currently this information is only required to be provided on the ERA in text, which makes automation difficult. These commenters suggested that having specific benefit plan information associated with the HPID would improve automation.

    Response:Given our gradual approach to standardization, a patient-specific benefit plan identifier is a more specific requirement than we believe would be appropriate to impose at this early stage. As other commenters have suggested, a more granular level of enumeration has the potential to cause ongoing administrative burden and would need to be continually updated by both the health plans and the providers to ensure accuracy. We understand that this first step of standardization for the identification of health plans is not going to achieve as much transparency initially as some commenters state is needed in the transactions. After experience with the implementation and use of the HPID, we will work with industry to explore next steps of enumeration that may include patient-specific benefit plan information. We also want to caution that we do not believe a standard identifier alone will be the final solution to all of the transparency challenges in standard transactions. The health plan identifier is foundational and will allow the gradual move towards greater utility.

    Comment:Some commenters emphasized the need to enumerate each SHP because there are situations where the specific benefit package of that health plan under which services were performed needs to be identified, such as with coordination of benefit transactions or laboratory services.

    Response:For this phase of implementation of HPID, we determined that it would not be necessary to require each SHP to obtain an HPID because health plans are essentially transitioning their multiple proprietary identifiers to HPIDs. We are not changing what is required to be identified in the standard transaction so if there are situations where the SHP may need to be identified, such as with laboratory services or coordination of benefit transactions, it will be up to the CHP within the limitations of this rule to determine how that SHP is identified in the standard transaction to ensure continuous flow of the transactions. We believe that at this stage of transition, it is wise to allow CHPs to make these decisions based on their business needs and structures.

    In a previous response, we provided clarification about the affirmative obligation in 45 CFR 162.510 for covered entities to use an HPID to identify a health plan in standard transactions, when a SHP may not have its own HPID, and we believe the discussion is applicable to this comment. As we explained previously, in those cases, covered entities would use the HPID that the SHP indicates should be used to identify that SHP, which may be the HPID of its controlling health plan. If an entity has in good faith sought to identify the HPID that should be used for a SHP that has no HPID and has been unsuccessful, then it obviously cannot use an HPID to identify that SHP. While we anticipate those circumstances would be rare, we have inserted “that has an HPID” immediately after “health plan” in § 162.510(a) and (b). We consider a health plan as “having an HPID” if that health plan communicates with its trading partners that it consistently uses a particular HPID, even if the HPID it uses is associated with another health plan, such as its controlling health