[Federal Register Volume 63, Number 115 (Tuesday, June 16, 1998)]
[Proposed Rules]
[Pages 32784-32798]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-15782]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of the Secretary
45 CFR Part 142
[HCFA-0047-P]
RIN 0938-AI59
Health Insurance Reform: National Standard Employer Identifier
AGENCY: Health Care Financing Administration (HCFA), HHS.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: This rule proposes a standard for a national employer
identifier and requirements concerning its use by health plans, health
care clearinghouses, and health care providers. The health plans,
health care clearinghouses, and
[[Page 32785]]
health care providers would use the identifier, among other uses, in
connection with certain electronic transactions.
The use of this identifier would improve the Medicare and Medicaid
programs, and other Federal health programs and private health
programs, and the effectiveness and efficiency of the health care
industry in general, by simplifying the administration of the system
and enabling the efficient electronic transmission of certain health
information. It would implement some of the requirements of the
Administrative Simplification subtitle of the Health Insurance
Portability and Accountability Act of 1996.
DATES: Comments will be considered if we receive them at the
appropriate address, as provided below, no later than 5 p.m. on August
17, 1998.
ADDRESSES: Mail written comments (1 original and 3 copies) to the
following address: Health Care Financing Administration, Department of
Health and Human Services, Attention: HCFA-0047-P, P.O. Box 26676,
Baltimore, MD 21207-0519.
If you prefer, you may deliver your written comments (1 original
and 3 copies) to one of the following addresses:
Room 309-G, Hubert H. Humphrey Building, 200 Independence Avenue, SW.,
Washington, DC 20201, or
Room C5-09-26, 7500 Security Boulevard, Baltimore, MD 21244-1850.
Comments may also be submitted electronically to the following e-
mail address: [email protected]. For e-mail and comment
procedures, see the beginning of SUPPLEMENTARY INFORMATION. For
information on ordering copies of the Federal Register containing this
document and on electronic access, see the beginning of SUPPLEMENTARY
INFORMATION.
FOR FURTHER INFORMATION CONTACT: Mary Emerson, (410) 786-7065.
SUPPLEMENTARY INFORMATION:
E-mail Comments, Procedures, Availability of Copies, and Electronic
Access: E-mail comments should include the full name, postal address,
and affiliation (if applicable) of the sender and must be submitted to
the referenced address to be considered. All comments should be
incorporated in the e-mail message because we may not be able to access
attachments. Because of staffing and resource limitations, we cannot
accept comments by facsimile (FAX) transmission. In commenting, please
refer to file code HCFA-0047-P and the specific section or sections of
the proposed rule. Both electronic and written comments received by the
time and date indicated above will be available for public inspection
as they are received, generally beginning approximately 3 weeks after
publication of a document, in Room 309-G of the Department's offices at
200 Independence Avenue, SW., Washington, DC, on Monday through Friday
of each week from 8:30 a.m. to 5 p.m. (phone: (202) 690-7890).
Electronic and legible written comments will also be posted, along with
this proposed rule, at the following web site: http://aspe.os.dhhs.gov/
admnsimp/.
Copies: To order copies of the Federal Register containing this
document, send your request to: New Orders, Superintendent of
Documents, P.O. Box 371954, Pittsburgh, PA 15250-7954. Specify the date
of the issue requested and enclose a check or money order payable to
the Superintendent of Documents, or enclose your Visa or Master Card
number and expiration date. Credit card orders can also be placed by
calling the order desk at (202) 512-1800 or by faxing to (202) 512-
2250. The cost for each copy is $8. As an alternative, you can view and
photocopy the Federal Register document at most libraries designated as
Federal Depository Libraries and at many other public and academic
libraries throughout the country that receive the Federal Register.
This Federal Register document is also available from the Federal
Register online database through GPO Access, a service of the U.S.
Government Printing Office. Free public access is available on a Wide
Area Information Server (WAIS) through the Internet and via
asynchronous dial-in. Internet users can access the database by using
the World Wide Web http://www.access.gpo.gov/nara, by using local WAIS
client software, or by telnet to swais.access.gpo.gov, then login as
guest (no password required). Dial-in users should use communications
software and modem to call (202) 512-1661; type swais, then login as
guest (no password required).
I. Background
[Please label written and e-mailed comments about this section with
the subject: Background.]
When claims are filed, employer information is used by health plans
to identify the employer of the participant in the health plan and to
develop coordination of benefits information.
Employers may transmit information to health plans when enrolling
or disenrolling an employee as a participant in a health plan.
Employers, health care providers, and health plans may need to identify
the source or receiver of eligibility or benefit information. Although
the source or receiver is usually a health plan, it could be an
employer. Employers, health care providers, and health plans may need
to identify the employer when making or keeping track of health plan
premium payments or contributions relating to an employee. In all cases
where information about the employer is transmitted electronically, it
would be beneficial to identify the employer using a standard
identifier.
A. Legislation
The Congress included provisions to address the need for a standard
identifier and other administrative simplification issues in the Health
Insurance Portability and Accountability Act of 1996 (HIPAA), Public
Law 104-191, which was enacted on August 21, 1996. Through subtitle F
of title II of that law, the Congress added to title XI of the Social
Security Act a new part C, entitled ``Administrative Simplification.''
(Public Law 104-191 affects several titles in the United States Code.
Hereafter, we refer to the Social Security Act as the Act; we refer to
the other laws cited in this document by their names.) The purpose of
this part is to improve the Medicare and Medicaid programs in
particular and the efficiency and effectiveness of the health care
system in general by encouraging the development of a health
information system through the establishment of standards and
requirements to facilitate the electronic transmission of certain
health information.
Part C of title XI consists of sections 1171 through 1179 of the
Act. These sections define various terms and impose several
requirements on HHS, health plans, health care clearinghouses, and
certain health care providers concerning electronic transmission of
health information.
The first section, section 1171 of the Act, establishes definitions
for purposes of part C of title XI for the following terms: code set,
health care clearinghouse, health care provider, health information,
health plan, individually identifiable health information, standard,
and standard setting organization.
Section 1172 of the Act makes any standard adopted under part C
applicable to (1) all health plans, (2) all health care clearinghouses,
and (3) any health care providers that transmit any health information
in electronic form in connection with the transactions referred to in
section 1173(a)(1) of the Act.
[[Page 32786]]
This section also contains requirements concerning standard
setting.
The Secretary may adopt a standard developed, adopted, or
modified by a standard setting organization (that is, an organization
accredited by the American National Standards Institute (ANSI)) that
has consulted with the National Uniform Billing Committee (NUBC), the
National Uniform Claim Committee (NUCC), the Workgroup on Electronic
Data Interchange (WEDI), and the American Dental Association (ADA).
The Secretary may also adopt a standard other than one
established by a standard setting organization, if the different
standard will reduce costs for health care providers and health plans,
the different standard is promulgated through negotiated rulemaking
procedures, and the Secretary consults with each of the above-named
groups.
If no standard has been adopted by any standard setting
organization, the Secretary is to rely on the recommendations of the
National Committee on Vital and Health Statistics (NCVHS) and consult
with each of the above-named groups.
In complying with the requirements of part C of title XI, the
Secretary must rely on the recommendations of the NCVHS, consult with
appropriate State, Federal, and private agencies or organizations, and
publish the recommendations of the NCVHS in the Federal Register.
Paragraph (a) of section 1173 of the Act requires that the
Secretary adopt standards for financial and administrative
transactions, and data elements for those transactions, to enable
health information to be exchanged electronically. Standards are
required for the following transactions: health claims, health
encounter information, health claims attachments, health plan
enrollments and disenrollments, health plan eligibility, health care
payment and remittance advice, health plan premium payments, first
report of injury, health claim status, and referral certification and
authorization. In addition, the Secretary is required to adopt
standards for any other financial and administrative transactions that
are determined to be appropriate by the Secretary.
Paragraph (b) of section 1173 of the Act requires the Secretary to
adopt standards for unique health identifiers for all individuals,
employers, health plans, and health care providers and requires further
that the adopted standards specify for what purposes unique health
identifiers may be used.
Paragraphs (c) through (f) of section 1173 of the Act require the
Secretary to establish standards for code sets for each data element
for each health care transaction listed above, security standards for
health care information systems, standards for electronic signatures
(established together with the Secretary of Commerce), and standards
for the transmission of data elements needed for the coordination of
benefits and sequential processing of claims. Compliance with
electronic signature standards will be deemed to satisfy both State and
Federal requirements for written signatures with respect to the
transactions listed in paragraph (a) of section 1173 of the Act.
In section 1174 of the Act, the Secretary is required to adopt
standards for all of the above transactions, except claims attachments,
within 18 months of enactment. The standards for claims attachments
must be adopted within 30 months. Generally, after a standard is
established it cannot be changed during the first year except for
changes that are necessary to permit compliance with the standard.
Modifications to any of these standards may be made after the first
year, but not more frequently than once every 12 months. The Secretary
must also ensure that procedures exist for the routine maintenance,
testing, enhancement, and expansion of code sets and that there are
crosswalks from prior versions.
Section 1175 of the Act prohibits health plans from refusing to
process or delaying the processing of a transaction that is presented
in standard format. The Act's requirements are not limited to health
plans; however, each person to whom a standard or implementation
specification applies is required to comply with the standard within 24
months (or 36 months for small health plans) of its adoption. A health
plan or other entity may, of course, comply voluntarily before the
effective date. Entities may comply by using a health care
clearinghouse to transmit or receive the standard transactions.
Compliance with modifications and implementation specifications to
standards must be accomplished by a date designated by the Secretary.
This date may not be earlier than 180 days after the notice of change.
Section 1176 of the Act establishes a civil monetary penalty for
violation of the provisions in part C of title XI of the Act, subject
to several limitations. The Secretary is required by statute to impose
penalties of not more than $100 per violation on any person who fails
to comply with a standard, except that the total amount imposed on any
one person in each calendar year may not exceed $25,000 for violations
of one requirement. The procedural provisions in section 1128A of the
Act, ``Civil Monetary Penalties,'' are applicable.
Section 1177 of the Act establishes penalties for a knowing misuse
of unique health identifiers and individually identifiable health
information: (1) A fine of not more than $50,000 and/or imprisonment of
not more than 1 year; (2) if misuse is ``under false pretenses,'' a
fine of not more than $100,000 and/or imprisonment of not more than 5
years; and (3) if misuse is with intent to sell, transfer, or use
individually identifiable health information for commercial advantage,
personal gain, or malicious harm, a fine of not more than $250,000 and/
or imprisonment of not more than 10 years.
Under section 1178 of the Act, the provisions of part C of title XI
of the Act, as well as any standards established under them, supersede
any State law that is contrary to them. However, the Secretary may, for
statutorily specified reasons, waive this provision.
Finally, section 1179 of the Act makes the above provisions
inapplicable to financial institutions or anyone acting on behalf of a
financial institution when ``authorizing, processing, clearing,
settling, billing, transferring, reconciling, or collecting payments
for a financial institution.'' Although the provisions of the law are
inapplicable to financial institutions when they are carrying out the
listed financial functions, the provisions are applicable to financial
institutions when they perform the functions of health care
clearinghouses.
Concerning this last provision, the conference report, in its
discussion on section 1178, states:
The conferees do not intend to exclude the activities of
financial institutions or their contractors from compliance with the
standards adopted under this part if such activities would be
subject to this part. However, conferees intend that this part does
not apply to use or disclosure of information when an individual
utilizes a payment system to make a payment for, or related to,
health plan premiums or health care. For example, the exchange of
information between participants in a credit card system in
connection with processing a credit card payment for health care
would not be covered by this part. Similarly sending a checking
account statement to an account holder who uses a credit or debit
card to pay for health care services, would not be covered by this
part. However, this part does apply if a company clears health care
claims, the health care claims activities remain subject to the
requirements of this part.'') (H.R. Rep. No. 736, 104th Cong., 2nd
Sess. (1996) reprinted in 1996 U.S.C.C.A.N. 264, 265)
[[Page 32787]]
B. Process for Developing National Standards
The Secretary has formulated a 5-part strategy for developing and
implementing the standards mandated under Part C of title XI of the
Act:
1. To ensure necessary interagency coordination and required
interaction with other Federal departments and the private sector,
establish interdepartmental implementation teams to identify and assess
potential standards for adoption. The subject matter of the teams
includes claims/encounters, identifiers, enrollment/eligibility,
systems security, and medical coding/classification. Another team
addresses cross-cutting issues and coordinates the subject matter
teams. The teams consult with external groups such as the NCVHS'
Workgroup on Data Standards, WEDI, ANSI's Healthcare Informatics
Standards Board, the NUCC, the NUBC, and the ADA. The teams are charged
with developing regulations and other necessary documents and making
recommendations for the various standards to the HHS' Data Council
through its Committee on Health Data Standards. (The HHS Data Council
is the focal point for consideration of data policy issues. It reports
directly to the Secretary and advises the Secretary on data standards
and privacy issues.)
2. Develop recommendations for standards to be adopted.
3. Publish proposed rules in the Federal Register describing the
standards. Each proposed rule provides the public with a 60-day comment
period.
4. Analyze public comments and publish the final rules in the
Federal Register.
5. Distribute standards and coordinate preparation and distribution
of implementation guides.
This strategy affords many opportunities for involvement of
interested and affected parties in standards development and adoption:
Participate with standards development organizations.
Provide written input to the NCVHS.
Provide written input to the Secretary of HHS.
Provide testimony at NCVHS' public meetings.
Comment on the proposed rules for each of the proposed
standards.
Invite HHS staff to meetings with public and private
sector organizations or meet directly with senior HHS staff involved in
the implementation process.
The implementation teams charged with reviewing standards for
designation as required national standards under the statute have
defined, with significant input from the health care industry, a set of
principles for guiding choices for the standards to be adopted by the
Secretary. These principles are based on direct specifications in HIPAA
and the purpose of the law, principles that support the regulatory
philosophy set forth in Executive Order 12866 and the Paperwork
Reduction Act of 1995. To be designated as an HIPAA standard, each
standard should:
1. Improve the efficiency and effectiveness of the health care
system by leading to cost reductions for or improvements in benefits
from electronic health care transactions.
2. Meet the needs of the health data standards user community,
particularly health care providers, health plans, and health care
clearinghouses.
3. Be consistent and uniform with the other HIPAA standards--their
data element definitions and codes and their privacy and security
requirements--and, secondarily, with other private and public sector
health data standards.
4. Have low additional development and implementation costs
relative to the benefits of using the standard.
5. Be supported by an ANSI-accredited standards developing
organization or other private or public organization that will ensure
continuity and efficient updating of the standard over time.
6. Have timely development, testing, implementation, and updating
procedures to achieve administrative simplification benefits faster.
7. Be technologically independent of the computer platforms and
transmission protocols used in electronic transactions, except when
they are explicitly part of the standard.
8. Be precise and unambiguous, but as simple as possible.
9. Keep data collection and paperwork burdens on users as low as is
feasible.
10. Incorporate flexibility to adapt more easily to changes in the
health care infrastructure (such as new services, organizations, and
provider types) and information technology.
A master data dictionary providing for common data definitions
across the standards selected for implementation under HIPAA will be
developed and maintained. We intend for the data element definitions to
be precise, unambiguous, and consistently applied. The transaction-
specific reports and general reports from the master data dictionary
will be readily available to the public. At a minimum, the information
presented will include data element names, definitions, and appropriate
references to the transactions where they are used.
This proposed rule would establish the standard health care
employer identifier. We anticipate publishing several regulations
documents altogether to promulgate the various standards required under
the HIPAA. The other proposed regulations cover security standards, the
transactions specified in the Act, and the other three identifiers.
II. Provisions of the Proposed Regulations
[Please label written and e-mailed comments about this section with
the subject: Provisions.]
In this proposed rule, we propose a standard employer identifier
and requirements concerning its implementation. This rule would
establish requirements that health plans, health care clearinghouses,
and health care providers would have to meet to comply with the
statutory requirement to use a unique employer identifier in electronic
transactions.
We propose to add a new part to title 45 of the Code of Federal
Regulations for health plans, health care providers, and health care
clearinghouses in general. The new part would be part 142 of title 45
and would be titled ``Administrative Requirements.'' Subpart F would
contain provisions specific to the employer identifier.
A. Applicability
Section 262 of HIPAA applies to any health plans, any health care
clearinghouses, and any health care provider that transmits any health
information in electronic form in connection with transactions referred
to in section 1173(a)(1) of the Act. Our proposed rules (at 45 CFR
142.102) would apply to the health plans and health care clearinghouses
as well, but we would clarify the statutory language in our regulations
for health care providers: we would have the regulations apply to any
health care provider only when electronically transmitting any of the
transactions to which section 1173(a)(1) of the Act refers.
Electronic transmissions would include transmissions using all
media, even when the transmission is physically moved from one location
to another using magnetic tape, disk, or CD media. Transmissions over
the Internet (wide-open), Extranet (using Internet technology to link a
business with information only accessible to collaborating parties),
leased lines, dial-up lines, and private networks are all
[[Page 32788]]
included. Telephone voice response and ``faxback'' systems would not be
included. The ``HTML'' interaction between a server and a browser by
which the elements of a transaction are solicited from a user would not
be included, but once assembled into a transaction by the server,
transmission of the full transaction to another corporate entity, such
as a health plan, would be required to comply.
Our regulations would apply to health care clearinghouses when
transmitting transactions to, and receiving transactions from, a health
care provider or health plan that transmits and receives standard
transactions (as defined under ``transaction'') and at all times when
transmitting to or receiving electronic transactions from another
health care clearinghouse. The law would apply to each health care
provider when transmitting or receiving any electronic transaction.
The law applies to health plans for all transactions.
Section 142.104 would contain the following provisions (from
section 1175 of the Act):
If a person desires to conduct a transaction (as defined in
Sec. 142.103) with a health plan as a standard transaction, the
following apply:
(1) The health plan may not refuse to conduct the transaction as a
standard transaction.
(2) The health plan may not delay the transaction or otherwise
adversely affect, or attempt to adversely affect, the person or the
transaction on the ground that the transaction is a standard
transaction.
(3) The information transmitted and received in connection with the
transaction must be in the form of standard data elements of health
information.
As a further requirement, we would require that a health plan that
conducts transactions through an agent assure that the agent meets all
the requirements of part 142 that apply to the health plan.
Section 142.105 would state that a person or other entity may meet
the requirements of Sec. 142.104 by either--
(1) Transmitting and receiving standard data elements, or
(2) Submitting nonstandard data elements to a health care
clearinghouse for processing into standard data elements and
transmission by the health care clearinghouse and receiving standard
data elements through the clearinghouse.
Health care clearinghouses would be able to accept nonstandard
transactions for the sole purpose of translating them into standard
transactions for sending customers and would be able to accept standard
transactions and translate them into nonstandard formats for receiving
customers. We would state in Sec. 142.105 that the transmission of
nonstandard transactions, under contract, between a health plan or a
health care provider and a health care clearinghouse would not violate
the law.
Transmissions within a corporate entity would not be required to
comply with the standards. For example, a hospital that is wholly owned
by a managed care company would not have to use the standards to pass
encounter information back to the home office, but it would have to use
the standard claims transaction to submit a claim to another health
plan.
Although there are situations in which the use of the standards is
not required (for example, health care providers may continue to submit
paper claims and employers are not required to use any of the standard
transactions), we stress that a standard may be used voluntarily in any
situation in which it is not required.
B. Definitions
Section 1171 of the Act defines several terms and our proposed
rules would, for the most part, simply restate the law. The terms that
we are defining in this proposed rule follow:
1. Code Set
We would define ``code set'' as section 1171(1) of the Act does:
``code set'' means any set of codes used for encoding data elements,
such as tables of terms, medical concepts, medical diagnostic codes, or
medical procedure codes.
2. Employer
We would define ``employer'' as 26 U.S.C. 3401(d) does:
``employer'' means the person for whom an individual performs or
performed any service, of whatever nature, as the employee of that
person or organization, except that:
a. If the person for whom the individual performs or performed the
services does not have control of the payment of wages for those
services, the term ``employer'' means the person having control of the
payment of those wages; and
b. In the case of a person paying wages on behalf of a nonresident
alien individual, foreign partnership, or foreign corporation, not
engaged in trade or business within the United States, the term
``employer'' means that person.
3. Health Care Clearinghouse
We would define ``health care clearinghouse'' as section 1171(2) of
the Act does, but we are adding a further, clarifying sentence. The
statute defines a ``health care clearinghouse'' as a public or private
entity that processes or facilitates the processing of nonstandard data
elements of health information into standard data elements. We would
further explain that such an entity is one that currently receives
health care transactions from health care providers and other entities,
translates the data from a given format into one acceptable to the
intended recipient and forwards the processed transaction to
appropriate health plans and other clearinghouses, as necessary, for
further action.
There are currently a number of private clearinghouses that perform
these functions for health care providers. For purposes of this rule,
we would consider billing services, repricing companies, community
health management information systems or community health information
systems, value-added networks, and switches performing these functions
to be health care clearinghouses.
4. Health Care Provider
As defined by section 1171(3) of the Act, a ``health care
provider'' is a provider of services as defined in section 1861(u) of
the Act, a provider of medical or other health services as defined in
section 1861(s) of the Act, and any other person who furnishes health
care services or supplies. Our regulations would define ``health care
provider'' as the statute does and clarify that the definition of a
health care provider is limited to those entities that furnish, or bill
and are paid for, health care services in the normal course of
business.
For a more detailed discussion of the definition of health care
provider, we refer the reader to our proposed rule, HCFA-0045-P,
Standard Health Care Provider Identifier, published on May 7, 1998 (63
FR 25320).
5. Health Information
``Health information,'' as defined in section 1171 of the Act,
means any information, whether oral or recorded in any form or medium,
that--
Is created or received by a health care provider, health
plan, public health authority, employer, life insurer, school or
university, or health care clearinghouse; and
Relates to the past, present, or future physical or mental
health or condition of an individual; the provision of health care to
an individual; or the past, present, or future payment for the
provision of health care to an individual.
[[Page 32789]]
We propose the same definition for our regulations.
6. Health Plan
We propose that a ``health plan'' be defined essentially as section
1171 of the Act defines it. Section 1171 of the Act cross refers to
definitions in section 2791 of the Public Health Service Act (as added
by Public Law 104-191, 42 U.S.C. 300gg-91); we would incorporate those
definitions as currently stated into our proposed definitions for the
convenience of the public. We note that many of these terms are defined
in other statutes, such as the Employee Retirement Income Security Act
of 1974 (ERISA), Public Law 93-406, 29 U.S.C. 1002(7) and the Public
Health Service Act. Our definitions are based on the roles of plans in
conducting administrative transactions, and any differences should not
be construed to affect other statutes.
For purposes of implementing the provisions of administrative
simplification, a ``health plan'' would be an individual or group
health plan that provides, or pays the cost of, medical care. This
definition includes, but is not limited to, the 13 types of plans
listed in the statute. On the other hand, plans such as property and
casualty insurance plans and workers compensation plans, which may pay
health care costs in the course of administering nonhealth care
benefits, are not considered to be health plans in the proposed
definition of health plan. Of course, these plans may voluntarily adopt
these standards for their own business needs. At some future time, the
Congress may choose to expressly include some or all of these plans in
the list of health plans that must comply with the standards.
Health plans often carry out their business functions through
agents, such as plan administrators (including third party
administrators), entities that are under ``administrative services
only'' (ASO) contracts, claims processors, and fiscal agents. These
agents may or may not be health plans in their own right; for example,
a health plan may act as another health plan's agent as another line of
business. As stated earlier, a health plan that conducts HIPAA
transactions through an agent is required to assure that the agent
meets all HIPAA requirements that apply to the plan itself.
``Health plan'' includes the following, singly or in combination:
a. ``Group health plan'' (as currently defined by section 2791(a)
of the Public Health Service Act). A group health plan is a plan that
has 50 or more participants (as the term ``participant'' is currently
defined by section 3(7) of ERISA) or is administered by an entity other
than the employer that established and maintains the plan. This
definition includes both insured and self-insured plans. We define
``participant'' separately below.
Section 2791(a)(1) of the Public Health Service Act defines ``group
health plan'' as an employee welfare benefit plan (as currently defined
in section 3(1) of ERISA) to the extent that the plan provides medical
care, including items and services paid for as medical care, to
employees or their dependents directly or through insurance, or
otherwise.
It should be noted that group health plans that have fewer than 50
participants and that are administered by the employer would be
excluded from this definition and would not be subject to the
administrative simplification provisions of HIPAA.
b. ``Health insurance issuer'' (as currently defined by section
2791(b) of the Public Health Service Act).
Section 2791(b)(2) of the Public Health Service Act currently
defines a ``health insurance issuer'' as an insurance company,
insurance service, or insurance organization that is licensed to engage
in the business of insurance in a State and is subject to State law
that regulates insurance.
c. ``Health maintenance organization'' (as currently defined by
section 2791(b) of the Public Health Service Act).
Section 2791(b) of the Public Health Service Act currently defines
a ``health maintenance organization'' as a Federally qualified health
maintenance organization, an organization recognized as such under
State law, or a similar organization regulated for solvency under State
law in the same manner and to the same extent as such a health
maintenance organization. These organizations may include preferred
provider organizations, provider sponsored organizations, independent
practice associations, competitive medical plans, exclusive provider
organizations, and foundations for medical care.
d. Part A or Part B of the Medicare program (title XVIII of the
Act).
e. The Medicaid program (title XIX of the Act).
f. A ``Medicare supplemental policy'' as defined under section
1882(g)(1) of the Act.
Section 1882(g)(1) of the Act defines a ``Medicare supplemental
policy'' as a health insurance policy that a private entity offers a
Medicare beneficiary to provide payment for expenses incurred for
services and items that are not reimbursed by Medicare because of
deductible, coinsurance, or other limitations under Medicare. The
statutory definition of a Medicare supplemental policy excludes a
number of plans that are generally considered to be Medicare
supplemental plans, such as health plans for employees and former
employees and for members and former members of trade associations and
unions. A number of these health plans may be included under the
definitions of ``group health plan'' or ``health insurance issuer'', as
defined in a. and b. above.
g. A ``long-term care policy,'' including a nursing home fixed-
indemnity policy. A ``long-term care policy'' is considered to be a
health plan regardless of how comprehensive it is. We recognize the
long-term care insurance segment of the industry is largely unautomated
and we welcome comments regarding the impact of HIPAA on the long-term
care segment.
h. An employee welfare benefit plan or any other arrangement that
is established or maintained for the purpose of offering or providing
health benefits to the employees of two or more employers. This
includes plans and other arrangements that are referred to as multiple
employer welfare arrangements (``MEWAs'') as defined in section 3(40)
of ERISA.
i. The health care program for active military personnel under
title 10 of the United States Code.
j. The veterans health care program under chapter 17 of title 38 of
the United States Code.
This health plan primarily furnishes medical care through hospitals
and clinics administered by the Department of Veterans Affairs for
veterans with a service-connected disability that is compensable.
Veterans with non-service-connected disabilities (and no other health
benefit plan) may receive health care under this health plan to the
extent resources and facilities are available.
k. The Civilian Health and Medical Program of the Uniformed
Services (CHAMPUS), as defined in 10 U.S.C. 1072(4).
CHAMPUS primarily covers services furnished by civilian medical
providers to dependents of active duty members of the uniformed
services and retirees and their dependents under age 65.
l. The Indian Health Service program under the Indian Health Care
Improvement Act (25 U.S.C. 1601 et seq.).
This program furnishes services, generally through its own health
care providers, primarily to persons who are eligible to receive
services because they are of American Indian or Alaskan Native descent.
[[Page 32790]]
m. The Federal Employees Health Benefits Program under 5 U.S.C.
chapter 89.
This program consists of health insurance plans offered to active
and retired Federal employees and their dependents. Depending on the
health plan, the services may be furnished on a fee-for-service basis
or through a health maintenance organization.
(Note: Although section 1171(5)(M) of the Act refers to the
``Federal Employees Health Benefit Plan,'' this and any other rules
adopting administrative simplification standards will use the
correct name, the Federal Employees Health Benefits Program. One
health plan does not cover all Federal employees; there are over 350
health plans that provide health benefits coverage to Federal
employees, retirees, and their eligible family members. Therefore,
we will use the correct name, the Federal Employees Health Benefits
Program, to make clear that the administrative simplification
standards apply to all health plans that participate in the
Program.)
n. Any other individual or group health plan, or combination
thereof, that provides or pays for the cost of medical care.
We would include a fourteenth category of health plan in addition
to those specifically named in HIPAA, as there are health plans that do
not readily fit into the other categories but whose major purpose is
providing health benefits. The Secretary would determine which of these
plans are health plans for purposes of title II of HIPAA. This category
would include the Medicare Plus Choice plans that will become available
as a result of section 1855 of the Act as amended by section 4001 of
the Balanced Budget Act of 1997 (Public Law 105-33) to the extent that
these health plans do not fall under any other category.
7. Medical Care
``Medical care,'' which is used in the definition of health plan,
would be defined as current section 2791 of the Public Health Service
Act defines it: the diagnosis, cure, mitigation, treatment, or
prevention of disease, or amounts paid for the purpose of affecting any
body structure or function of the body; amounts paid for transportation
primarily for and essential to these items; and amounts paid for
insurance covering the items and the transportation specified in this
definition.
8. Participant
We would define the term ``participant'' as section 3(7) of ERISA
currently defines it: a ``participant'' is any employee or former
employee of an employer, or any member or former member of an employee
organization, who is or may become eligible to receive a benefit of any
type from an employee benefit plan that covers employees of such an
employer or members of such an organization, or whose beneficiaries may
be eligible to receive any of these benefits. An ``employee'' would
include an individual who is treated as an employee under section
401(c)(1) of the Internal Revenue Code of 1986 (26 U.S.C. 401(c)(1)).
9. Small Health Plan
We would define a ``small health plan'' as a group health plan or
individual health plan with fewer than 50 participants.
The HIPAA does not define a ``small health plan'' but instead
leaves the definition to be determined by the Secretary. The Conference
Report suggests that the appropriate definition of a ``small health
plan'' is found in current section 2791(a) of the Public Health Service
Act, which is a group health plan with fewer than 50 participants. We
would also define small individual health plans as those with fewer
than 50 participants.
10. Standard
Section 1171 of the Act defines ``standard,'' when used with
reference to a data element of health information or a transaction
referred to in section 1173(a)(1) of the Act, as any such data element
or transaction that meets each of the standards and implementation
specifications adopted or established by the Secretary with respect to
the data element or transaction under sections 1172 through 1174 of the
Act.
Under our definition, a standard would be a set of rules for a set
of codes, data elements, transactions, or identifiers promulgated
either by an organization accredited by the American National Standards
Institute or HHS for the electronic transmission of health information.
11. Transaction
``Transaction'' would mean the exchange of information between two
parties to carry out financial and administrative activities related to
health care. A transaction would be any of the transactions listed in
section 1173(a)(2) of the Act and any determined appropriate by the
Secretary in accordance with section 1173(a)(1)(B) of the Act. We
present them below in the order in which we propose to list them in the
regulations text to thisdocument and in the regulations document for
proposed standards for these transactions that we will publish later.
A ``transaction'' would mean any of the following:
a. Health claims or equivalent encounter information. This
transaction may be used to submit health care claim billing
information, encounter information, or both, from health care providers
to health plans, either directly or via intermediary billers and claims
clearinghouses.
b. Health care payment and remittance advice. This transaction may
be used by a health plan to make a payment to a financial institution
for a health care provider (sending payment only), to send an
explanation of benefits or a remittance advice directly to a health
care provider (sending data only), or to make payment and send an
explanation of benefits remittance advice to a health care provider via
a financial institution (sending both payment and data).
c. Coordination of benefits. This transaction can be used to
transmit health care claims and billing payment information between
health plans with different payment responsibilities where coordination
of benefits is required or between health plans and regulatory agencies
to monitor the rendering, billing, and/or payment of health care
services within a specific health care/insurance industry segment.
In addition to the nine electronic transactions specified in
section 1173(a)(2) of the Act, section 1173(f) directs the Secretary to
adopt standards for transferring standard data elements among health
plans for coordination of benefits and sequential processing of claims.
This particular provision does not state that these should be standards
for electronic transfer of standard data elements among health plans.
However, we believe that the Congress, when writing this provision,
intended for these standards to apply to the electronic form of
transactions for coordination of benefits and sequential processing of
claims. The Congress expressed its intent on these matters generally in
section 1173(a)(1)(B), where the Secretary is directed to adopt ``other
financial and administrative transactions . . . consistent with the
goals of improving the operation of the health care system and reducing
administrative costs''. Adoption of a standard for electronic
transmission of standard data elements among health plans for
coordination of benefits and sequential processing of claims would
serve these goals expressed by the Congress.
[[Page 32791]]
d. Health claim status. This transaction may be used by health care
providers and recipients of health care products or services (or their
authorized agents) to request the status of a health care claim or
encounter from a health plan.
e. Enrollment and disenrollment in a health plan. This transaction
may be used to establish communication between the sponsor of a health
benefit and the health plan. It provides enrollment data, such as
subscriber and dependents, employer information, and primary care
health care provider information. The sponsor is the backer of the
coverage, benefit, or product. A sponsor can be an employer, union,
government agency, association, or insurance company. The health plan
refers to an entity that pays claims, administers the insurance product
or benefit, or both.
f. Eligibility for a health plan. This transaction may be used to
inquire about the eligibility, coverage, or benefits associated with a
benefit plan, employer, plan sponsor, subscriber, or a dependent under
the subscriber's policy. It also can be used to communicate information
about or changes to eligibility, coverage, or benefits from information
sources (such as insurers, sponsors, and health plans) to information
receivers (such as physicians, hospitals, third party administrators,
and government agencies).
g. Health plan premium payments. This transaction may be used by,
for example, employers, employees, unions, and associations to make and
keep track of payments of health plan premiums to their health
insurers. This transaction may also be used by a health care provider,
acting as liaison for the beneficiary, to make payment to a health
insurer for coinsurance, copayments, and deductibles.
h. Referral certification and authorization. This transaction may
be used to transmit health care service referral information between
primary care health care providers, health care providers furnishing
services, and health plans. It can also be used to obtain authorization
for certain health care services from a health plan.
i. First report of injury. This transaction may be used to report
information pertaining to an injury, illness, or incident to entities
interested in the information for statistical, legal, claims, and risk
management processing requirements.
j. Health claims attachments. This transaction may be used to
transmit health care service information, such as subscriber, patient,
demographic, diagnosis, or treatment data for the purpose of a request
for review, certification, notification, or reporting the outcome of a
health care services review.
k. Other transactions as the Secretary may prescribe by regulation.
Under section 1173(a)(1)(B) of the Act, the Secretary shall adopt
standards, and data elements for those standards, for other financial
and administrative transactions deemed appropriate by the Secretary.
These transactions would be consistent with the goals of improving the
operation of the health care system and reducing administrative costs.
C. Effective Dates--General
In general, any given standard would be effective 24 months after
the effective date (36 months for small health plans) of the final rule
for that standard. Because there are other standards to be established
than those in this proposed rule, we specify the date for a given
standard under the subpart for that standard.
If HHS adopts a modification to an implementation specification or
a standard, the implementation date of the modification would be no
earlier than the 180th day following the adoption of the modification.
HHS would determine the actual date, taking into account the time
needed to comply due to the nature and extent of the modification. HHS
would be able to extend the time for compliance for small health plans.
This provision would be at Sec. 142.106.
The law does not address scheduling of implementation of the
standards; it gives only a date by which all concerned must comply. As
a result, any of the health plans, health care clearinghouses, and
health care providers may implement a given standard earlier than the
date specified in the subpart created for that standard. We realize
that this may create some problems temporarily, as early implementers
would have to be able to continue using old standards until the new
ones must, by law, be in place.
At the WEDI Healthcare Leadership Summit held on August 15, 1997,
it was recommended that health care providers not be required to use
any of the standards during the first year after the adoption of the
standard. However, willing trading partners could implement any or all
of the standards by mutual agreement at any time during the 2-year
implementation phase (3-year implementation phase for small health
plans). In addition, it was recommended that a health plan give its
health care providers at least 6 months notice before requiring them to
use a given standard.
We welcome comments specifically on early implementation as to the
extent to which it would cause problems and how any problems might be
alleviated.
D. Employer Identifier Standard
[Please label written and e-mailed comments about this section with the
subject: EIN STANDARD.]
Section 142.602, Employer identifier standard, would contain the
employer identifier standard. There is no recognized standard for
employer identification as defined in the law. That is, there is no
standard that has been developed, adopted, or modified by a standard
setting organization after consultation with the National Uniform
Billing Committee, the National Uniform Claim Committee, WEDI, and the
American Dental Association. Therefore, we would designate a new
standard.
We are proposing as the standard the employer identification number
(EIN), which is assigned by the Internal Revenue Service (IRS),
Department of the Treasury.
The EIN is defined in 26 CFR 301.7701-12. We would define
``Employer identification number'' (EIN) as 26 CFR 301.7701-12 does:
``Employer identification number'' is the taxpayer identifying number
of an individual or other person (whether or not an employer) that is
assigned pursuant to 26 U.S.C. 6011(b) or corresponding provisions of
prior law, or pursuant to 26 U.S.C. 6109, and in which nine digits are
separated by a hyphen, as follows: 00-0000000.
1. Selection Criteria
The implementation team used the criteria described in section
I.B., Process for Developing National Standards, to evaluate the EIN as
a candidate for the employer identifier standard.
Criteria #1, #2, #4, and #6--The team found that the EIN met these
criteria in that it is a nationally defined and assigned employer
identifier and is the most widely used employer identifier in the
United States.
Criteria #3 and #5--The team found that the EIN met these criteria
in that it is an identifier that is already in use in the Accredited
Standards Committee (ASC) X12N Insurance Subcommittee electronic
transactions that require an employer identifier, including the
transactions used for the Health Claim, Enrollment and Disenrollment in
a Health Plan, Eligibility for a Health Plan, and Health Plan Premium
Payment.
Criterion #7--The team found that the EIN met criterion #7 in that
it is technologically independent of
[[Page 32792]]
computer platforms and transmission protocols.
Criterion #8--The team found that the EIN met criterion #8 in that
it is a relatively short identifier that would fit into many existing
formats.
Criterion #9--The team found that the EIN met criterion #9 in that
it is an identifier already assigned to each employer for tax
identification purposes. Its adoption as a standard would not result in
additional data collection or paperwork burdens on users.
Criterion #10--The team found that the EIN met criterion #10 in
that it is flexible enough to identify any employer, regardless of
services, organization, or provider type.
2. Other Identifiers
We initially considered whether the PAYERID, the 9 position numeric
identifier developed by HCFA as the unique identifier for health plans,
could be used as the employer identifier. Since all employers are
already enumerated by EIN, an entirely new employer identifier would
require everyone to convert to a new identifier in addition to the EIN,
which would still be used. Another key drawback to the use of the
PAYERID as the employer identifier is the fact that the PAYERID
numbering scheme does not have sufficient numbers available to
enumerate all health plans and all employers. In addition, PAYERID's
data capabilities were developed based on the data requirements for
health plans, which are not the same as those for employers. Based on
these limitations, the team believed that the PAYERID would not meet
criteria #1, #2, #4, #9, and #10 and would not be acceptable as a
candidate for the employer identifier.
The EIN is the most widely used employer identifier in the claim,
enrollment and disenrollment for a health plan, eligibility for a
health plan and health plan premium payment transactions. The D-U-N-S
number and the D-U-N-S+4 number, maintained by Dun & Bradstreet, are
sometimes used to identify business entities including employers in
these transactions (primarily in premium payment transactions), but the
EIN is used to a far greater extent than any other identifier to
identify the employer of a participant. Since the D-U-N-S and D-U-N-S+4
numbers were not widely used in the claim, the enrollment and
disenrollment in a health plan, and the eligibility for a health plan
transactions, the team believed that these numbers did not meet
criteria #1, #2, #4, and #9 and were less appropriate than the EIN as
candidates for the employer identifier.
Because of the widespread use of the EIN to identify the employer
in health transactions, we selected the EIN as the national employer
identifier standard for use in those electronic health transactions
that require an employer identifier.
Since the IRS is responsible for issuing the EIN, we consulted with
the IRS on the legality and feasibility of using the EIN as the
standard employer identifier for electronic health transactions. On
September 11, 1997, we forwarded our request for IRS concurrence, and
on January 16, 1998, IRS concurred.
Although the EIN is not confidential, some employers may not wish
to supply the EIN because it is their tax identifying number. We
welcome comments on this issue and on any other possible problems that
the use of the EIN would cause for employers or others who would need
to obtain and use the EIN in their electronic health transactions.
E. Requirements
[Please label written and e-mailed comments about this section with
the subject: Requirements]
We note that the law does not bind employers to use the standard.
However, providers, health plans, and health care clearinghouses are
bound to use the standard in electronic health transactions. Any
individual or other entity that needs to know an employer's EIN for use
in electronic health transactions would obtain it directly from the
employer. The EIN is not considered confidential and it may be freely
used and exchanged by employers and others.
1. Health Plans
In Sec. 142.604, Requirements: Health plans, we would require
health plans to accept the EIN on all electronic transactions and
transmit the EIN on all electronic transactions that require an
employer identifier. Federal agencies and States may place additional
requirements on their health plans.
2. Health care clearinghouses
We would require in Sec. 142.606 that each health care
clearinghouse use the EIN on all electronic transactions that require
an employer identifier.
3. Health care providers
In Sec. 142.608, Requirements: Health care providers, we would
require each health care provider to use the EIN on all transactions,
wherever required, that are electronically transmitted.
4. Employers
In Sec. 142.610, Requirements: Employers, we would require each
employer to disclose its EIN, when requested, to any entity that
conducts standard electronic transactions that require that employer's
identifier.
We believe the authority to require employers to disclose their
EINs to entities that are required to use these numbers in electronic
health care transactions is implicit in the statutory directive to the
Secretary to adopt an employer identification number for use in the
health care system. We note that we have been unable to identify any
reason for an employer to refuse to furnish the number to an entity
that conducts electronic health care transactions since the EIN, unlike
the social security number, is not information about a person. We note
too that access to the EIN does not give access to specific tax
information.
F. Effective Dates of the Employer Identifier
Health plans would be required to comply with our requirements as
follows:
1. Each health plan that is not a small health plan would have to
comply with the requirements of Secs. 142.104 and 142.604 no later than
24 months after publication of the final rule.
2. Each small health plan would have to comply with the
requirements of Secs. 142.104 and 142.604 no later than 36 months after
the date of publication of the final rule.
3. If HHS adopts a modification to a standard or implementation
specification, the implementation date of the modification would be no
earlier than the 180th day following the adoption of the modification.
HHS would determine the actual date, taking into account the time
needed to comply due to the nature and extent of the modification. HHS
would be able to extend the time for compliance for small health plans.
Failure to comply with standards may well result in monetary
penalties. The Secretary is required by statute to impose penalties of
not more than $100 per violation on any person who fails to comply with
a standard, except that the total amount imposed on any one person in
each calendar year may not exceed $25,000 for violations of one
requirement. We will propose enforcement procedures in a future Federal
Register document once the industry has more experience with using the
standards.
[[Page 32793]]
III. Implementation of the Employer Identification Standard
[Please label written and e-mailed comments about this section with
the subject: Implementation]
A. Obtaining an EIN
The Internal Revenue Service maintains the process for assigning
EINs. A business can obtain an EIN by submitting, to the Internal
Revenue Service, Internal Revenue Service Form SS-4, Application for
Employer Identification Number. Any business that pays wages to one or
more employees is required to have an EIN as its tax identifying
number. A sole proprietor who has no employees and who files no excise
or pension tax returns is the only business person who does not need to
have an EIN as the tax identifying number. We believe that there would
be few, if any, employers that would not have an EIN for tax
identifying purposes.
The EIN is currently the employer identifier in most widespread use
in the health claim, the enrollment and disenrollment in a health plan,
the eligibility for a health plan, and the health plan premium payment
transactions. If they conduct administrative health transactions
electronically, health care providers, health care clearinghouses, and
health plans would have to obtain and use the EIN on all electronic
transactions that require an employer identifier. Employers are not
required by subtitle F of HIPAA to use the EIN or conduct standard
electronic health transactions. However, we believe that many employers
will find that it will be to their advantage and will choose to do so.
B. Organizations with Multiple EINs
We are aware that some organizations have more than one EIN. We
seek comment from the public on whether it is important, in order to
avoid confusion and achieve administrative simplification, that one of
these EINs be used consistently in health transactions. If use of one
EIN is desirable, how should it be chosen?
C. Approved Uses
Two years after adoption of this standard (3 years for small health
plans) the EIN must be used as the employer identifier in the health-
related financial and administrative transactions identified in section
1173(a) that require an employer identifier. The approved uses of the
EIN are detailed in 26 U.S.C. 6109 (i.e., income tax purposes and for
purposes of implementing certain provisions of the Food Stamp Act of
1977 and the Federal Crop Insurance Act). It may not be used in any
activity otherwise prohibited by law. The use of the EIN for the
purposes specified in this proposed rule is covered under the current
approved uses for the EIN.
Examples of approved uses included in this proposed rule are:
Health care providers submitting health claims to health
plans electronically would use the EIN to identify the employers of the
participants in the health plan.
Employers would use their EINs to identify themselves in
electronic transactions making health plan premium payments to health
plans on behalf of their employees.
Employers and health care providers would use the EIN to
identify the employer as the source or receiver of information about
eligibility.
Employers would use their EINs to identify themselves in
electronic transactions to enroll or disenroll their employees in a
health plan.
IV. New and Revised Standards
[Please label written and e-mailed comments about this section with the
subject: Revisions.]
To encourage innovation and promote development, we intend to
develop a process that would allow an organization to request a
revision or replacement to any adopted standard or standards.
An organization could request a revision or replacement to an
adopted standard by requesting a waiver from the Secretary of Health
and Human Services to test a revised or new standard. The organization
must, at a minimum, demonstrate that the revised or new standard offers
an improvement over the adopted standard. If the organization presents
sufficient documentation that supports testing of a revised or new
standard, we want to be able to grant the organization a temporary
waiver to test while remaining in compliance with the law. The waiver
would be applicable to standards that could change over time; for
example, transaction standards. We do not intend to establish a process
that would allow an organization to avoid using any adopted standard.
We would welcome comments on the following: (1) How we should
establish this process, (2) the length of time a proposed standard
should be tested before we decide whether to adopt it, (3) whether we
should solicit public comments before implementing a change in a
standard, and (4) other issues and recommendations we should consider
in developing this process.
Following is one possible process:
Any organization that wishes to revise or replace an
adopted standard must submit its waiver request to an HHS evaluation
committee (not currently established or defined). The organization must
do the following for each standard it wishes to revise or replace:
+ Provide a detailed explanation, no more than 10 pages in length,
of how the revision or replacement would be a clear improvement over
the current standard in terms of the principles listed in section I.B.,
Process for developing national standards, of this preamble.
+ Provide specifications and technical capabilities on the revised
or new standard, including any additional system requirements.
+ An explanation, no more than 5 pages in length, of how the
organization intends to test the standard.
The committee's evaluation would, at a minimum, be based
on the following:
+ A cost-benefit analysis.
+ An assessment of whether the proposed revision or replacement
demonstrates a clear improvement to an existing standard.
+ The extent and length of time of the waiver.
The evaluation committee would inform the organization
requesting the waiver within 30 working days of the committee's
decision on the waiver request. If the committee decides to grant a
waiver, the notification may include the following:
+ Committee comments such as the following:
- The length of time for which the waiver applies if it differs
from the waiver request.
- The sites the committee believes are appropriate for testing if
they differ from the waiver request.
- Any pertinent information regarding the conditions of an approved
waiver.
Any organization that receives a waiver would be required
to submit a report containing the results of the study, no later than 3
months after the study is completed.
The committee would evaluate the report and determine
whether the benefits of the proposed revision or new standard
significantly outweigh the disadvantages of implementing it and make a
recommendation to the Secretary.
V. Collection of Information Requirements
Under the Paperwork Reduction Act of 1995, we are required to
provide 60-day notice in the Federal Register and
[[Page 32794]]
solicit public comment before a collection of information requirement
is submitted to the Office of Management and Budget (OMB) for review
and approval. In order to fairly evaluate whether an information
collection should be approved by OMB, section 3506(c)(2)(A) of the
Paperwork Reduction Act of 1995 requires that we solicit comment on the
following issues:
The need for the information collection and its usefulness
in carrying out the proper functions of our agency.
The accuracy of our estimate of the information collection
burden.
The quality, utility, and clarity of the information to be
collected.
Recommendations to minimize the information collection
burden on the affected public, including automated collection
techniques.
Section 142.604 Requirements: Health plans
Health plans would be required to accept the EIN on all electronic
transactions and transmit the EIN on all electronic transmissions that
require an employer identifier.
Section 3142.608 Requirements: Health care providers
Each health care provider would be required to obtain and use the
EIN of the employer on all electronically transmitted standard
transactions that require it.
Section 142.610 Requirements: Employers.
Each employer would have to disclose its EIN, when requested, to
any entity that conducts standard electronic transactions that require
that employer's identifier.
Discussion
The emerging and increasing use of health care EDI standards and
transactions raises the issue of the applicability of the PRA. The
question arises whether a regulation that adopts an EDI standard used
to exchange certain information constitutes an information collection
subject to the PRA. However, for the purpose of soliciting useful
public comment we provide the following burden estimates.
In particular, the initial burden on the estimated 4 million health
plans and 1.2 million health care providers to modify their current
computer systems software would be 2 hours/$60 per entity, for a total
burden of 10.4 million hours/$312 million. While this burden estimate
may appear low, on average, we believe it to be accurate. This is based
on the assumption that these and the other burden calculations
associated with HIPAA administrative simplification systems
modifications may overlap and is also based on the overwhelming extent
to which the EIN is already in use in the health care community. This
average also takes into consideration that (1) this standard may not be
used by several of the entities included in the estimate, (2) this
standard may already be in use by several of the entities included in
the estimate, (3) modifications may be performed in an aggregate manner
during the course of routine business and/or, (4) modifications may be
made by contractors, such as practice management vendors, in a single
effort for a multitude of affected entities.
We invite public comment on the issues discussed above. If you
comment on these information collection and recordkeeping requirements,
please e-mail comments to JB[email protected] (Attn:HCFA-0047) or mail
copies directly to the following:
Health Care Financing Administration, Office of Information Services,
Information Technology Investment Management Group, Division of HCFA
Enterprise Standards, Room C2-26-17, 7500 Security Boulevard,
Baltimore, MD 21244-1850 Attn: John Burke HCFA-0047, HCFA Reports
Clearance Officer
And,
Office of Information and Regulatory Affairs, Office of Management and
Budget, Room 10235, New Executive Office Building, Washington, DC
20503, Attn: Allison Herron Eydt, HCFA Desk Officer.
VI. Response to Comments
Because of the large number of items of correspondence we normally
receive on Federal Register documents published for comment, we are not
able to acknowledge or respond to them individually. We will consider
all comments we receive by the date and time specified in the DATES
section of this preamble, and, if we proceed with a subsequent
document, we will respond to the comments in the preamble to that
document.
VII. Impact Analysis
As the effect of any one standard is affected by the implementation
of other standards, it can be misleading to discuss the impact of one
standard by itself. Therefore, we did an impact analysis on the total
effect of all the standards in the proposed rule concerning the
national provider identifier (HCFA-0045-P), which can be found at 63 FR
25320.
We intend to publish in each proposed rule an impact analysis that
is specific to the standard or standards proposed in that rule, but the
impact analysis will assess only the relative cost impact of
implementing a given standard. As stated in the general impact analysis
in HCFA-0045-P, we do not intend to associate costs and savings to
specific standards.
Although we cannot determine the specific economic impact of the
standard being proposed in this rule (and individually each standard
may not have a significant impact), the overall impact analysis makes
clear that, collectively, all the standards will have a significant
impact of over $100 million on the economy. Also, while each standard
may not have a significant impact on a substantial number of small
entities, the combined effects of all the proposed standards may have a
significant effect on a substantial number of small entities.
Therefore, the following impact analysis should be read in conjunction
with the overall impact analysis.
Unfunded Mandates
This proposed rule has been reviewed in accordance with the
Unfunded Mandates Reform Act of 1995 (UMRA) (2 U.S.C. 1501 et seq.) and
Executive Order 12875. As discussed in the combined impact analysis to
which we refer above (see 63 FR 25320), HHS estimates that
implementation of the standards will require the expenditure of more
than $100 million by the private sector. Therefore, the rule
establishes a Federal private sector mandate and is a significant
regulatory action within the meaning of section 202 of UMRA (2 U.S.C.
1532). HHS has included this statement to address the anticipated
effects of the proposed rules pursuant to section 202.
These standards also apply to State and local governments in their
roles as health plans or health care providers. Thus, the proposed
rules impose unfunded mandates on these entities. While we do not have
sufficient information to provide estimates of these impacts, several
State Medicaid agencies have estimated that it would cost $1 million
per State or territory to implement all of the HIPAA standards.
However, the costs that these standards impose on these entities are
well below the UMRA section threshold that will require additional
analysis and consultation; the Congressional Budget Office analysis
stated that ``States are already in the forefront in administering the
Medicaid program electronically; the only costs--which should not be
significant--would involve bringing the software and computer systems
for the
[[Page 32795]]
Medicaid programs into compliance with the new standards.''
The anticipated benefits and costs of this proposed standard, and
other issues raised in section 202 of the UMRA, are addressed in the
analysis below and in the combined impact analysis. In addition,
pursuant to section 205 of the UMRA (2 U.S.C. 1535), having considered
a reasonable number of alternatives as outlined in the preamble to this
rule and in the following analysis, HHS has concluded that the rule is
the most cost-effective alternative for implementation of HHS's
statutory objective of administrative simplification.
Executive Order 12866
In accordance with the provisions of Executive Order 12866, this
proposed rule was reviewed by the Office of Management and Budget.
Specific Impact of Employer Identifier
This is the portion of the impact analysis that relates
specifically to the standard that is the subject of this regulation--
the employer identifier. This section describes specific impacts that
relate to the employer identifier. However, as we indicated in the
introduction to this impact analysis, we do not intend to associate
costs and savings to specific standards.
1. Affected Entities
a. Health Care Providers
Health care providers that conduct electronic transactions with
health plans would have to obtain and use the EIN to identify the
employer in those electronic transactions that require an employer
identifier. In most cases health care providers currently obtain and
use the EIN of the employer in those transactions that require an
employer identifier. Any negative impact on health care providers
generally would be related to the initial implementation period for
providers that currently use an identifier other than the EIN to
identify the employer in electronic transactions. They would incur
implementation costs for converting systems from other employer
identifiers to the EIN. Some health care providers would incur those
costs directly and others would incur them in the form of fee increases
from billing agents and health care clearinghouses.
b. Health Care Plans
Health care plans that engage in electronic commerce would have to
modify their systems to use the EIN if they do not currently use the
EIN to identify the employer in electronic transactions that require an
employer identifier. In most cases health care plans currently obtain
and use the EIN of the employer in those transactions that require an
employer identifier. The conversion for health plans currently using an
employer identifier other than the EIN would have a one-time cost
impact.
c. Health Care Clearinghouses
Health care clearinghouses would have to modify their systems to
transmit the EIN if they do not currently use the EIN to identify the
employer in electronic transactions that require an employer
identifier. In most cases health care clearinghouses currently obtain
and use the EIN of the employer in those transactions that require an
employer identifier. The conversion for health care clearinghouses
currently using an employer identifier other than the EIN would have a
one-time cost impact.
d. Employers
Each employer would have to disclose its EIN, when requested, to
any entity that conducts standard electronic transactions that require
the employer's identifier. Entities that conduct electronic
transactions that require an employer identifier commonly obtain that
identifier from the employer as a normal business practice. This
practice would not change. Any impact on employers would be the one-
time impact to disclose the EIN to entities that have previously used a
different identifier for that individual.
2. Effects of Various Options
a. Guiding Principles for Standard Selection
The implementation teams charged with designating standards under
the statute have defined, with significant input from the health care
industry, a set of common criteria for evaluating potential standards.
These criteria are based on direct specifications in the HIPAA, the
purpose of the law, and principles that support the regulatory
philosophy set forth in Executive Order 12866 of September 30, 1993,
and the Paperwork Reduction Act of 1995. In order to be designated as a
standard, a proposed standard should:
Improve the efficiency and effectiveness of the health
care system by leading to cost reductions for or improvements in
benefits from electronic HIPAA health care transactions. This principle
supports the regulatory goals of cost-effectiveness and avoidance of
burden.
Meet the needs of the health data standards user
community, particularly health care providers, health plans, and health
care clearinghouses. This principle supports the regulatory goal of
cost-effectiveness.
Be consistent and uniform with the other HIPAA standards--
their data element definitions and codes and their privacy and security
requirements--and, secondarily, with other private and public sector
health data standards. This principle supports the regulatory goals of
consistency and avoidance of incompatibility, and it establishes a
performance objective for the standard.
Have low additional development and implementation costs
relative to the benefits of using the standard. This principle supports
the regulatory goals of cost-effectiveness and avoidance of burden.
Be supported by an ANSI-accredited standards developing
organization or other private or public organization that will ensure
continuity and efficient updating of the standard over time. This
principle supports the regulatory goal of predictability.
Have timely development, testing, implementation, and
updating procedures to achieve administrative simplification benefits
faster. This principle establishes a performance objective for the
standard.
Be technologically independent of the computer platforms
and transmission protocols used in HIPAA health transactions, except
when it is explicitly part of the standard. This principle establishes
a performance objective for the standard and supports the regulatory
goal of flexibility.
Be precise and unambiguous, but as simple as possible.
This principle supports the regulatory goals of predictability and
simplicity.
Keep data collection and paperwork burdens on users as low
as is feasible. This principle supports the regulatory goals of cost-
effectiveness and avoidance of duplication and burden.
Incorporate flexibility to adapt more easily to changes in
the health care infrastructure (such as new services, organizations,
and provider types) and information technology. This principle supports
the regulatory goals of flexibility and encouragement of innovation.
We assessed the various options for an employer identifier against
the principles listed above, with the overall goal of achieving the
maximum benefit for the least cost. We found that the EIN met all the
principles. No other candidate employer identifier is in widespread
use. No other candidate met a majority of the principles, especially
those principles supporting the regulatory goal of cost-effectiveness.
We are assessing the costs and benefits of
[[Page 32796]]
the EIN, but we did not assess the costs and benefits of other
identifier options, because they did not meet the guiding principles.
b. Need to Convert
All health care providers, health plans, and health care
clearinghouses that do not currently use the EIN to identify the
employer in electronic health transactions that require an employer
identifier would have to convert. Because the EIN is currently in
widespread use as an employer identifier throughout the industry,
adopting the EIN would not require conversion for most health care
providers, health plans or health care clearinghouses. The selection of
the EIN imposes a far smaller burden on the industry than any
nonselected option and presents significant advantages in terms of
cost-effectiveness, universality, and flexibility.
c. Complexity of Conversion
The EIN does not contain embedded intelligence. For those
providers, health plans, and health care clearinghouses that must
convert to use the EIN, the complexity of the conversion would be
significantly affected by the degree to which their processing systems
currently rely on intelligent employer identifiers. Converting from one
unintelligent identifier to another is less complex than modifying
software logic to obtain needed information from other data elements.
However, the use of an unintelligent identifier like the EIN is
required in order to meet the guiding principle of assuring
flexibility.
In general, the shorter the identifier, the easier it is to
implement. It is more likely that a shorter identifier, such as the
EIN, would fit into existing data formats.
The selection of the EIN does not impose a greater burden on the
industry in terms of the complexity of conversion than the nonselected
options.
List of Subjects in 45 CFR Part 142
Administrative practice and procedure, Health facilities, Health
insurance, Hospitals, Medicaid, Medicare, Reporting and recordkeeping
requirements.
Accordingly, 45 CFR subtitle A, subchapter B, would be amended by
adding Part 142 to read as follows:
Note to Reader: This proposed rule is one of several proposed
rules that are being published to implement the administrative
simplification provisions of the Health Insurance Portability and
Accountability Act of 1996. We propose to establish a new 45 CFR
Part 142. Proposed Subpart A--General Provisions is exactly the same
in each rule unless we have added new sections or definitions to
incorporate additional general information. The subparts that follow
relate to the specific provisions announced separately in each
proposed rule. When we publish the first final rule, each subsequent
final rule will revise or add to the text that is set out in the
first final rule.
PART 142--ADMINISTRATIVE REQUIREMENTS
Subpart A--General Provisions
Sec.
142.101 Statutory basis and purpose.
142.102 Applicability.
142.103 Definitions.
142.104 General requirements for health plans.
142.105 Compliance using a health care clearinghouse.
142.106 Effective date of a modification to a standard or
implementation specification.
Subparts B--E [Reserved]
Subpart F--National Employer Identifier Standard
142.602 National employer identifier standard.
142.604 Requirements: Health plans.
142.606 Requirements: Health care clearinghouses.
142.608 Requirements: Health care providers.
142.610 Requirements: Employers.
142.612 Effective dates of the initial implementation of the
national employer identifier standard.
Authority: Sections 1173 and 1175 of the Social Security Act (42
U.S.C. 1320d-2 and 1320d-4). 4
Subpart A--General Provisions
Sec. 142.101 Statutory basis and purpose.
Sections 1171 through 1179 of the Social Security Act, as added by
section 262 of the Health Insurance Portability and Accountability Act
of 1996 (Pub. L. 104-191, 110 Stat. 2021), require HHS to adopt
national standards for the electronic exchange of health information in
the health care system. The purpose of these sections is to promote
administrative simplification.
Sec. 142.102 Applicability.
(a) The standards adopted or designated under this part apply, in
whole or in part, to the following:
(1) A health plan.
(2) A health care clearinghouse when doing the following:
(i) Transmitting a standard transaction (as defined in
Sec. 142.103) to a health care provider or health plan.
(ii) Receiving a standard transaction from a health care provider
or health plan.
(iii) Transmitting and receiving the standard transactions when
interacting with another health care clearinghouse.
(3) A health care provider when transmitting an electronic
transaction as defined in Sec. 142.103.
(b) Means of compliance are stated in greater detail in
Sec. 142.105.
Sec. 142.103 Definitions.
For purposes of this part, the following definitions apply:
Code set means any set of codes used for encoding data elements,
such as tables of terms, medical concepts, medical diagnostic codes, or
medical procedure codes.
Employer means the following:
(1) The entity for whom an individual performs or performed any
service, of whatever nature, as the employee of that entity except
that:
(i) If the entity for whom the individual performs or performed the
services does not have control of the payment of wages for those
services, the term ``employer'' means the entity having control of the
payment of the wages; and
(ii) In the case of an entity paying wages on behalf of a
nonresident alien individual, foreign partnership, or foreign
corporation, not engaged in trade or business within the United States,
the term ``employer'' means that entity.
(2) Any entity acting directly as an employer, or indirectly in the
interest of an employer, in relation to an employee benefit plan and
includes a group or association of employers acting for an employer in
that capacity.
Health care clearinghouse means a public or private entity that
processes or facilitates the processing of nonstandard data elements of
health information into standard data elements. The entity receives
health care transactions from health care providers, health plans,
other entities, or other clearinghouses, translates the data from a
given format into one acceptable to the intended recipient, and
forwards the processed transaction to the appropriate recipient.
Billing services, repricing companies, community health management
information systems, community health information systems, and ``value-
added'' networks and switches that perform these functions are
considered to be health care clearinghouses for purposes of this part.
Health care provider means a provider of services as defined in
section 1861(u) of the Social Security Act, 42 U.S.C. 1395x, a provider
of medical or other health services as defined in section 1861(s) of
the Social Security Act, 42 U.S.C. 1395x, and any other person who
furnishes or bills and is paid for health care services or
[[Page 32797]]
supplies in the normal course of business.
Health information means any information, whether oral or recorded
in any form or medium, that--
(1) Is created or received by a health care provider, health plan,
public health authority, employer, life insurer, school or university,
or health care clearinghouse; and
(2) Relates to the past, present, or future physical or mental
health or condition of an individual, the provision of health care to
an individual, or the past, present, or future payment for the
provision of health care to an individual.
Health plan means an individual or group plan that provides, or
pays the cost of, medical care. Health plan includes the following,
singly or in combination:
(1) Group health plan. Group health plan is an employee welfare
benefit plan (as currently defined in section 3(1) of the Employee
Retirement Income and Security Act of 1974, 29 U.S.C. 1002(1)),
including insured and self-insured plans, to the extent that the plan
provides medical care, including items and services paid for as medical
care, to employees or their dependents directly or through insurance,
or otherwise, and--
(i) Has 50 or more participants; or
(ii) Is administered by an entity other than the employer that
established and maintains the plan.
(2) Health insurance issuer. A health insurance issuer is an
insurance company, insurance service, or insurance organization that is
licensed to engage in the business of insurance in a State and is
subject to State law that regulates insurance.
(3) Health maintenance organization. A health maintenance
organization is a Federally qualified health maintenance organization,
an organization recognized as a health maintenance organization under
State law, or a similar organization regulated for solvency under State
law in the same manner and to the same extent as such a health
maintenance organization.
(4) Part A or Part B of the Medicare program under title XVIII of
the Social Security Act.
(5) The Medicaid program under title XIX of the Social Security
Act.
(6) A Medicare supplemental policy (as defined in section
1882(g)(1) of the Social Security Act, 42 U.S.C. 1395ss).
(7) A long-term care policy, including a nursing home fixed-
indemnity policy.
(8) An employee welfare benefit plan or any other arrangement that
is established or maintained for the purpose of offering or providing
health benefits to the employees of two or more employers.
(9) The health care program for active military personnel under
title 10 of the United States Code.
(10) The veterans health care program under 38 U.S.C. chapter 17.
(11) The Civilian Health and Medical Program of the Uniformed
Services (CHAMPUS), as defined in 10 U.S.C. 1072(4).
(12) The Indian Health Service program under the Indian Health Care
Improvement Act (25 U.S.C. 1601 et seq.).
(13) The Federal Employees Health Benefits Program under 5 U.S.C.
chapter 89.
(14) Any other individual or group health plan, or combination
thereof, that provides or pays for the cost of medical care.
Medical care means the diagnosis, cure, mitigation, treatment, or
prevention of disease, or amounts paid for the purpose of affecting any
body structure or function of the body; amounts paid for transportation
primarily for and essential to these items; and amounts paid for
insurance covering the items and the transportation specified in this
definition.
Participant means any employee or former employee of an employer,
or any member or former member of an employee organization, who is or
may become eligible to receive a benefit of any type from an employee
benefit plan that covers employees of that employer or members of such
an organization, or whose beneficiaries may be eligible to receive any
of these benefits. ``Employee'' includes an individual who is treated
as an employee under section 401(c)(1) of the Internal Revenue Code of
1986 (26 U.S.C. 401(c)(1)).
Small health plan means a group health plan or an individual health
plan with fewer than 50 participants.
Standard means a set of rules for a set of codes, data elements,
transactions, or identifiers promulgated either by an organization
accredited by the American National Standards Institute or HHS for the
electronic transmission of health information.
Transaction means the exchange of information between two parties
to carry out the financial and administrative activities related to
health care. It includes the following:
(1) Health claims or equivalent encounter information.
(2) Health care payment and remittance advice.
(3) Coordination of benefits.
(4) Health claims status.
(5) Enrollment and disenrollment in a health plan.
(6) Eligibility for a health plan.
(7) Health plan premium payments.
(8) Referral certification and authorization.
(9) First report of injury.
(10) Health claims attachments.
(11) Other transactions as the Secretary may prescribe by
regulation.
Sec. 142.104 General requirements for health plans.
If a person conducts a transaction (as defined in Sec. 142.103)
with a health plan as a standard transaction, the following apply:
(a) The health plan may not refuse to conduct the transaction as a
standard transaction.
(b) The health plan may not delay the transaction or otherwise
adversely affect, or attempt to adversely affect, the person or the
transaction on the ground that the transaction is a standard
transaction.
(c) The health information transmitted and received in connection
with the transaction must be in the form of standard data elements of
health information.
(d) A health plan that conducts transactions through an agent must
assure that the agent meets all the requirements of this part that
apply to the health plan.
Sec. 142.105 Compliance using a health care clearinghouse.
(a) Any person or other entity subject to the requirements of this
part may meet the requirements to accept and transmit standard
transactions by either--
(1) Transmitting and receiving standard data elements; or
(2) Submitting nonstandard data elements to a health care
clearinghouse for processing into standard data elements and
transmission by the health care clearinghouse and receiving standard
data elements through the health care clearinghouse.
(b) The transmission, under contract, of nonstandard data elements
between a health plan or a health care provider and its agent health
care clearinghouse is not a violation of the requirements of this part.
Sec. 142.106 Effective date of a modification to a standard or
implementation specification.
HHS may modify a standard or implementation specification after the
first year in which HHS requires the standard or implementation
specification to be used, but not more frequently than once every 12
months. If HHS adopts a modification to a standard or implementation
specification, the implementation date
[[Page 32798]]
of the modified standard or implementation specification may be no
earlier than 180 days following the adoption of the modification. HHS
determines the actual date, taking into account the time needed to
comply due to the nature and extent of the modification. HHS may extend
the time for compliance for small health plans.
Subparts B-E [Reserved]
Subpart F--National Employer Identifier Standard
Sec. 142.602 National employer identifier standard.
The employer identifier standard that must be used under this
subpart is the employer identification number (EIN), which is the
taxpayer identifying number of an individual or other entity (whether
or not an employer) that is assigned pursuant to 26 U.S.C. 6011(b), or
corresponding provisions of prior law, or pursuant to 26 U.S.C. 6109,
and in which nine digits are separated by a hyphen, as follows: 00-
0000000. The EIN is assigned by the Internal Revenue Service, U.S.
Department of the Treasury.
Sec. 142.604 Requirements: Health plans.
Each health plan must accept and transmit the national employer
identifier of any employer that must be identified by the national
employer identifier in any standard transaction.
Sec. 142.606 Requirements: Health care clearinghouses.
Each health care clearinghouse must use the national employer
identifier of any employer that must be identified by the national
employer identifier in any standard transaction.
Sec. 142.608 Requirements: Health care providers.
Each health care provider must use the national employer identifier
wherever required on all transactions the health care provider
transmits electronically.
Sec. 142.610 Requirements: Employers.
Each employer must disclose its EIN, when requested, to any entity
that conducts standard electronic transactions that require that
employer's identifier.
Sec. 142.612 Effective dates of the initial implementation of the
national employer identifier standard.
(a) Health plans. (1) Each health plan that is not a small health
plan must comply with the requirements of Secs. 142.104 and 142.604 by
[24 months after the effective date of the final rule in the Federal
Register].
(2) Each small health plan must comply with the requirements of
Secs. 142.104 and 142.604 by [36 months after the effective date of the
final rule in the Federal Register].
(b) Health care clearinghouses and health care providers. Each
health care clearinghouse and health care provider must begin using the
standard specified in Sec. 142.602 by [24 months after the effective
date of the final rule in the Federal Register].
Dated: April 17, 1998.
Donna E. Shalala,
Secretary.
[FR Doc. 98-15782 Filed 6-15-98; 8:45 am]
BILLING CODE 4120-01-P