Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

NRPM: Standard Health Care Provider Identifier

Publication Date

[Federal Register: May 7, 1998 (Volume 63, Number 88)]

[Proposed Rules]

[Page 25320-25357]

[DOCID:fr07my98-26]


DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary

45 CFR Part 142

[HCFA-0045-P]

RIN 0938-AH99

National Standard Health Care Provider Identifier

AGENCY: Health Care Financing Administration (HCFA), HHS.

ACTION: Proposed rule.


SUMMARY: This rule proposes a standard for a national health care provider identifier and requirements concerning its use by health plans, health care clearinghouses, and health care providers. The health plans, health care clearinghouses, and health care providers would use the identifier, among other uses, in connection with certain electronic transactions.

The use of this identifier would improve the Medicare and Medicaid programs, and other Federal health programs and private health programs, and the effectiveness and efficiency of the health care industry in general, by simplifying the administration of the system and enabling the efficient electronic transmission of certain health information. It would implement some of the requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996.

DATES: Comments will be considered if we receive them at the appropriate address, as provided below, no later than 5 p.m. on July 6, 1998.

ADDRESSES: Mail written comments (1 original and 3 copies) to the following address:

Health Care Financing Administration,
Department of Health and Human Services,
Attention: HCFA-0045-P,
P.O. Box 26585
Baltimore, MD 21207-0519.

If you prefer, you may deliver your written comments (1 original and 3 copies) to one of the following addresses:

Room 309-G, Hubert H. Humphrey Building,
200 Independence Avenue, SW.,
Washington, DC 20201, or

Room C5-09-26,
7500 Security Boulevard,
Baltimore, MD 21244-1850.

Comments may also be submitted electronically to the following e-mail address: NPI@osaspe.dhhs.gov. E-mail comments should include the full name, postal address, and affiliation (if applicable) of the sender and must be submitted to the referenced address to be considered. All comments should be incorporated in the e-mail message because we may not be able to access attachments.

Because of staffing and resource limitations, we cannot accept comments by facsimile (FAX) transmission. In commenting, please refer to file code HCFA-0045-P and the specific section or sections of the proposed rule. Both electronic and written comments received by the time and date indicated above will be available for public inspection as they are received, generally beginning approximately 3 weeks after publication of a document, in Room 309-G of the Department's offices at 200 Independence Avenue, SW., Washington, DC, on Monday through Friday of each week from 8:30 a.m. to 5 p.m. (phone: (202) 690-7890). Electronic and legible written comments will also be posted, along with this proposed rule, at the following web site: http://aspe.hhs.gov/admnsimp/.

Copies: To order copies of the Federal Register containing this document, send your request to: New Orders, Superintendent of Documents, P.O. Box 371954, Pittsburgh, PA 15250-7954. Specify the date of the issue requested and enclose a check or money order payable to the Superintendent of Documents, or enclose your Visa or Master Card number and expiration date. Credit card orders can also be placed by calling the order desk at (202) 512-1800 or by faxing to (202) 512-2250. The cost for each copy is $8. As an alternative, you can view and photocopy the Federal Register document at most libraries designated as Federal Depository Libraries and at many other public and academic libraries throughout the country that receive the Federal Register.

This Federal Register document is also available from the Federal Register online database through GPO Access, a service of the U.S. Government Printing Office. Free public access is available on a Wide Area Information Server (WAIS) through the Internet and via asynchronous dial-in. Internet users can access the database by using the World Wide Web; the Superintendent of Documents home page address is http://www.access.gpo.gov/su__docs/, by using local WAIS client software, or by telnet to swais.access.gpo.gov, then login as guest (no password required). Dial-in users should use communications software and modem to call 202-512-1661; type swais, then login as guest (no password required).

FOR FURTHER INFORMATION CONTACT:

Patricia Peyton, (410) 786-1812

"

I. Background

In order to administer their programs, the Department of Health and Human Services, other Federal agencies, State Medicaid agencies, and private health plans assign identification numbers to the providers of health care services and supplies with which they transact business. These various agencies and health plans, all of which we will refer to as health plans in this proposed rule, routinely, and independently of each other, assign identifiers to health care providers for program management and operations purposes. The identifiers are frequently not standardized within a single health plan or across plans. This lack of uniformity results in a single health care provider having different numbers for each program and often multiple billing numbers issued within the same program, significantly complicating providers’ claims submission processes. In addition, nonstandard enumeration contributes to the unintentional issuance of the same identification number to different health care providers.

Most health plans have to be able to coordinate benefits with other health plans to ensure appropriate payment. The lack of a single and unique identifier for each health care provider within each health plan and across health plans, based on the same core data, makes exchanging data both expensive and difficult.

All of these factors indicate the complexities of exchanging information on health care providers within and among organizations and result in increasing numbers of claims-related problems and increasing costs of data processing. As we become more dependent on data automation and proceed in planning for health care in the future, the need for a universal, standard health care provider identifier becomes more and more evident.

In addition to overcoming communication and coordination difficulties, use of a standard, unique provider identifier would enhance our ability to eliminate fraud and abuse in health care programs.

  • Payments for excessive or fraudulent claims can be reduced by standardizing enumeration, which would facilitate sharing information across programs or across different parts of the same program.
  • A health care provider’s identifier would not change with moves or changes in specialty. This facilitates tracking of fraudulent health care providers over time and across geographic areas.
  • A health care provider would receive only one identifier and would not be able to receive duplicate payments from a program by submitting claims under multiple provider identifiers.
  • A standard identifier would facilitate access to sanction information.

A. National Provider Identifier Initiative

In July 1993, the Health Care Financing Administration (HCFA) undertook a project to develop a provider identification system to meet Medicare and Medicaid needs and ultimately a national identification system for all health care providers to meet the needs of other users and programs. Representatives from the private sector and Federal and State agencies were invited to participate. Active participants included:

  • Department of Defense, Office of Civilian Health and Medical Program of the Uniformed Services
  • Assistant Secretary for Planning and Evaluation, HHS
  • Department of Labor
  • Department of Veterans Affairs
  • Office of Personnel Management
  • Public Health Service, HHS
  • Drug Enforcement Administration
  • State Medicaid agencies and health departments including those of Alabama, California, Maryland, Minnesota and Virginia
  • Medicare carriers and fiscal intermediaries
  • Professional and medical associations, including the National Council for Prescription Drug Programs.

One of the group’s first tasks was to decide whether to use an existing identifier or to develop a new one. They began by adopting criteria recommended for a unique provider identifier by the Workgroup for Electronic Data Interchange (WEDI), Technical Advisory Group in October 1993, and recommended by the American National Standards Institute (ANSI), Healthcare Informatics Standards Planning Panel, Task Group on Provider Identifiers in February 1994. The workgroup then examined existing identifiers and concluded that no existing identifier met all the criteria that had been recommended by the WEDI and ANSI workgroups.

Because of the limitations of existing identifiers, the workgroup designed a new identifier that would be in the public domain and that would incorporate the recommendations of the WEDI and ANSI workgroups. This identifier, which we call the national provider identifier, or NPI, is an 8-position alphanumeric identifier.

D. Process for Developing National Standards

The Secretary has formulated a 5-part strategy for developing and implementing the standards mandated under Part C of title XI of the Act:

  1. To ensure necessary interagency coordination and required interaction with other Federal departments and the private sector, establish interdepartmental implementation teams to identify and assess potential standards for adoption. The subject matter of the teams includes claims/encounters, identifiers, enrollment/eligibility, systems security, and medical coding/classification. Another team addresses cross-cutting issues and coordinates the subject matter teams. The teams consult with external groups such as the NCVHS’ Workgroup on Data Standards, WEDI, ANSI’s Health Informatics Standards Board, the NUCC, the NUBC, and the ADA. The teams are charged with developing regulations and other necessary documents and making recommendations for the various standards to the HHS’ Data Council through its Committee on Health Data Standards. (The HHS Data Council is the focal point for consideration of data policy issues. It reports directly to the Secretary and advises the Secretary on data standards and privacy issues.)
  2. Develop recommendations for standards to be adopted.
  3. Publish proposed rules in the Federal Register describing the standards. Each proposed rule provides the public with a 60-day comment period.
  4. Analyze public comments and publish the final rules in the Federal Register.
  5. Distribute standards and coordinate preparation and distribution of implementation guides.

This strategy affords many opportunities for involvement of interested and affected parties in standards development and adoption:

  • Participate with standards development organizations.
  • Provide written input to the NCVHS.
  • Provide written input to the Secretary of HHS.
  • Provide testimony at NCVHS’ public meetings.
  • Comment on the proposed rules for each of the proposed standards.
  • Invite HHS staff to meetings with public and private sector organizations or meet directly with senior HHS staff involved in the implementation process.

The implementation teams charged with reviewing standards for designation as required national standards under the statute have defined, with significant input from the health care industry, a set of principles for guiding choices for the standards to be adopted by the Secretary. These principles are based on direct specifications in HIPAA and the purpose of the law, principles that are consistent with the regulatory philosophy set forth in Executive Order 12866 and the Paperwork Reduction Act of 1995. To be designated as a HIPAA standard, each standard should:

  1. Improve the efficiency and effectiveness of the health care system by leading to cost reductions for or improvements in benefits from electronic health care transactions.
  2. Meet the needs of the health data standards user community, particularly health care providers, health plans, and health care clearinghouses.
  3. Be consistent and uniform with the other HIPAA standards --their data element definitions and codes and their privacy and security requirements--and, secondarily, with other private and public sector health data standards.
  4. Have low additional development and implementation costs relative to the benefits of using the standard.
  5. Be supported by an ANSI-accredited standards developing organization or other private or public organization that will ensure continuity and efficient updating of the standard over time.
  6. Have timely development, testing, implementation, and updating procedures to achieve administrative simplification benefits faster.
  7. Be technologically independent of the computer platforms and transmission protocols used in electronic transactions, except when they are explicitly part of the standard.
  8. Be precise and unambiguous, but as simple as possible.
  9. Keep data collection and paperwork burdens on users as low as is feasible.
  10. Incorporate flexibility to adapt more easily to changes in the health care infrastructure (such as new services, organizations, and provider types) and information technology.

A master data dictionary providing for common data definitions across the standards selected for implementation under HIPAA will be developed and maintained. We intend for the data element definitions to be precise, unambiguous, and consistently applied. The transaction-specific reports and general reports from the master data dictionary will be readily available to the public. At a minimum, the information presented will include data element names, definitions, and appropriate references to the transactions where they are used.

This proposed rule would establish the standard health care provider identifier and is the first proposed standard under HIPAA. The remaining standards will be grouped, to the extent possible, by subject matter and audience in future regulations. We anticipate publishing several more separate documents to promulgate the remaining standards required under HIPAA.

B. The Results of the NPI Initiative

As a result of the project on the NPI, and before legislation required the use of the standard identifier for all health care providers (see section I.C. Legislation, below), HCFA and other participants accepted the workgroup’s recommendation, and HCFA decided that this new identifier would be implemented in the Medicare program. HCFA began work on developing a national provider system (NPS) that would contain provider data and be equipped with the technology necessary to maintain and manage the data. Plans for the NPS included assigning the NPI and storing the data necessary to identify each health care provider uniquely. The NPI was designed to have no embedded intelligence. (That is, information about the health care provider, such as the type of health care provider or State where the health care provider is located, would not be conveyed by the NPI. This information was to have been recorded by the NPS in each health care provider’s record but would not be part of the identifier.)

The NPS was designed so that it could also be used by other Federal and State agencies and private health plans to enumerate their health care providers that do not participate in Medicare.

C. Legislation

The Congress included provisions to address the need for a standard identifier and other administrative simplification issues in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, which was enacted on August 21, 1996. Through subtitle F of title II of that law, the Congress added to title XI of the Social Security Act a new part C, entitled “Administrative Simplification.” (Public Law 104-191 affects several titles in the United States Code. Hereafter, we refer to the Social Security Act as the Act; we refer to the other laws cited in this document by their names.) The purpose of this part is to improve the Medicare and Medicaid programs in particular and the efficiency and effectiveness of the health care system in general by encouraging the development of a health information system through the establishment of standards and requirements to facilitate the electronic transmission of certain health information.

Part C of title XI consists of sections 1171 through 1179 of the Act. These sections define various terms and impose several requirements on HHS, health plans, health care clearinghouses, and certain health care providers concerning electronic transmission of health information.

The first section, section 1171 of the Act, establishes definitions for purposes of part C of title XI for the following terms: code set, health care clearinghouse, health care provider, health information, health plan, individually identifiable health information, standard, and standard setting organization.

Section 1172 of the Act makes any standard adopted under part C applicable to (1) all health plans, (2) all health care clearinghouses, and (3) any health care providers that transmit any health information in electronic form in connection with the transactions referred to in section 1173(a)(1) of the Act.

This section also contains requirements concerning standard setting.

  • The Secretary may adopt a standard developed, adopted, or modified by a standard setting organization (that is, an organization accredited by the American National Standards Institute (ANSI)) that has consulted with the National Uniform Billing Committee (NUBC), the National Uniform Claim Committee (NUCC), WEDI, and the American Dental Association (ADA).
  • The Secretary may also adopt a standard other than one established by a standard setting organization, if the different standard will reduce costs for health care providers and health plans, the different standard is promulgated through negotiated rulemaking procedures, and the Secretary consults with each of the above-named groups.
  • If no standard has been adopted by any standard setting organization, the Secretary is to rely on the recommendations of the National Committee on Vital and Health Statistics (NCVHS) and consult with each of the above-named groups.

In complying with the requirements of part C of title XI, the Secretary must rely on the recommendations of the NCVHS, consult with appropriate State, Federal, and private agencies or organizations, and publish the recommendations of the NCVHS in the Federal Register.

Paragraph (a) of section 1173 of the Act requires that the Secretary adopt standards for financial and administrative transactions, and data elements for those transactions, to enable health information to be exchanged electronically. Standards are required for the following transactions: health claims, health encounter information, health claims attachments, health plan enrollments and disenrollments, health plan eligibility, health care payment and remittance advice, health plan premium payments, first report of injury, health claim status, and referral certification and authorization. In addition, the Secretary is required to adopt standards for any other financial and administrative transactions that are determined to be appropriate by the Secretary.

Paragraph (b) of section 1173 of the Act requires the Secretary to adopt standards for unique health identifiers for all individuals, employers, health plans, and health care providers and requires further that the adopted standards specify for what purposes unique health identifiers may be used.

Paragraphs (c) through (f) of section 1173 of the Act require the Secretary to establish standards for code sets for each data element for each health care transaction listed above, security standards for health care information systems, standards for electronic signatures (established together with the Secretary of Commerce), and standards for the transmission of data elements needed for the coordination of benefits and sequential processing of claims. Compliance with electronic signature standards will be deemed to satisfy both State and Federal requirements for written signatures with respect to the transactions listed in paragraph (a) of section 1173 of the Act.

In section 1174 of the Act, the Secretary is required to adopt standards for all of the above transactions, except claims attachments, within 18 months of enactment. The standards for claims attachments must be adopted within 30 months of enactment. Generally, after a standard is established it cannot be changed during the first year except for changes that are necessary to permit compliance with the standard. Modifications to any of these standards may be made after the first year, but not more frequently than once every 12 months. The Secretary must also ensure that procedures exist for the routine maintenance, testing, enhancement, and expansion of code sets and that there are crosswalks from prior versions.

Section 1175 of the Act prohibits health plans from refusing to process or delaying the processing of a transaction that is presented in standard format. The Act’s requirements are not limited to health plans; however, each person to whom a standard or implementation specification applies is required to comply with the standard within 24 months (or 36 months for small health plans) of its adoption. A health plan or other entity may, of course, comply voluntarily before the effective date. Entities may comply by using a health care clearinghouse to transmit or receive the standard transactions. Compliance with modifications and implementation specifications to standards must be accomplished by a date designated by the Secretary. This date may not be earlier than 180 days after the notice of change.

Section 1176 of the Act establishes a civil monetary penalty for violation of the provisions in part C of title XI of the Act, subject to several limitations. The Secretary is required by statute to impose penalties of not more than $100 per violation on any person who fails to comply with a standard, except that the total amount imposed on any one person in each calendar year may not exceed $25,000 for violations of one requirement. The procedural provisions in section 1128A of the Act, “Civil Monetary Penalties,” are applicable.

Section 1177 of the Act establishes penalties for a knowing misuse of unique health identifiers and individually identifiable health information: (1) A fine of not more than $50,000 and/or imprisonment of not more than 1 year; (2) if misuse is “under false pretenses,” a fine of not more than $100,000 and/or imprisonment of not more than 5 years; and (3) if misuse is with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine of not more than $250,000 and/or imprisonment of not more than 10 years.

Under section 1178 of the Act, the provisions of part C of title XI of the Act, as well as any standards established under them, supersede any State law that is contrary to them. However, the Secretary may, for statutorily specified reasons, waive this provision.

Finally, section 1179 of the Act makes the above provisions inapplicable to financial institutions or anyone acting on behalf of a financial institution when “authorizing, processing, clearing, settling, billing, transferring, reconciling, or collecting payments for a financial institution.”

(Concerning this last provision, the conference report, in its discussion on section 1178, states:

“The conferees do not intend to exclude the activities of financial institutions or their contractors from compliance with the standards adopted under this part if such activities would be subject to this part. However, conferees intend that this part does not apply to use or disclosure of information when an individual utilizes a payment system to make a payment for, or related to, health plan premiums or health care. For example, the exchange of information between participants in a credit card system in connection with processing a credit card payment for health care would not be covered by this part. Similarly sending a checking account statement to an account holder who uses a credit or debit card to pay for health care services, would not be covered by this part. However, this part does apply if a company clears health care claims, the health care claims activities remain subject to the requirements of this part.”) (H.R. Rep. No. 736, 104th Cong., 2nd Sess. 268-269 (1996))

II. Provisions of the Proposed Regulations

In this proposed rule, we propose a standard health care provider identifier and requirements concerning its implementation. This rule would establish requirements that health plans, health care providers, and health care clearinghouses would have to meet to comply with the statutory requirement to use a unique identifier in electronic transactions. We propose to add a new part to title 45 of the Code of Federal Regulations for health plans, health care providers, and health care clearinghouses in general. The new part would be part 142 of title 45 and would be titled “Administrative Requirements.” Subpart D would contain provisions specific to the NPI.

A. Applicability

Section 262 of HIPAA applies to all health plans, all health care clearinghouses, and any health care providers that transmit any health information in electronic form in connection with transactions referred to in section 1173(a)(1) of the Act. Our proposed rules (at 45 CFR 142.102) would apply to the health plans and health care clearinghouses as well, but we would clarify the statutory language in our regulations for health care providers: we would have the regulations apply to any health care provider only when electronically transmitting any of the transactions to which section 1173(a)(1) of the Act refers.

Electronic transmissions would include transmissions using all media, even when the transmission is physically moved from one location to another using magnetic tape, disk, or CD media. Transmissions over the Internet (wide-open), Extranet (using Internet technology to link a business with information only accessible to collaborating parties), leased lines, dial-up lines, and private networks are all included. Telephone voice response and “faxback” systems would not be included. The “HTML” interaction between a server and a browser by which the elements of a transaction are solicited from a user would not be included, but once assembled into a transaction by the server, transmission of the full transaction to another corporate entity, such as a health plan, would be required to comply.

Our regulations would apply to health care clearinghouses when transmitting transactions to, and receiving transactions from, a health care provider or health plan that transmits and receives standard transactions (as defined under “transaction”) and at all times when transmitting to or receiving electronic transactions from another health care clearinghouse. The law would apply to each health care provider when transmitting or receiving any electronic transaction.

The law applies to health plans for all transactions.

Section 142.104 would contain the following provisions (from section 1175 of the Act):

If a person desires to conduct a transaction (as defined in § 142.103) with a health plan as a standard transaction, the following apply:

(1) The health plan may not refuse to conduct the transaction as a standard transaction.

(2) The health plan may not delay the transaction or otherwise adversely affect, or attempt to adversely affect, the person or the transaction on the ground that the transaction is a standard transaction.

(3) The information transmitted and received in connection with the transaction must be in the form of standard data elements of health information.

As a further requirement, we would require that a health plan that conducts transactions through an agent assure that the agent meets all the requirements of part 142 that apply to the health plan.

Section 142.105 would state that a person or other entity may meet the requirements of § 142.104 by either--

(1) Transmitting and receiving standard data elements, or

(2) Submitting nonstandard data elements to a health care clearinghouse for processing into standard data elements and transmission by the health care clearinghouse and receiving standard data elements through the clearinghouse.

Health care clearinghouses would be able to accept nonstandard transactions for the sole purpose of translating them into standard transactions for sending customers and would be able to accept standard transactions and translate them into nonstandard formats for receiving customers. We would state in § 142.105 that the transmission of nonstandard transactions, under contract, between a health plan or a health care provider and a health care clearinghouse would not violate the law.

Transmissions within a corporate entity would not be required to comply with the standards. A hospital that is wholly owned by a managed care company would not have to use the standards to pass encounter information back to the home office, but it would have to use the standard claims transaction to submit a claim to another health plan. Another example might be transactions within Federal agencies and their contractors and between State agencies within the same State. For example, Medicare enters into contracts with insurance companies and common working file sites that process Medicare claims using government furnished software. There is constant communication, on a private network, between HCFA Central Office and the Medicare carriers, intermediaries and common working file sites. This communication may continue in nonstandard mode. However, these contractors must comply with the standards when exchanging any of the transactions covered by HIPAA with an entity outside these “corporate” boundaries.

B. Definitions

Section 1171 of the Act defines several terms and our proposed rules would, for the most part, simply restate the law. The terms that we are defining in this proposed rule follow:

1. Code set.

We would define “code set” as section 1171(1) of the Act does: “code set” means any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes.

2. Health care clearinghouse.

We would define “health care clearinghouse” as section 1171(2) of the Act does, but we are adding a further, clarifying sentence. The statute defines a “health care clearinghouse” as a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements. We would further explain that such an entity is one that currently receives health care transactions from health care providers and other entities, translates the data from a given format into one acceptable to the intended recipient and forwards the processed transaction to appropriate health plans and other clearinghouses, as necessary, for further action.

There are currently a number of private clearinghouses that perform these functions for health care providers. For purposes of this rule, we would consider billing services, repricing companies, community health management information systems or community health information systems, value-added networks, and switches performing these functions to be health care clearinghouses.

3. Health care provider.

As defined by section 1171(3) of the Act, a “health care provider” is a provider of services as defined in section 1861(u) of the Act, a provider of medical or other health services as defined in section 1861(s) of the Act, and any other person who furnishes health care services or supplies. Our regulations would define “health care provider” as the statute does and clarify that the definition of a health care provider is limited to those entities that furnish, or bill and are paid for, health care services in the normal course of business.

The statutory definition of a health care provider is broad. Section 1861(u) contains the Medicare definition of a provider, which encompasses institutional providers such as hospitals, skilled nursing facilities, home health agencies, and comprehensive outpatient rehabilitation facilities. Section 1861(s) defines other Medicare facilities and practitioners, including assorted clinics and centers, physicians, clinical laboratories, various licensed/certified health care practitioners, and suppliers of durable medical equipment. The last portion of the definition encompasses any appropriately licensed or certified health care practitioners or organizations, including pharmacies and nursing homes and many types of therapists, technicians, and aides. It also includes any other individual or organization that furnishes health care services or supplies. We believe that an individual or organization that bills and is paid for health care services or supplies is also a health care provider for purposes of the statute.

Section 1173(b)(1) of the Act requires the Secretary to adopt standards for unique identifiers for all health care providers. The definition of a “health care provider” at section 1171(3) includes all Medicare providers and “any other person furnishing health care services and supplies.” These two provisions require that provider identifiers may not be limited to only those health care providers that bill electronically or those that bill in their own right. Instead provider identifiers will eventually be available to all those that provide health services. Penalties for failure to use the correct identifiers, however, are limited to those that fail to use the identifiers or other standards in the nine designated electronic transactions. As we discuss under a later section in this preamble,III. Implementation of the NPI, we do not expect to be able to assign identifiers immediately to all health care providers that do not participate in electronic transactions.

Our proposed definition of a health care provider would not include health industry workers who support the provision of health care but who do not provide health services, such as admissions and billing personnel, housekeeping staff, and orderlies.

We describe two alternatives for defining general categories of health care providers for enumeration purposes. In the first, we would categorize health care providers as individuals, organizations, or groups. In the second, we would categorize health care providers as individuals or organizations, which would include groups. The data to be collected for each category of health care provider are described in the preamble in section IV. B. Data Elements. We welcome your comments on whether group providers need to be distinguished from organization providers.

Individuals are treated differently than organizations and groups because the data available to search for duplicates (for example, date and place of birth) are different. Organizations and groups may need to be treated differently from each other because it is possible that a group is not specifically licensed or certified to provide health care, whereas an organization usually is. It may, therefore, be important to be able to link the individual members to the group. It would not be possible to distinguish one category from another by looking at the NPI. The NPS would contain the kinds of data necessary to adequately categorize each health care provider.

The categories are described as follows:

Individual--A human being who is licensed, certified or otherwise authorized to perform medical services or provide medical care, equipment and/or supplies in the normal course of business. Examples of individuals are physicians, nurses, dentists, pharmacists, and physical therapists.

Organization--An entity, other than an individual, that is licensed, certified or otherwise authorized to provide medical services, care, equipment or supplies in the normal course of business. The licensure, certification, or other recognition is granted to the organization entity. Individual owners, managers, or employees of the organization may also be certified, licensed, or otherwise recognized as individual health care providers in their own right. Each separate physical location of an organization, each member of an organization chain, and each subpart of an organization that needs to be identified would receive its own NPI. NPIs of organization providers would not be linked within the NPS to NPIs of other health care providers. Examples of organizations are hospitals, laboratories, ambulance companies, health maintenance organizations, and pharmacies.

In the first alternative for categorizing health care providers, as described above, we would distinguish a group from an organization. We would define a group as follows:

Group--An entity composed of one or more individuals (as defined above), generally created to provide coverage of patients’ needs in terms of office hours, professional backup and support, or range of services resulting in specific billing or payment arrangements. It is possible that the group itself is not licensed or certified, but the individual(s) who compose the group are licensed, certified or otherwise authorized to provide health care services. The NPIs of the group member(s) would be linked within the NPS to the NPI of the group. An individual can be a member of multiple groups. Examples of groups are (1) two physicians practicing as a group where they bill and receive payment for their services as a group and (2) an incorporated individual billing and receiving payment as a corporation.

The ownership of a group or organization can change if it is sold, consolidated, or merged, or if control changes due to stock acquisition. In many cases, the nature of the provider itself (for example, its location, staff or types of services provided) is not affected. In general, the NPI of the provider should not change in these situations unless the change of ownership affects the nature of the provider. (Example: If a hospital is acquired and then converted to a rehabilitation center, it would need to obtain a new NPI.) There may also be circumstances where a new NPI should be issued. (Example: a physicians’ group practice operating as a partnership dissolves that partnership and another partnership of physicians acquires and operates the practice.) We solicit comments on rules to be applied.

We discuss the enumeration of health care providers in more detail, in III. Implementation of the NPI, later in this preamble.

4. Health information.

“Health information,” as defined in section 1171 of the Act, means any information, whether oral or recorded in any form or medium, that--

  • Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
  • Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

We propose the same definition for our regulations.

5. Health plan.

We propose that a “health plan” be defined essentially as section 1171 of the Act defines it. Section 1171 of the Act cross refers to definitions in section 2791 of the Public Health Service Act (as added by Public Law 104-191, 42 U.S.C. 300gg-91); we would incorporate those definitions as currently stated into our proposed definitions for the convenience of the public. We note that many of these terms are defined in other statutes, such as the Employee Retirement Income Security Act of 1974 (ERISA), Public Law 93-406, 29 U.S.C. 1002(7) and the Public Health Service Act. Our definitions are based on the roles of plans in conducting administrative transactions, and any differences should not be construed to affect other statutes.

For purposes of implementing the provisions of administrative simplification, a “health plan” would be an individual or group health plan that provides, or pays the cost of, medical care. This definition includes, but is not limited to, the 13 types of plans listed in the statute. On the other hand, plans such as property and casualty insurance plans and workers compensation plans, which may pay health care costs in the course of administering nonhealth care benefits, are not considered to be health plans in the proposed definition of health plan. Of course, these plans may voluntarily adopt these standards for their own business needs. At some future time, the Congress may choose to expressly include some or all of these plans in the list of health plans that must comply with the standards.

Health plans often carry out their business functions through agents, such as plan administrators (including third party administrators), entities that are under “administrative services only” (ASO) contracts, claims processors, and fiscal agents. These agents may or may not be health plans in their own right; for example, a health plan may act as another health plan’s agent as another line of business. As stated earlier, a health plan that conducts HIPAA transactions through an agent is required to assure that the agent meets all HIPAA requirements that apply to the plan itself.

“Health plan” includes the following, singly or in combination:

a. “Group health plan” (as currently defined by section 2791(a) of the Public Health Service Act). A group health plan is a plan that has 50 or more participants (as the term “participant” is currently defined by section 3(7) of ERISA) or is administered by an entity other than the employer that established and maintains the plan. This definition includes both insured and self-insured plans. We define “participant” separately below.

Section 2791(a)(1) of the Public Health Service Act defines “group health plan” as an employee welfare benefit plan (as currently defined in section 3(1) of ERISA) to the extent that the plan provides medical care, including items and services paid for as medical care, to employees or their dependents directly or through insurance, or otherwise.

It should be noted that group health plans that have fewer than 50 participants and that are administered by the employer would be excluded from this definition and would not be subject to the administrative simplification provisions of HIPAA.

b. “Health insurance issuer” (as currently defined by section 2791(b) of the Public Health Service Act).

Section 2791(b)(2) of the Public Health Service Act currently defines a “health insurance issuer” as an insurance company, insurance service, or insurance organization that is licensed to engage in the business of insurance in a State and is subject to State law that regulates insurance.

c. “Health maintenance organization” (as currently defined by section 2791(b) of the Public Health Service Act).

Section 2791(b) of the Public Health Service Act currently defines a “health maintenance organization” as a Federally qualified health maintenance organization, an organization recognized as such under State law, or a similar organization regulated for solvency under State law in the same manner and to the same extent as such a health maintenance organization. These organizations may include preferred provider organizations, provider sponsored organizations, independent practice associations, competitive medical plans, exclusive provider organizations, and foundations for medical care.

d. Part A or Part B of the Medicare program (title XVIII of the Act).

e. The Medicaid program (title XIX of the Act).

f. A “Medicare supplemental policy” as defined under section 1882(g)(1) of the Act.

Section 1882(g)(1) of the Act defines a “Medicare supplemental policy” as a health insurance policy that a private entity offers a Medicare beneficiary to provide payment for expenses incurred for services and items that are not reimbursed by Medicare because of deductible, coinsurance, or other limitations under Medicare. The statutory definition of a Medicare supplemental policy excludes a number of plans that are generally considered to be Medicare supplemental plans, such as health plans for employees and former employees and for members and former members of trade associations and unions. A number of these health plans may be included under the definitions of “group health plan” or “health insurance issuer”, as defined in a. and b. above.

g. A “long-term care policy,” including a nursing home fixed-indemnity policy. A “long-term care policy” is considered to be a health plan regardless of how comprehensive it is. We recognize the long-term care insurance segment of the industry is largely unautomated and we welcome comments regarding the impact of HIPAA on the long-term care segment.

h. An employee welfare benefit plan or any other arrangement that is established or maintained for the purpose of offering or providing health benefits to the employees of two or more employers. This includes plans and other arrangements that are referred to as multiple employer welfare arrangements (“MEWAs”) as defined in section 3(40) of ERISA.

i. The health care program for active military personnel under title 10 of the United States Code.

j. The veterans health care program under chapter 17 of title 38 of the United States Code.

This health plan primarily furnishes medical care through hospitals and clinics administered by the Department of Veterans Affairs for veterans with a service-connected disability that is compensable. Veterans with non-service-connected disabilities (and no other health benefit plan) may receive health care under this health plan to the extent resources and facilities are available.

k. The Civilian Health and Medical Program of the Uniformed Services (CHAMPUS), as defined in 10 U.S.C. 1072(4).

CHAMPUS primarily covers services furnished by civilian medical providers to dependents of active duty members of the uniformed services and retirees and their dependents under age 65.

l. The Indian Health Service program under the Indian Health Care Improvement Act (25 U.S.C. 1601 et seq.).

This program furnishes services, generally through its own health care providers, primarily to persons who are eligible to receive services because they are of American Indian or Alaskan Native descent.

m. The Federal Employees Health Benefits Program under 5 U.S.C. chapter 89.

This program consists of health insurance plans offered to active and retired Federal employees and their dependents. Depending on the health plan, the services may be furnished on a fee-for-service basis or through a health maintenance organization.

(Note: Although section 1171(5)(M) of the Act refers to the “Federal Employees Health Benefit Plan,” this and any other rules adopting administrative simplification standards will use the correct name, the Federal Employees Health Benefits Program. One health plan does not cover all Federal employees; there are over 350 health plans that provide health benefits coverage to Federal employees, retirees, and their eligible family members. Therefore, we will use the correct name, the Federal Employees Health Benefits Program, to make clear that the administrative simplification standards apply to all health plans that participate in the Program.)

n. Any other individual or group health plan, or combination thereof, that provides or pays for the cost of medical care.

We would include a fourteenth category of health plan in addition to those specifically named in HIPAA, as there are health plans that do not readily fit into the other categories but whose major purpose is providing health benefits. The Secretary would determine which of these plans are health plans for purposes of title II of HIPAA. This category would include the Medicare Plus Choice plans that will become available as a result of section 1855 of the Act as amended by section 4001 of the Balanced Budget Act of 1997 (Public Law 105-33) to the extent that these health plans do not fall under any other category.

6. Medical care.

“Medical care,” which is used in the definition of health plan, would be defined as current section 2791 of the Public Health Service Act defines it: the diagnosis, cure, mitigation, treatment, or prevention of disease, or amounts paid for the purpose of affecting any body structure or function of the body; amounts paid for transportation primarily for and essential to these items; and amounts paid for insurance covering the items and the transportation specified in this definition.

7. Participant.

We would define the term “participant” as section 3(7) of ERISA currently defines it: a “participant” is any employee or former employee of an employer, or any member or former member of an employee organization, who is or may become eligible to receive a benefit of any type from an employee benefit plan that covers employees of such an employer or members of such organizations, or whose beneficiaries may be eligible to receive any such benefits. An “employee” would include an individual who is treated as an employee under section 401(c)(1) of the Internal Revenue Code of 1986 (26 U.S.C. 401(c)(1)).

8. Small health plan.

We would define a “small health plan” as a group health plan with fewer than 50 participants.

The HIPAA does not define a “small health plan” but instead leaves the definition to be determined by the Secretary. The Conference Report suggests that the appropriate definition of a “small health plan” is found in current section 2791(a) of the Public Health Service Act, which is a group health plan with fewer than 50 participants. We would also define small individual health plans as those with fewer than 50 participants.

9. Standard.

Section 1171 of the Act defines “standard,” when used with reference to a data element of health information or a transaction referred to in section 1173(a)(1) of the Act, as any such data element or transaction that meets each of the standards and implementation specifications adopted or established by the Secretary with respect to the data element or transaction under sections 1172 through 1174 of the Act.

Under our definition, a standard would be a set of rules for a set of codes, data elements, transactions, or identifiers promulgated either by an organization accredited by the American National Standards Institute or HHS for the electronic transmission of health information.

10. Transaction.

“Transaction” would mean the exchange of information between two parties to carry out financial and administrative activities related to health care. A transaction would be any of the transactions listed in section 1173(a)(2) of the Act and any determined appropriate by the Secretary in accordance with section 1173(a)(1)(B) of the Act. We present them below in the order in which we propose to list them in the regulations text to this document and in the regulations document for proposed standards for these transactions that we will publish later.

A “transaction” would mean any of the following:

a. Health claims or equivalent encounter information.

This transaction may be used to submit health care claim billing information, encounter information, or both, from health care providers to health plans, either directly or via intermediary billers and claims clearinghouses.

b. Health care payment and remittance advice.

This transaction may be used by a health plan to make a payment to a financial institution for a health care provider (sending payment only), to send an explanation of benefits or a remittance advice directly to a health care provider (sending data only), or to make payment and send an explanation of benefits remittance advice to a health care provider via a financial institution (sending both payment and data).

c. Coordination of benefits.

This transaction can be used to transmit health care claims and billing payment information between health plans with different payment responsibilities where coordination of benefits is required or between health plans and regulatory agencies to monitor the rendering, billing, and/or payment of health care services within a specific health care/insurance industry segment.

In addition to the nine electronic transactions specified in section 1173(a)(2) of the Act, section 1173(f) directs the Secretary to adopt standards for transferring standard data elements among health plans for coordination of benefits and sequential processing of claims. This particular provision does not state that these should be standards for electronic transfer of standard data elements among health plans. However, we believe that the Congress, when writing this provision, intended for these standards to apply to the electronic form of transactions for coordination of benefits and sequential processing of claims. The Congress expressed its intent on these matters generally in section 1173(a)(1)(B), where the Secretary is directed to adopt "other financial and administrative transactions . . . consistent with the goals of improving the operation of the health care system and reducing administrative costs". Adoption of a standard for electronic transmission of standard data elements among health plans for coordination of benefits and sequential processing of claims would serve these goals expressed by the Congress.

d. Health claim status.

This transaction may be used by health care providers and recipients of health care products or services (or their authorized agents) to request the status of a health care claim or encounter from a health plan.

e. Enrollment and disenrollment in a health plan.

This transaction may be used to establish communication between the sponsor of a health benefit and the health plan. It provides enrollment data, such as subscriber and dependents, employer information, and primary care health care provider information. The sponsor is the backer of the coverage, benefit, or product. A sponsor can be an employer, union, government agency, association, or insurance company. The health plan refers to an entity that pays claims, administers the insurance product or benefit, or both.

f. Eligibility for a health plan.

This transaction may be used to inquire about the eligibility, coverage, or benefits associated with a benefit plan, employer, plan sponsor, subscriber, or a dependent under the subscriber’s policy. It also can be used to communicate information about or changes to eligibility, coverage, or benefits from information sources (such as insurers, sponsors, and health plans) to information receivers (such as physicians, hospitals, third party administrators, and government agencies).

g. Health plan premium payments.

This transaction may be used by, for example, employers, employees, unions, and associations to make and keep track of payments of health plan premiums to their health insurers. This transaction may also be used by a health care provider, acting as liaison for the beneficiary, to make payment to a health insurer for coinsurance, copayments, and deductibles.

h. Referral certification and authorization.

This transaction may be used to transmit health care service referral information between primary care health care providers, health care providers furnishing services, and health plans. It can also be used to obtain authorization for certain health care services from a health plan.

i. First report of injury.

This transaction may be used to report information pertaining to an injury, illness, or incident to entities interested in the information for statistical, legal, claims, and risk management processing requirements.

j. Health claims attachments.

This transaction may be used to transmit health care service information, such as subscriber, patient, demographic, diagnosis, or treatment data for the purpose of a request for review, certification, notification, or reporting the outcome of a health care services review.

k. Other transactions as the Secretary may prescribe by regulation.

Under section 1173(a)(1)(B) of the Act, the Secretary shall adopt standards, and data elements for those standards, for other financial and administrative transactions deemed appropriate by the Secretary. These transactions would be consistent with the goals of improving the operation of the health care system and reducing administrative costs.

C. Effective Dates - General

In general, any given standard would be effective 24 months after the effective date (36 months for small health plans) of the final rule for that standard. Because there are other standards to be established than those in this proposed rule, we specify the date for a given standard under the subpart for that standard.

If HHS adopts a modification to an implementation specification or a standard, the implementation date of the modification would be no earlier than the 180th day following the adoption of the modification. HHS would determine the actual date, taking into account the time needed to comply due to the nature and extent of the modification. HHS would be able to extend the time for compliance for small health plans. This provision would be at § 142.106.

The law does not address scheduling of implementation of the standards; it gives only a date by which all concerned must comply. As a result, any of the health plans, health care clearinghouses, and health care providers may implement a given standard earlier than the date specified in the subpart created for that standard. We realize that this may create some problems temporarily, as early implementers would have to be able to continue using old standards until the new ones must, by law, be in place.

At the WEDI Healthcare Leadership Summit held on August 15, 1997, it was recommended that health care providers not be required to use any of the the standards during the first year after the adoption of the standard. However, willing trading partners could implement any or all of the standards by mutual agreement at any time during the 2-year implementation phase (3- year implementation phase for small health plans). In addition, it was recommended that a health plan give its health care providers at least 6 months notice before requiring them to use a given standard.

We welcome comments specifically on early implementation as to the extent to which it would cause problems and how any problems might be alleviated.

D. NPI Standard

Section 142.402, Provider identifier standard, would contain the national health care provider identifier standard. There is no recognized standard for health care provider identification as defined in the law. (That is, there is no standard that has been developed, adopted, or modified by a standard setting organization after consultation with the NUBC, NUCC, WEDI, and the ADA.) Therefore, we would designate a new standard.

We are proposing as the standard the national provider identifier (NPI), which would be maintained by HCFA. As discussed under the Background section earlier in this preamble, the NPI is an 8-position alphanumeric identifier. It includes as the 8th position a numeric check digit to assist in identifying erroneous or invalid NPIs. The check digit is a recognized International Standards Organization [ISO] standard. The check digit algorithm must be computed from an all-numeric base number. Therefore, any alpha characters that may be part of the NPI are translated to specific numerics before the calculation of the check digit. The NPI format would allow for the creation of approximately 20 billion unique identifiers.

The 8-position alphanumeric format was chosen over a longer numeric-only format in order to keep the identifier as short as possible while providing for an identifier pool that would serve the industry’s needs for a long time. However, we recognize that some health care providers and health plans might have difficulty in the short term in accommodating alphabetic characters. Therefore, we propose to issue numeric-only identifiers first and to introduce alphabetic characters starting with the first position of the NPI. This would afford additional time for health care providers and health plans to accommodate the alphabetic characters.

1. Selection criteria.

Each individual implementation team weighted the criteria described in section I.D., Process for Developing National Standards, in terms of the standard it was addressing. As we assessed the various options for a provider identifier against the criteria, it became apparent that many of the criteria would be satisfied by all of the provider identifier candidates. Consequently, we concentrated on the four criteria (1, 2, 3, and 10) that were not satisfied by all of the options. These criteria are described below in the specific context of the provider identifier.

#1. Improve the efficiency and effectiveness of the health care system.

In order to be integrated into electronic transactions efficiently, standard provider identifiers must be easily accessible. Health plans must be able to obtain identifiers and other key data easily in order to use the identifier in electronic transactions. Existing health care provider files have to be converted to the new standard. In addition, health care providers will need to know other health care providers’ identifiers (for example, a hospital needs the identifiers of all physicians who perform services in the facility). To meet this criterion, we believe the identifier should not be proprietary; that is, it should be possible to communicate identifiers freely as needed. Moreover, the issuer must be able to reliably issue each health care provider only one identifier and to issue each identifier only once.

#2. Meet the needs of the health data standards user community.

The identifier must be comprehensive. It must accommodate all health care provider types or must be capable of being expanded to do so. Based on our definition of “health care provider”, this includes individual health care providers who are employed by other health care providers and alternative practitioners who may not be currently recognized by health plans. The identifier must have the capacity to enumerate health care providers for many years without reuse of previously-assigned identifiers. To meet this criterion, we believe that, over time, the identifier must be capable of uniquely identifying at least 100 million entities.

#3. Be consistent and uniform with other HIPAA and other private and public sector health data standards in providing for privacy and confidentiality.

Confidentiality of certain health care provider data must be maintained. Certain data elements (for example, social security number and date of birth) needed to enumerate an individual health care provider reliably should not be made available to the public.

#10. Incorporate flexibility to adapt more easily to changes.

To meet this criterion, the identifier must be intelligence- free (the identifier itself should not contain any information about the health care provider). Intelligence in the identifier would require issuing a new identifier if there is a change in that information. For example, an identifier containing a State code would no longer be accurate if the health care provider moves to another State.

2. Candidate identifiers.

We assessed a number of candidate identifiers to see if they met the four specific criteria discussed above. We first assessed the identifiers listed in the inventory of standards prepared for the Secretary by the Health Informatics Standards Board. Those standards are the unique physician identification number (UPIN), which is issued by HCFA; the health industry number (HIN), which is issued by the Health Industry Business Communications Council; the National Association of Boards of Pharmacy (NABP) number, which is issued by the National Council for Prescription Drug Programs in cooperation with the NABP; and the national provider identifier (NPI), which is being developed by HCFA.

Unique physician identification numbers are currently issued to physicians, limited license practitioners, group practices, and certain noninstitutional providers (for example, ambulance companies). These numbers are issued to health care providers through Medicare carriers, and generally only Medicare providers have them. The unique physician identification number is used to identify ordering, performing, referring, and attending health care providers in Medicare claims processing. The computer system that generates the numbers is maintained by HCFA and is able to detect duplicate health care providers. The unique physician identification number is in the public domain and could be made widely accessible to health care providers and health plans. These numbers do contain intelligence (the first position designates a provider type, e.g., physician) and are only six positions long, which would not be able to accommodate a sufficient number of future health care providers. The unique physician identification number does not meet criteria 2 and 10.

The health industry number is used for contract administration in the health industry supply chain, as a prescriber identifier for claims processing, and for market analysis. It consists of a base 7-position alpha-numeric identifier and a 2-position alpha-numeric suffix identifying the location of the prescriber. The suffix contains intelligence. Health industry numbers can enumerate individual prescribers as well as institutional providers. They are issued via a proprietary system maintained by the Health Industry Business Communications Council, which permits subscriptions to the database by data re-sellers and others. In addition, it does not collect sufficient data for thorough duplicate checking of individuals. The health industry number does not meet criteria 1, 3, and 10.

The National Association of Boards of Pharmacy number is a 7-digit numeric identifier assigned to licensed pharmacies. It is used to identify pharmacies to various payers. Its first two digits denote the State, the next four positions are assigned sequentially, and the last position is a check digit. We cannot assess data accessibility or privacy and confidentiality at this time because of the very limited applicability of the number. A 7-digit numeric identifier would not yield a sufficient quantity of identifiers, and there is intelligence in the number. This number does not meet criteria 2 and 10.

The NPI is intended to be a universal identifier, which can be used to enumerate all types of health care providers, and the supporting data structure incorporates a comprehensive list of provider types developed by an ANSI Accredited Standards Committee X12N workgroup. It is an intelligence-free 8-position alpha- numeric identifier, with the eighth position being a check digit, allowing for approximately 20 billion possible identifiers. The NPI would not be proprietary and would be widely available to the industry. The system that would enumerate health care providers would be maintained by HCFA, and data would therefore be safeguarded under the Privacy Act (5 U.S.C 552a). The system would also incorporate extensive search and duplicate checking routines into the enumeration process. The NPI meets all four of these criteria.

In addition, we examined the social security number issued by the Social Security Administration, the DEA number issued by the Drug Enforcement Administration, the employer identification number issued by the Internal Revenue Service, and the national supplier clearinghouse number issued by the Medicare program and used to identify suppliers of durable medical equipment and other suppliers. Neither the social security number nor the DEA number meets the accessibility test. The use of the social security number by Federal agencies is protected by the Privacy Act, and the DEA number must remain confidential in order to fulfill its intended function of monitoring controlled substances. The employer identification number does not meet the comprehensiveness test, because some individual health care providers do not qualify for one. The length of the national supplier clearinghouse number is 10 positions; to expand it would make it too long. Also, it is not intelligence-free, since the first portion of the identifier links health care providers together into business entities. The last four positions are reserved for subentities, leaving only the first six positions to enumerate unique health care provider entities.

Based on this analysis, we recommend the NPI be designated as the standard identifier for health care providers. It is the only candidate identifier that meets all four of the criteria above. In addition, the NPI would be supported by HCFA to assure continuity. As discussed in section VII. of this preamble, on collection of information requirements, the data collection and paperwork burdens on users would be minimal, and the NPI can be used in other standard transactions under the HIPAA. In addition, as discussed in sections III.B., Enumerators, and IX., Impact Analysis, implementation costs per health care provider and per health plan would be relatively low, and we would develop implementation procedures. The NPI would be platform and protocol independent, and the structure of the identifier has been precisely stated. The NPI is not fully operational, but it is undergoing testing at this time, and comprehensive testing will be completed before the identifier is implemented.

3. Consultations.

In the development of the NPI, we consulted with many organizations, including those that the legislation requires (section 1172(c)(3)(B) of the Act). Subsequently, the NPI has been endorsed by several government and private organizations:

a. The NCVHS endorsed the NPI in a Federal Register notice on July 24, 1997 (62 FR 39844).

b. The NUBC endorsed the NPI in August 1996.

c. The ADA indicated its support, in concept, of the development of a unique, singular, national provider identifier for all health care providers in December 1996.

d. The NUCC supported the establishment of the NPI in January 1997, subject to the following issues being fully addressed:

  • The business needs and rationale for each identifier be clearly established for health care, in both the private and government sectors, as part of the identifier definition process.
  • The scope and nature of, and the rationale for, the entities subject to enumeration be clearly defined.
  • All issues arising out of the health care industry’s review of the proposed identifier, including any ambiguities in the law or proposed rule, be acknowledged and addressed.
  • Distribution of identifier products/maintenance to health care providers, payers and employers be low cost and efficient. There should be no cost to have a number assigned to an individual health care provider or business.

e. WEDI indicated support for “the general concept of the NPI as satisfying the national provider identifier requirement of HIPAA” in a May 1997 letter to the Secretary. WEDI further stated that the NPI is equal to or better than alternative identifiers, but noted that it cannot provide an unqualified opinion until operational and technical details are disclosed in this regulation.

f. The State of Minnesota endorsed the NPI in Minnesota Statutes Section 62J.54, dated February 1996.

g. The Massachusetts Health Data Consortium’s Affiliated Health Information Networks of New England endorsed the NPI as the standard provider locator for electronic data interchange in March 1996.

h. The USA Registration Committee approved the NPI as an International Standards Organization card issuer identifier in August 1996, for use on magnetic cards.

i. The National Council for Prescription Drug Programs indicated support for the NPI effort in an October 1996 letter to the Secretary.

E. Requirements

1. Health plans.

In § 142.404, Requirements: Health plans, we would require health plans to accept and transmit, directly or via a health care clearinghouse, the NPI on all standard transactions wherever required. Federal agencies and States may place additional requirements on their health plans.

2. Health care clearinghouses.

We would require in § 142.406, Requirements: Health care clearinghouses, that each health care clearinghouse use the NPI wherever an electronic transaction requires it.

3. Health care providers.

In § 142.408, Requirements: Health care providers, we would require each health care provider that needs an NPI for HIPAA transactions to obtain, by application if necessary, an NPI and to use the NPI wherever required on all standard transactions that it directly transmits or accepts. The process by which health care providers will apply for and obtain NPIs has not yet been established. This proposed rule (in section III., Implementation of the NPI) presents implementation options by which health care providers will apply for and obtain NPIs. We are seeking comments on the options, and welcome other options for consideration. In one of the options we are presenting, we anticipate that the initial enumeration of health care providers that are already enrolled in Medicare, other Federal programs named as health plans, and Medicaid would be done by those health plans. Those health care providers would not have to apply for NPIs but would instead have their NPIs issued automatically. Non-Federal and non-Medicaid providers would need to apply for NPIs to a Federally-directed registry for initial enumeration. The information that will be needed in order to issue an NPI to a health care provider is discussed in this preamble in section IV. Data. Depending on the implementation option selected, Federal and Medicaid health care providers may not need to provide this information because it would already be available to the entities that would be enumerating them. In one of the options, health care providers would be assigned their NPIs in the course of enrolling in the Federal health plan or in Medicaid. Both options may require, to some degree, the development of an application to be used in applying for an NPI.

We would require each health care provider that has an NPI to forward updates to the data in the database to an NPI enumerator within 60 days of the date the change occurs. We are soliciting comments on whether these updates should be applicable to all the data elements proposed to be included in the national provider file (NPF) or only to those data elements that are critical for enumeration. For example, we would like to know whether the addition of a credential should be required to be reported within the 60-day period, or whether such updates should be limited to name or address changes or other data elements that are required to enumerate a health care provider.

F. Effective Dates of the NPI

Health plans would be required to comply with our requirements as follows:

  1. Each health plan that is not a small health plan would have to comply with the requirements of §§ 142.104 and 142.404 no later than 24 months after the effective date of the final rule.
  2. Each small health plan would have to comply with the requirements of §§ 142.104 and 142.404 no later than 36 months after the effective date of the final rule.
  3. If HHS adopts a modification to a standard or implementation specification, the implementation date of the modification would be no earlier than the 180th day following the adoption of the modification. HHS would determine the actual date, taking into account the time needed to comply due to the nature and extent of the modification. HHS would be able to extend the time for compliance for small health plans.

Health care clearinghouses and affected health care providers would have to begin using the NPI no later than 24 months after the effective date of the final rule.

Failure to comply with standards may result in monetary penalties. The Secretary is required by statute to impose penalties of not more than $100 per violation on any person who fails to comply with a standard, except that the total amount imposed on any one person in each calendar year may not exceed $25,000 for violations of one requirement. We will propose enforcement procedures in a future Federal Register document once the industry has more experience with using the standards.

III. Implementation of the NPI

A. The National Provider System

We would implement the NPI through a central electronic enumerating system, the national provider system (NPS). This system would be a comprehensive, uniform system for identifying and uniquely enumerating health care providers at the national level, not unlike the process now used to issue social security numbers. HCFA would exercise overall responsibility for oversight and management of the system. Health care providers would not interact directly with the NPS.

The process of identifying and uniquely enumerating health care providers is separate from the process health plans follow in enrolling health care providers in their health programs. Even with the advent of assignment of NPIs by the NPS, health plans would still have to follow their own procedures for receiving and verifying information from health care providers that apply to them for enrollment in their health programs. Unique enumeration is less expensive than plan enrollment because it does not require as much information to be collected, edited, and verified. We welcome comments on the cost of provider enrollment in a health plan.

NPIs would be issued by one or more organizations to which we refer in this preamble as “enumerators.” The functions we foresee being carried out by enumerators are presented in section B. Enumerators in this preamble. The NPS would edit the data, checking for consistency, formatting addresses, and validating the social security number. It would then search the database to determine whether the health care provider already has an NPI. If so, that NPI would be displayed. If not, an NPI would be assigned. If the health care provider is similar (but not identical) to an already-enumerated health care provider, the information would be passed back to the enumerator for further analysis. Enumerators would also communicate NPIs back to the health care providers and maintain the NPS database. The number of enumerators would be limited in the interest of data quality and consistency.

Because the Medicare program maintains files on more health care providers than any other health care program in the country, we envision using data from those files to initially populate the NPF that is being built by the NPS and would be accessed by the enumerator(s). The data we are considering for inclusion in this file are described in section IV. Data in this preamble.

B. Enumerators

The enumerator(s) would carry out the following functions: assist health care providers and answer questions; accept the application for an NPI; validate as many of the data elements as possible at the point of application to assure the submitted data are accurate and the application is authentic; enter the data into the NPS to obtain an NPI for the health care provider; research cases where there is a possible match to a health care provider already enumerated; notify the health care provider of the assigned NPI; and enter updated data into the NPS when notified by the health care provider. Some of these functions would not be necessary if the enumerator(s) is an entity that enrolls health care providers in its own health plan and would be enumerating health care providers at the time they are enrolling in the entity’s health plan. For example, if a Federal health plan is an enumerator, some of the functions listed above would not have to be performed separately from what the health plan would do in its regular business.

The major issue related to the operation of this process is determining who the enumerator(s) will be.

1. Possible enumerators.

We had several choices in deciding who should enumerate health care providers. There are advantages and disadvantages to each of these choices:

· A registry:

A central registry operated under Federal direction would enumerate all health care providers. The Federally-directed registry could be a single physical entity or could be a number of agents controlled by a single entity and operating under common procedures and oversight.

For: The process would be consistent; centralized operation would assure consistent data quality; the concept of a registry is easy to understand (single source for identifiers).

Against: The cost of creating a new entity rather than enumerating as part of existing functions (for example, plan enrollment) would be greater than having existing entities enumerate; there would be redundant data required for enumeration and enrollment in a health plan.

· Private organization(s):

A private organization(s) that meets certain selection criteria and performance standards, which would post a surety bond related to the number of health care providers enumerated could enumerate health care providers.

For: The organization(s) would operate in a consistent manner under uniform requirements and standards; failure to maintain prescribed requirements and standards could result in penalties which could include suspension or debarment from being an enumerator.

Against: A large number of private enumerators would compromise the quality of work and be difficult to manage; the administrative work required to set up arrangements for a private enumerator(s) may be significant; the cost of creating a new entity rather than enumerating as part of existing functions (for example, plan enrollment) would be greater than having existing entities enumerate; there might be redundant data required for enumeration and enrollment in a health plan; the legality of privatization would need to be researched.

· Federal health plans and Medicaid State agencies:

Federal programs named as health plans and Medicaid State agencies would enumerate all health care providers. (As stated earlier under the definition of “health plan”, the Federal Employees Health Benefits Program is comprised of numerous health plans, rather than just one, and does not deal directly with health care providers that are not also health plans. Thus, the program would not enumerate health care providers but would still require the NPI to be used.)

For: These health plans already assign numbers to their health care providers; a large percentage of health care providers do business with Federal health plans and Medicaid State agencies; there would be no appreciable costs for these health plans to enumerate as part of their enrollment process; a small number of enumerators would assure consistent data quality.

Against: Not all health care providers do business with any of these health plans; there would be the question of which health plan would enumerate the health care provider that participates in more than one; we estimate that approximately 5 percent of the State Medicaid agencies may decline to take on this additional task.

· Designated State agency:

The Governor of each State would designate an agency to be responsible for enumerating health care providers within the State. The agency might be the State Medicaid agency, State licensing board, health department, or some other organization. Each State would have the flexibility to develop its most workable approach.

For: This choice would cover all health care providers; there would be a single source of enumeration in each State; States could devise the least expensive mechanisms (for example, assign NPI during licensing); license renewal cycles would assure periodic checks on data accuracy.

Against: This choice would place an unfunded workload on States; States may decline to designate an agency; there may be insufficient funding to support the costs the States would incur; State licensing agencies may not collect enough information during licensing to ensure uniqueness across States; States may not be uniform in their definitions of “providers.”

· Professional organizations or training programs:

We would enlist professional organizations to enumerate their members and/or enable professional schools to enumerate their students.

For: Individuals could be enumerated at the beginning of their careers; most health care providers either attend a professional school or belong to an organization.

Against: Not all health care providers are affiliated with an organization or school; this choice would result in many enumerators and thus potentially lower the data quality; schools would not be in a position to update data once the health care provider has graduated; the choice would place an unfunded workload on schools and/or organizations.

· Health plans:

Health plans in general would have access to the NPS to enumerate any of their health care providers.

For: Most health care providers do business with one or more health plans; there would be a relatively low cost for health plans to enumerate as part of enrollment; this choice would eliminate the need for redundant data.

Against: Not all health care providers are affiliated with a health plan; this choice would be confusing for the health care provider in determining which health plan would enumerate when the health care provider is enrolled in multiple health plans; there would be a very large number of enumerators and thus potentially serious data quality problems; the choice would place unfunded workload on health plans.

· Combinations:

We also considered using combinations of these choices to maximize advantages and minimize disadvantages.

2. Options:

If private organizations, as enumerators, could charge health care providers a fee for obtaining NPIs, this enumeration option would be attractive and more preferable than the other choices or combinations, as it would offer a way to fund the enumeration function. In researching the legality of this approach, however, we were advised that we do not have the authority to (1) charge health care providers a fee for obtaining NPIs, or (2) license private organizations that could charge health care providers for NPIs. For these reasons, we chose not to recommend private organizations as enumerators.

The two most viable options are described below. We solicit input on these options, as well as on alternate solutions.

Option 1: Registry enumeration of all health care providers.

All health care providers would apply directly to a Federally-directed registry for an identifier. The registry, while under Federal direction, would probably be operated by an agent or contractor. This option is favored by some health plans, which believe that a single entity should be given the task of enumerating health care providers and maintaining the database for the sake of consistency. It would also be the simplest option for health care providers, since enumeration activities would be carried out for all health care providers by a single entity. The major drawback to this option is the high cost of establishing a registry large enough to process enumeration and update requests for the 1.2 million current and 30,000 new (annually) health care providers that conduct HIPAA transactions. The costs of this option are discussed in section J.2.d., Enumerators, in the impact analysis in this Federal Register document. The statute did not provide a funding mechanism for the enumeration/update process. Federal funds, if available, could support the registry. We seek comments on funding mechanisms for the registry.

This option does not offer a clear possibility for funding some of the costs associated with the operation and maintenance of the NPS as it becomes national in scope (that is, as the NPS enumerates health care providers that are not Medicare providers). We solicit comments on appropriate methods for funding the NPS under this option.

Option 2: A combination of Federal programs named as health plans, Medicaid State agencies, and a Federally-directed registry.

Federal health plans and Medicaid State agencies would enumerate their own health care providers. Each health care provider participating in more than one health plan could choose the health plan by which it wishes to be enumerated. All other health care providers would be enumerated by a Federally-directed registry. These latter health care providers would apply directly to the registry for an identifier.

The number of enumerators, and the number of health care providers per enumerator, would be small enough that each enumerator would be able to carefully validate data received from and about each of its health care providers. Moreover, enumerators (aside from the registry) would be dealing with their own health care providers, an advantage both in terms of cost equity and data quality. This option recognizes the fact that Federal plans and Medicaid State agencies already assign identifiers to their health care providers for their own programmatic purposes. It would standardize those existing processes and, in some cases, may increase the amount of data collected or validation performed. We have concluded that the cost of concurrently enumerating and enrolling a Medicare or Medicaid provider is essentially the same as the cost of enrollment alone because of the high degree of redundancy between the processes. While there would probably be additional costs initially, they would be offset by savings in other areas (e.g., there would be a simplified, more efficient coordination of benefits; a health care provider would only have to be enumerated once; there would be no need to maintain more than one provider number for each health care provider; and there would be no need to maintain more than one enumeration system).

The Federal Government is responsible for 75 percent of Medicaid State agency costs to enumerate and update health care providers. Because we believe that, on average, the costs incurred by Medicaid State agencies in enumerating and updating their own health care providers to be relatively low and offset by savings, there are no tangible costs involved.

Allowing these health plans to continue to enumerate their health care providers would reduce the registry workload and its operating costs. We estimate that approximately 85 percent of billing health care providers transact business with a Medicaid State agency or a Federal health plan. We estimate that 5 percent of Medicaid State agencies may decline to enumerate their health care providers. If so, that work would have to be absorbed by the registry. This expense could be offset by the discontinuation of the UPIN registry, which is currently maintained with Federal funds. The costs of this option are discussed in section J.2.d., Enumerators, of the impact analysis.

We welcome comments on the number of health care providers that would deal directly with a registry under this option and on alternative ways to enumerate them.

This option does not offer a clear possibility for funding some of the costs associated with the operation and maintenance of the NPS as it becomes national in scope (that is, as the NPS enumerates health care providers that are not Medicare providers). We solicit comments on appropriate methods for funding the NPS under this option.

We believe that option 2 is the most advantageous and the least costly. Option 1 is the simplest for health care providers to understand but has a significant Federal budgetary impact. Option 2 takes advantage of existing expertise and processes to enumerate the majority of health care providers. This reduces the cost of the registry in option 2 to a point where it would be largely offset by savings from eliminating redundant enumeration processes.

3. Fees and costs.

Because the statute did not provide a funding mechanism for the enumeration process, Federal funds, if available, would be required to finance this function. We seek comment on any burden that various financing options might impose on the industry.

We welcome comments on possible ways to reduce the costs of enumeration.

While the NPS has been developed to date by HCFA with Federal funds, issues remain as to sources of future funding as the NPS becomes national in use. We welcome your comments on sources for this funding.

4. Enumeration phases.

We intend to implement the NPI in phases because the number of potential health care providers to be enumerated is too large to enumerate at one time, regardless of the number of enumerators. We describe in a., b., and c. below how the process would work if option 2 were selected and in d. below how implementation of option 1 would differ.

a. Health care providers that participate in Medicare (including physicians and other suppliers that furnish items and services covered by Medicare) would be enumerated first because, as the managing entity, HCFA has data readily available for all Medicare providers. Health care providers that are already enrolled in Medicare at the time of implementation would be enumerated based on existing Medicare provider databases that have already been reviewed and validated. These health care providers would not have to request an NPI -- they would automatically receive one. After this initial enumeration, new and non-Medicare health care providers not yet enumerated that wish to participate in Medicare would receive an NPI as a part of the enrollment process.

b. Medicaid and non-Medicare Federal health plans that need to enumerate their health care providers would follow a similar process, based on a mutually agreed-upon timetable. Those health plans’ existing prevalidated databases could be used to avoid requiring large numbers of health care providers to apply for NPIs. If a health care provider were already enumerated by Medicare, that NPI would be communicated to the second program. After the initial enumeration, new health care providers that wish to participate in Medicaid or a Federal health plan other than Medicare would receive an NPI as a part of that enrollment process. Health care providers that transact business with more than one such health plan could be enumerated by any one of those health plans. This phase would be completed within 2 years after the effective date of the final rule.

c. A health care provider that does not transact any business with Federal health plans or Medicaid but that does conduct electronically any of the transactions stipulated in HIPAA (for example, submits claims electronically to a private health plan) would be enumerated via a Federally-directed registry. This enumeration would be done concurrently with the enumeration described in b., above. Health care providers would apply to the registry for an NPI.

After the first two phases of enumeration (that is, enumeration of health care providers enrolled or enrolling in Federal health plans or Medicaid or health care providers that do not conduct business with any of those plans but that conduct any of the HIPAA transactions electronically), the health care providers remaining would be those that do not conduct electronically any of the transactions specified in HIPAA. We refer to these health care providers as “non-HIPAA-transaction health care providers.” The non-HIPAA-transaction health care providers would not be enumerated in the first two phases of enumeration. We do not intend to enumerate these health care providers until all health care providers requiring NPIs by statute are enumerated and funds are available. In some cases, these health care providers may wish to be enumerated even though they do not conduct electronic transactions. Health plans may prefer to use the NPI for all health care providers, whether or not they submit transactions electronically, for the sake of processing efficiency. In addition, some health care providers may wish to be enumerated even though they conduct no designated transactions and are not affiliated with any health plan. Additional research is required on the time table and method by which non-HIPAA-transaction health care providers would be enumerated.

d. If option 1 were selected, the Federally-directed registry would enumerate all health care providers. With a single enumeration point (although it could consist of several agents controlled by a single entity, as stated earlier), we would envision enumeration taking place in the following phases: Medicare providers; Medicaid providers and other non-Medicare Federal providers; health care providers that do not transact any business with the aforementioned plans but that process electronically any of the transactions stipulated in HIPAA; and all other health care providers (i.e., non-HIPAA-transaction health care providers).

 

C. Approved Uses of the NPI

The law requires that we specify the appropriate uses of the NPI.

Two years after adoption of this standard (3 years for small health plans) the NPI must be used in the health care system in connection with the health-related financial and administrative transactions identified in section 1173(a). The NPI may also be used as a cross reference in health care provider fraud and abuse files and other program integrity files (for example, the HHS Office of the Inspector General sanction file). The NPI may be used to identify health care providers for debt collection under the provisions of the Debt Collection Information Act of 1996 and the Balanced Budget Act of 1997, and for any other lawful activity requiring individual identification of health care providers. It may not be used in any activity otherwise prohibited by law.

Other examples of approved uses would include:

  • Health care providers may use their own NPIs to identify themselves in health care transactions or related correspondence. · Health care providers may use other health care providers’ NPIs as necessary to complete health care transactions and on related correspondence.
  • Health care providers may use their own NPIs on prescriptions (however, the NPI could not replace the DEA number or State license number where either of those numbers is required on prescriptions).
  • Health plans may use NPIs in their internal provider files to process transactions and may use them on transactions and in communications with health care providers.
  • Health plans may communicate NPIs to other health plans for coordination of benefits.
  • Health care clearinghouses may use NPIs in their internal files to create and process standard transactions and in communications with health care providers and health plans.
  • NPIs may be used to identify treating health care providers in patient medical records.

D. Summary of Effects on Various Entities

We summarize here how the implementation of the NPI would affect health care providers, health plans, and health care clearinghouses, if option 2 were selected. Differences that would result from selection of option 1 are noted parenthetically.

1. Health care providers.

a. Health care providers interacting with Medicare, another Federal plan, or a Medicaid State agency would receive their NPIs from the NPS via one of those programs and would be required to use their NPIs on all the specified electronic transactions. Each plan would establish its own schedule for adopting the NPI, within the time period specified by the law. Whether a given plan would automatically issue the NPIs or require the health care providers to apply for them would be up to the plan. (For example, the Medicare program would issue NPIs automatically to its currently enrolled Medicare providers and suppliers; data on its future health care providers and suppliers would be collected on the Medicare enrollment application.) The Federal or State plan may impose requirements other than those stated in the regulations.

The health care providers would be required to update any data collected from them by submitting changes to the plan within 60 days of the change. Health care providers that transact business with multiple plans could report changes to any one of them. (Selection of option 1 would mean that the health care provider would obtain the NPI from, and report changes to, the Federally-directed registry.)

b. Health care providers that conduct electronic transactions but do not do so with Federal health plans or Medicaid would receive their NPIs from the NPS via the Federally-directed registry and would be required to use their NPIs on all the specified electronic transactions. Each health plan would establish its own schedule for adopting the NPI, within the time period specified by the law. The health care providers would be required to update any data originally collected from them by submitting changes within 60 days of the date of the change to the Federally-directed registry.

c. Health care providers that are not covered by the above categories would not be required to obtain an NPI. (These health care providers are the non-HIPAA-transaction health care providers as described in section 4.c. of section B. Enumerators earlier in this preamble.) They may be enumerated if they wish, depending on availability of funds, but they would not be issued NPIs until those health care providers that currently conduct electronic transactions have received their NPIs. As stated earlier, the timetable and method by which the non-HIPAA-transaction health care providers would be enumerated must be determined. After the non-HIPAA-transaction health care providers are enumerated, they would be required to update any data originally collected from them by submitting changes within 60 days of the date of the change. Those providers would report their changes to the registry or to a Federal plan or Medicaid State agency with which they transact business at the time of the change.

2. Health plans.

a. Medicare, other Federal health plans, and Medicaid would be responsible for obtaining NPIs from the NPS and issuing them to their health care providers. They would be responsible for updating the data base with data supplied by their health care providers. (Selection of option 1 would mean that Medicare, other Federal health plans, and Medicaid would not enumerate health care providers or update their data.)

These government health plans would establish their own schedule for adopting the NPI, within the time period specified by the law. They would be able to impose requirements on their health care providers in addition to, but not inconsistent with, those in our regulations.

b. Each remaining health plan would be required to use the NPI to identify health care providers in electronic transactions as provided by the statute. Each health plan would establish its own schedule for adopting the NPI, within the time period specified by the law. They would be able to impose requirements on their health care providers in addition to, but not inconsistent with, those in our regulations.

3. Health care clearinghouses

Health care clearinghouses would be required to use a health care provider’s NPI on electronic standard transactions requiring an NPI that are submitted on the health care provider’s behalf.

IV. Data

A. Data Elements

The NPS would collect and store in the NPF a variety of information about a health care provider, as shown in the table below. We believe the majority of this information is used to uniquely identify a health care provider; other information is used for administrative purposes. A few of the data elements are collected at the request of potential users that have been working with HCFA in designing the database prior to the passage of HIPAA. All of these data elements represent only a fraction of the information that would comprise a provider enrollment file. The data elements in the table, plus cease/effective/termination dates, switches (yes/no), indicators, and history, are being considered as those that would form the NPF. We have included comments, as appropriate. The table does not display systems maintenance or similar fields, or health care provider cease/effective/termination dates.

National Provider File Data Elements

KEY: I - Used for the unique identification of a provider.

A - Used for administrative purposes.

U - Included at the request of potential users (optional).

Data Elements

Comments

Purpose

National Provider Identifier (NPI)

8-position alpha-numeric NPI assigned by the NPS.

I

Provider’s current name

For Individuals only. Includes first, middle, and last names.

I

Provider’s other name

For Individuals only. Includes first, middle, and last names. Other names might include maiden and professional names.

I

Provider’s legal business name

For Groups and Organizations only.

I

Provider’s name suffix

For Individuals only. Includes Jr., Sr., II, III, IV, and V.

I

Provider’s credential designation

For Individuals only. Examples are MD, DDS, CSW, CNA, AA, NP, RNA, PSY.

I

Provider’s Social Security Number (SSN)

For Individuals only.

I

Provider’s Employer Identification Number (EIN)

Employer Identification Number.

I

Provider’s birth date

For Individuals only.

I

Provider’s birth State code

For Individuals only.

I

Provider’s birth county name

For Individuals only.

I

Provider’s birth country name

For Individuals only.

I

Provider’s sex

For Individuals only.

I

Provider’s race

For Individuals only.

U

Provider’s date of death

For Individuals only.

I

Provider’s mailing address

Includes 2 lines of street address, plus city, State, county, country, 5- or 9-position ZIP code.

A

Provider’s mailing address telephone number

 

A

Provider’s mailing address fax number

 

A

Provider’s mailing address e-mail address

 

A

Resident/Intern code

For certain Individuals only.

U

Provider enumerate date

Date provider was enumerated (assigned an NPI). Assigned by the NPS.

A

Provider update date

Last date provider data was updated. Assigned by the NPS.

A

Establishing enumerator/agent number

Identification number of the establishing enumerator.

A

Provider practice location identifier (location code)

2-position alpha-numeric code (location code) assigned by the NPS.

I

Provider practice location name

Title (e.g., “doing business as” name) of practice location.

I

Provider practice location address

Includes 2 lines of street address, plus city, State, county, country, 5- or 9-position ZIP code.

I

Provider’s practice location telephone number

 

A

Provider’s practice location fax number

 

A

Provider’s practice location e-mail address

 

A

Provider classification

From Accredited Standards Committee X12N taxonomy. Includes type(s), classification(s), area(s) of specialization.

I

Provider certification code

For certain Individuals only.

U

Provider certification (certificate) number

For certain Individuals only.

U

Provider license number

For certain Individuals only.

I

Provider license State

For certain Individuals only.

I

School code

For certain Individuals only.

I

School name

For certain Individuals only.

I

School city, State, country

For certain Individuals only.

U

School graduation year

For certain Individuals only.

I

Other provider number type

Type of provider identification number also/formerly used by provider: UPIN, NSC, OSCAR, DEA, Medicaid State, PIN, Payer ID.

I

Other provider number

Other provider identification number also/formerly used by provider.

I

Group member name

For Groups only. Name of Individual member of group. Includes first, middle, and last names.

I

Group member name suffix

For Groups only. This is the Individual member’s name suffix. Includes Jr., Sr., II, III, IV, and V.

I

Organization type control code

For certain Organizations only. Includes Government - Federal (Military), Government - Federal (Veterans), Government - Federal (Other), Government - State/County, Government - Local, Government - Combined Control, Non-Government - Non-profit, Non-Government - For Profit, and Non-Government - Not for Profit.

U

We need to consider the benefits of retaining all of the data elements shown in the table versus lowering the cost of maintaining the database by keeping only the minimum number of data elements needed for unique provider identification. We solicit input on the composition of the minimum set of data elements needed to uniquely identify each type of provider. In order to consider the inclusion or exclusion of data elements, we need to assess their purpose and use.

The data elements with a purpose of “I” are needed to identify a health care provider, either in the search process (which is electronic) or in the investigation of health care providers designated as possible matches by the search process. These data elements are critical because unique identification is the keystone of the NPS.

The data elements with a purpose of “A” are not essential to the identification processes mentioned above, but nonetheless are valuable. Certain “A” data elements can be used to contact a health care provider for clarification of information or resolution of issues encountered in the enumeration process and for sending written communications; other “A” data elements (e.g., Provider Enumerate Date, Provider Update Date, Establishing Enumerator/Agent Number) are used to organize and manage the data.

Data elements with a purpose of “U” are collected at the request of potential users of the information in the system. While not used by the system’s search process to uniquely identify a health care provider, Race is nevertheless valuable in the investigation of health care providers designated as possible matches as a result of that process. In addition, Race is important to the utility of the NPS as a statistical sampling frame. We solicit comments on the statistical validity of race data. Race is collected “as reported”; that is, it is not validated. It is not maintained, only stored. The cost of keeping this data element is virtually nil. Other data elements (Resident/Intern Code, Provider Certification Code and Number, and Organization Type Control Code) with a purpose of “U”, while not used for enumeration of a health care provider, have been requested to be included by some members of the health care industry for reports and statistics. These data elements are optional and do not require validation; many remain constant by their nature; and the cost to store them is negligible.

The data elements that we judge will be expensive to either validate or maintain (or both) are the license information, provider practice location addresses, and membership in groups. We solicit comments on whether these data elements are necessary for the unique enumeration of health care providers and whether validation or maintenance is required for that purpose.

Licenses may be critical in determining uniqueness of a health care provider (particularly in resolving identities involving compound surnames) and are, therefore, considered to be essential by some. License information is expensive to validate initially, but not expensive to maintain because it does not change frequently.

The practice location addresses can be used to aid in investigating possible provider matches, in converting existing provider numbers to NPIs, and in research involving fraud or epidemiology. Location codes, which are discussed in detail in section B. Practice Addresses and Group/Organization Options below, could be assigned by the NPS to point to and identify practice locations of individuals and groups. Some potential users felt that practice addresses changed too frequently to be maintained efficiently at the national level. The average Medicare physician has two to three addresses at which he/she practices. Group providers may have many more practice locations. We estimate that 5 percent of health care providers require updates annually, and that addresses are one of the most frequently changing attributes. As a result, maintaining more than one practice address for an individual provider on a national scale could be burdensome and time consuming. Many potential users believe that practice addresses could more adequately be maintained at local, health-plan specific levels.

Some potential users felt that membership in groups was useful in identifying health care providers. Many others, however, felt that these data are highly volatile and costly to maintain. These users felt it was unlikely that membership in groups could be satisfactorily maintained at the national level.

We welcome your comments on the data elements proposed for the NPF and input as to the potential usefulness and tradeoffs for these elements such as those discussed above.

We specifically invite comments and suggestions on how the enumeration process process might be improved to prevent issuance of multiple NPIs to a health care provider.

B. Practice Addresses and Group/Organization Options

We have had extensive consultations with health care providers, health plans, and members of health data standards organizations on the requirements for provider practice addresses and on the group and organization data in the NPS. (It is important to note that the NPS is designed to capture a health care provider’s mailing address. The mailing address is a data element separate from the practice address, and, as such, is not the subject of the discussion below.) Following are the major questions relating to these issues:

· Should the NPS capture practice addresses of health care providers?

For: Practice addresses could aid in non-electronic matching of health care providers and in conversion of existing provider number systems to NPIs. They could be useful for research specific to practice location; for example, involving fraud or epidemiology.

Against: Practice addresses would be of limited use in the electronic identification and matching of health care providers. The large number of practice locations of some group providers, the frequent relocation of provider offices, and the temporary situations under which a health care provider may practice at a particular location would make maintenance of practice addresses burdensome and expensive.

· Should the NPS assign a location code to each practice address in a health care provider’s record? The location code would be a 2-position alphanumeric data element. It would be a data element in the NPS but would not be part of the NPI. It would point to a certain practice address in the health care provider’s record and would be usable only in conjunction with that health care provider’s NPI. It would not stand alone as a unique identifier for the address.

For: The location code could be used to designate a specific practice address for the health care provider, eliminating the need to perform an address match each time the address is retrieved. The location code might be usable, in conjunction with a health care provider’s NPI, as a designation for service location in electronic health transactions.

Against: Location codes should not be created and assigned nationally unless required to support standard electronic health transactions; this requirement has not been demonstrated. The format of the location code would allow for a lifetime maximum of 900 location codes per health care provider; this number may not be adequate for groups with many locations. The location code would not uniquely identify an address; different health care providers practicing at the same address would have different location codes for that address, causing confusion for business offices that maintain data for large numbers of health care providers.

· Should the NPS link the NPI of a group provider to the NPIs of the individual providers who are members of the group?

For: Linkage of the group NPI to individual members’ NPIs would provide a connection from the group provider, which is possibly not licensed or certified, to the individual members who are licensed, certified or otherwise authorized to provide health care services.

Against: The large number of members of some groups and the frequent moves of individuals among groups would make national maintenance of group membership burdensome and expensive. Organizations that need to know group membership prefer to maintain this information locally, so that they can ensure its accuracy for their purposes.

· Should the NPS collect the same data for organization and group providers? There would be no distinction between organization and group providers. Each health care provider would be categorized in the NPS either as an individual or as an organization. Each separate physical location or subpart of an organization that needed to be identified would receive its own NPI. The NPS would not link the NPI of an organization provider to the NPI of any other health care provider, although all organizations with the same employer identification number (EIN) or same name would be retrievable via a query on that EIN or name.

For: The categorization of health care providers as individuals or organizations would provide flexibility for enumeration of integrated provider organizations. Eliminating the separate category of group providers would eliminate an artificial distinction between groups and organizations. It would eliminate the possibility that the same entity would be enumerated as both a group and an organization. It would eliminate any need for location codes for groups. It would allow enumeration at the lowest level that needs to be identified, offering flexibility for enumerators, health plans or other users of NPS data to link organization NPIs as they require in their own systems.

Against: A single business entity could have multiple NPIs, corresponding to its physical locations or subparts.

Possible Approaches:

We present two alternatives to illustrate how answers to the questions posed above would affect enumeration and health care provider data in the NPS. Since the results would depend upon whether the health care provider is an individual, organization, or group, we refer the reader to section II.B.3., Definitions, of this preamble.

Alternative 1:

The NPS would capture practice addresses. It would assign a location code for each practice address of an individual or group provider. Organization and group providers would be distinguished and would have different associated data in the NPS. Organization providers could have only one location per NPI and could not have individuals listed as members. Group providers could have multiple locations with location codes per NPI and would have individuals listed as members.

For individual providers, the NPS would capture each practice address and assign a corresponding location code. The NPS would link the NPIs of individuals who are listed as members of a group with the NPI of their group.

For organization providers, the NPS would capture the single active practice address. It would not assign a corresponding location code.

For group providers, the NPS would capture each practice address and assign a corresponding location code. The NPS would link the NPI of a group with the NPIs of all individuals who are listed as members of the group. A group location would have a different location code in the members’ individual records and the group record.

Alternative 2:

The NPS would capture only one practice address for an individual or organization provider. It would not assign location codes. The NPS would not link the NPI of a group provider to the NPIs of individuals who are members of the group. Organization and group providers would not be distinguished from each other in the NPS. Each health care provider would be categorized as either an individual or an organization.

For individual providers, the NPS would capture a single practice address. It would not assign a corresponding location code.

For organization providers, each separate physical location or subpart that needed to be identified would receive its own NPI. The NPS would capture the single active practice address of the organization. It would not assign a corresponding location code.

Recent consultations with health care providers, health plans, and members of health data standards organizations have indicated a growing consensus for Alternative 2 discussed above. Representatives of these organizations feel that Alternative 2 will provide the data needed to identify the health care provider at the national level, while reducing burdensome data maintenance associated with provider practice location addresses and group membership. We welcome comments on these and other alternatives for collection of practice location addresses and assignment of location codes, and on the group and organization provider data within the NPS.

V. Data Dissemination

We are making information from the NPS available so that the administrative simplification provisions of the law can be implemented smoothly and efficiently. In addition to the health care provider’s name and NPI, it is important to make available other information about the health care provider so that people with existing health care provider files can associate their health care providers with the appropriate NPIs. The data elements we are proposing to disseminate are the ones that our research has shown will be most beneficial in this matching process. The information needs to be disseminated to the widest possible audience because the NPIs would be used in a vast number of applications throughout the health care industry.

We propose to charge fees for the dissemination of such items as data files and directories, but the fees would not exceed the costs of the dissemination.

We would establish two levels of users of the data in the NPS for purposes of disseminating information. Some of the data that would be collected in order to assign NPIs would be confidential and not be disclosed to those without a legitimate right of access to the confidential data.

Level I - Enumerators

Access to the NPS would be limited to approved enumerators for the system that would be specifically listed in 45 CFR part 142. We would publish “routine uses” for the data concerning individuals in a Privacy Act systems of records notice. The notice is being developed and will be available during the comment period for this proposed rule.

Enumerators would have access to all data elements for all health care providers in order to accurately resolve potential duplicate situations (that is, the health care provider may already have been enumerated). Enumerators would be required to protect the privacy of the data in accordance with the Privacy Act.

Enumerators would have access to the on-line NPS and would also receive periodic batch update files from HCFA.

Level II - The public

The public (which includes individuals, health care providers, software vendors, health plans that are not enumerators, and health care clearinghouses) would have access to selected data elements.

The table below lists the data comprising the NPF, as described in section IV. A. Data Elements, and indicates the dissemination level (Level I or Level II).

Dissemination of Information from the National Provider File

Data Elements

Dissemination Level

Comments

National Provider Identifier (NPI)

I and II

8-position alpha-numeric NPI assigned by the NPS.

Provider’s current name

I and II

For Individuals only. Includes first, middle, and last names.

Provider’s other name

I and II

For Individuals only. Includes first, middle, and last names. Other names might include maiden and professional names.

Provider’s legal business name

I and II

For Groups and Organizations only.

Provider’s name suffix

I and II

For Individuals only. Includes Jr., Sr., II, III, IV, and V.

Provider’s credential designation

I and II

For Individuals only. Examples are MD, DDS, CSW, CNA, AA, NP, RNA, PSY.

Provider’s Social Security Number (SSN)

I only

For Individuals only.

Provider’s Employer Identification Number (EIN)

I only

Employer Identification Number.

Provider’s birth date

I only

For Individuals only.

Provider’s birth State code

I only

For Individuals only.

Provider’s birth county name

I only

For Individuals only.

Provider’s birth country name

I only

For Individuals only.

Provider’s sex

I only

For Individuals only.

Provider’s race

I only

For Individuals only.

Provider’s date of death

I only

For Individuals only.

Provider’s mailing address

I and II

Includes 2 lines of street address, plus city, State, county, country, 5- or 9- position ZIP code.

Provider’s mailing address telephone number

I only

 

Provider’s mailing address fax number

I only

 

Provider’s mailing address e-mail address

I only

 

Resident/Intern code

I and II

For certain Individuals only.

Provider enumerate date

I and II

Date provider was enumerated (assigned an NPI). Assigned by the NPS.

Provider update date

I and II

Last date provider data was updated. Assigned by the NPS.

Establishing enumerator/agent number

I only

Identification number of the establishing enumerator.

Provider practice location identifier (location code)

I and II

2-position alpha-numeric code (location code) assigned by the NPS.

Provider practice location name

I and II

Title (e.g., “doing business as” name) of practice location.

Provider practice location address

I and II

Includes 2 lines of street address, plus city, State, county, country, 5- or 9- position ZIP code.

Provider’s practice location telephone number

I only

 

Provider’s practice location fax number

I only

 

Provider’s practice location e-mail address

I only

 

Provider classification

I and II

From Accredited Standards Committee X12N taxonomy. Includes type(s), classification(s), area(s) of specialization.

Provider certification code

I only

For certain Individuals only.

Provider certification (certificate) number

I only

For certain Individuals only.

Provider license number

I only

For certain Individuals only.

Provider license State

I only

For certain Individuals only.

School code

I only

For certain Individuals only.

School name

I only

For certain Individuals only.

School city, State, country

I only

For certain Individuals only.

School graduation year

I only

For certain Individuals only.

Other provider number type

I and II

Type of provider identification number also/formerly used by provider: UPIN, NSC, OSCAR, DEA, Medicaid State, PIN, Payer ID.

Other provider number

I and II

Other provider identification number also/formerly used by provider.

Group member name

I and II

For Groups only. Name of Individual member of group. Includes first, middle, and last names.

Group member name suffix

I and II

For Groups only. This is the Individual member’s name suffix. Includes Jr., Sr., II, III, IV, and V.

Organization type control code

I and II

For certain Organizations only. Includes Government - Federal (Military), Government - Federal (Veterans), Government - Federal (Other), Government - State/County, Government - Local, Government - Combined Control, Non-Government - Non-profit, Non-Government - For Profit, and Non- Government - Not for Profit.

Clearly, the access to the public data would have to be electronic in order to support the more frequent users. We are asking for comments on exactly what should be available in hardcopy, what types of electronic formats are necessary (for example, diskette, CD ROM, tape, cartridge, and via Internet), and frequency of update. We anticipate making these data as widely available as feasible. We note that the UPIN Directory (currently available to the public) would be discontinued and replaced with a similar document or electronic file once the NPS is in place.

We initially envisioned limiting access to the second level to health plans and other entities involved in electronic transactions and adding a third level of access, which would make a more abbreviated data set available to the general public. This was in keeping with the past policy of not disclosing physicians’ practice addresses. Recent court decisions and our broader goal of beneficiary education caused us to choose a broader data dissemination strategy. We welcome comments on this point.

VI. New and Revised Standards

To encourage innovation and promote development, we intend to develop a process that would allow an organization to request a revision or replacement to any adopted standard or standards.

An organization could request a revision or replacement to an adopted standard by requesting a waiver from the Secretary of Health and Human Services to test a revised or new standard. The organization must, at a minimum, demonstrate that the revised or new standard offers an improvement over the adopted standard. If the organization presents sufficient documentation that supports testing of a revised or new standard, we want to be able to grant the organization a temporary waiver to test while remaining in compliance with the law. The waiver would be applicable to standards that could change over time; for example, transaction standards. We do not intend to establish a process that would allow an organization to avoid using any adopted standard.

We would welcome comments on the following: (1) How we should establish this process, (2) the length of time a proposed standard should be tested before we decide whether to adopt it, (3) whether we should solicit public comments before implementing a change in a standard, and (4) other issues and recommendations we should consider in developing this process.

Following is one possible process:

  • Any organization that wishes to revise or replace an adopted standard must submit its waiver request to an HHS evaluation committee (not currently established or defined). The organization must do the following for each standard it wishes to revise or replace:
    • Provide a detailed explanation, no more than 10 pages in length, of how the revision or replacement would be a clear improvement over the current standard in terms of the principles listed in section I.D., Process for developing national standards, of this preamble.
    • Provide specifications and technical capabilities on the revised or new standard, including any additional system requirements.
    • An explanation, no more than 5 pages in length, of how the organization intends to test the standard.
  • The committee’s evaluation would, at a minimum, be based on the following:
    • A cost-benefit analysis.
    • An assessment of whether the proposed revision or replacement demonstrates a clear improvement to an existing standard.
    • The extent and length of time of the waiver.
  • The evaluation committee would inform the organization requesting the waiver within 30 working days of the committee’s decision on the waiver request. If the committee decides to grant a waiver, the notification may include the following:
    • Committee comments such as the following:
      • The length of time for which the waiver applies if it differs from the waiver request.
      • The sites the committee believes are appropriate for testing if they differ from the waiver request.
      • Any pertinent information regarding the conditions of an approved waiver.
  • Any organization that receives a waiver would be required to submit a report containing the results of the study, no later than 3 months after the study is completed.
  • The committee would evaluate the report and determine whether the benefits of the proposed revision or new standard significantly outweigh the disadvantages of implementing it and make a recommendation to the Secretary.

VII. Collection of Information Requirements

Under the Paperwork Reduction Act of 1995, we are required to provide 60-day notice in the Federal Register and solicit public comment before a collection of information requirement is submitted to the Office of Management and Budget (OMB) for review and approval. In order to fairly evaluate whether an information collection should be approved by OMB, section 3506(c)(2)(A) of the Paperwork Reduction Act of 1995 requires that we solicit comment on the following issues:

  • The need for the information collection and its usefulness in carrying out the proper functions of our agency.
  • The accuracy of our estimate of the information collection burden.
  • The quality, utility, and clarity of the information to be collected.
  • Recommendations to minimize the information collection burden on the affected public, including automated collection techniques.

§ 142.408(a),(c) Requirements: Health care providers.

In summary, each health care provider would be required to obtain, by application if necessary, a national provider identifier and communicate any changes to the data elements in its file in the national provider system to an enumerator of national provider identifiers within 60 days of the change.

Discussion:

We are especially interested in receiving comments on the possible methods of managing the provider enumeration process. Given the multitude of possible methods associated with managing the enumeration process, we are unable to provide an accurate burden estimate at this time. Below is the repeated provider identifier enumeration discussion, from section II., Provisions of Proposed Regulations, E. Requirements, 3. Health care providers, of this preamble.

The process by which health care providers will apply for and obtain NPIs has not yet been established. This proposed rule (in section III., Implementation of the NPI) presents implementation options by which health care providers would apply for and obtain NPIs. We are seeking comments on the options and welcome other options for consideration.

In one of the options we are presenting, we anticipate that the initial enumeration of health care providers that are already enrolled in Medicare, other Federal programs named as health plans, and Medicaid would be done by those health plans. Those health care providers would not have to apply for NPIs but would instead have their NPIs issued automatically. Non-Federal and non-Medicaid providers would need to apply for NPIs to a Federally-directed registry for initial enumeration. The information that would be needed in order to issue an NPI to a health care provider is discussed in this preamble in section IV., Data. Depending on the implementation option selected, Federal and Medicaid health care providers may not need to provide this information because it would already be available to the entities that would be enumerating them. In one of the options, health care providers would be assigned their NPIs in the course of enrolling in the Federal health plan or in Medicaid. Both options may require, to some degree, the development of an application to be used in applying for an NPI.

We would require each health care provider that has an NPI to forward updates to the data in the database to an NPI enumerator within 60 days of the date the change occurs. We are soliciting comments on whether these updates should be applicable to all the data elements proposed to be included in the NPF or only to those data elements that are critical for enumeration. For example, we would like to know whether the addition of a credential should be required to be reported within the 60-day period or whether such updates should be limited to name or address changes or other data elements that are required to enumerate a health care provider.

Given the multitude of possible methods of implementing the enumeration process we are soliciting public comment on each of the following issues, before we submit a copy of this document to the Office of Management and Budget (OMB) for its review of these information collection requirements.

§ 142.404 and § 142.408(b) Requirements: Health plans and Requirements: Health care providers.

In summary, each health plan would be required to accept and transmit, either directly or via a health care clearinghouse, the NPI of any health care provider required in any standard transaction. Also, each health care provider must use NPIs wherever required on all standard transactions it accepts or transmits directly.

Discussion:

The emerging and increasing use of health care EDI standards and transactions raises the issue of the applicability of the PRA. The question arises whether a regulation that adopts an EDI standard used to exchange certain information constitutes an information collection subject to the PRA. However, for the purpose of soliciting useful public comment we provide the following burden estimates.

In particular, the initial burden on the estimated 4 million health plans and 1.2 million health care providers to modify their current computer systems software would be 2 hours/$60 per entity, for a total burden of 10.4 million hours/$312 million. While this burden estimate may appear low, on average, we believe it to be accurate. This is based on the assumption that these and the other burden calculations associated with HIPAA administrative simplification systems modifications may overlap. This average also takes into consideration that (1) this standard may not be used by several of the entities included in the estimate, (2) this standard may already be in use by several of the entities included in the estimate, (3) modifications may be performed in an aggregate manner during the course of routine business and/or, (4) modifications may be made by contractors, such as practice management vendors, in a single effort for a multitude of affected entities.

We invite public comment on the issues discussed above. If you comment on these information collection and recordkeeping requirements, please e-mail comments to JBurke1@hcfa.gov (Attn:HCFA-0045) or mail copies directly to the following:

Health Care Financing Administration,
Office of Information Services,
Information Technology Investment Management Group,
Division of HCFA Enterprise Standards,
Room C2-26-17, 7500 Security Boulevard,
Baltimore, MD 21244-1850.
Attn: John Burke HCFA-0045.

And,

Office of Information and Regulatory Affairs,
Office of Management and Budget,
Room 10235, New Executive Office Building,
Washington, DC 20503,
Attn: Allison Herron Eydt, HCFA Desk Officer.

VIII. Response to Comments

Because of the large number of items of correspondence we normally receive on Federal Register documents published for comment, we are not able to acknowledge or respond to them individually. We will consider all comments we receive by the date and time specified in the "DATES" section of this preamble, and, if we proceed with a subsequent document, we will respond to the comments in the preamble to that document.

IX. Impact Analysis

A. Executive Summary

The costs of implementing the standards specified in the statute are primarily one-time or short-term costs related to conversion. These costs include system conversion/upgrade costs, start-up costs of automation, training costs, and costs associated with implementation problems. These costs will be incurred during the first three years of implementation. The benefits of EDI include reduction in manual data entry, elimination of postal service delays, elimination of the costs associated with the use of paper forms, and the enhanced ability of participants in the market to interact with each other.

In our analysis, we have used the most conservative figures available and have taken into account the effects of the existing trend toward electronic health care transactions. Based on this analysis, we have determined that the benefits attributable to the implementation of administrative simplification will accrue almost immediately but will not exceed costs for health care providers and health plans until after the third year of implementation. After the third year, the benefits will continue to accrue into fourth year and beyond. The total net savings for the period 1998-2002 will be $1.5 billion (a net savings of $1.7 billion for health plans, and a net cost of $.2 billion for health care providers). The single year net savings for the year 2002 will be $3.1 billion ($1.6 billion for plans and $1.5 billion for providers).

B. Introduction

We assessed several strategies for determining the impact of the various standards that the Secretary will designate under the statute. We could attempt to analyze the costs and savings of each individual standard independently or we could analyze the costs and savings of all the standards in the aggregate. We chose to base our analysis on the aggregate impact of all the standards. Assessing the cost of implementing each standard independently would yield inflated costs. The statute gives health care providers and health plans 24 months (36 months for small health plans) to implement each standard after it is designated. This will give the industry flexibility in determining the most cost- effective way of implementing the standards. A health plan may decide to implement more than one standard at a time or to combine implementation of a standard with other system changes dictated by its own business needs. As a result, overall estimates will be more accurate than individual estimates.

Assessing the benefits of implementing each standard independently would also be inaccurate. While each individual standard is beneficial, the standards as a whole have a synergistic effect on savings. For example, the combination of the standard health plan identifier and standard claim format would improve the coordination of benefits process to a much greater extent than either standard individually. Clearly, the costs and benefits described in this impact analysis are dependent upon all of the rules being published at roughly the same time.

It is difficult to assess the costs and benefits of such a sweeping change with no historical experience. Moreover, we do not yet know enough about the issues and options related to the standards that are still being developed to be able to discuss them here. Our analysis, as a result, will be primarily qualitative and somewhat general. In order to address that shortcoming, we have added a section discussing specific issues related to the provider identifier standard. In each subsequent regulation, we will, if appropriate, include a section discussing the specifics of the standard or standards being designated in the regulation. In addition, we will update this analysis to reflect any additional cost/benefit information that we receive from the public during the comment period for the proposed rule. We solicit comments on this approach and on our assumptions and conclusions.

C. Overall Cost/Benefit Analysis

In order to assess the impact of the HIPAA administrative simplification provisions, it is important to understand current industry practices. A 1993 study by Lewin-VHI (1, p. 4) estimated that administrative costs comprised 17 percent of total health expenditures. Paperwork inefficiencies are a component of those costs, as are the inefficiencies caused by the more than 400 different data transmission formats currently in use. Industry groups such as ANSI ASC X12N have developed standards for EDI transactions, which are used by some health plans and health care providers. However, migration to these recognized standards has been hampered by the inability to develop a concerted approach, and even “standard” formats such as the Uniform Bill (UB-92), the standard Medicare hospital claim form (which is used by most hospitals, skilled nursing facilities, and home health agencies for inpatient and outpatient claims) are customized by plans and health care providers.

Several reports have made estimates of the costs and/or benefits of implementing electronic data interchange (EDI) standards. In assessing the impact of the HIPAA administrative simplification provisions, the Congressional Budget Office reported that:

“The direct cost of the mandates in Title II of the bill would be negligible. Health plans (and those providers who choose to submit claims electronically) would be required to modify their computer software to incorporate new standards as they are adopted or modified...Uniform standards would generate offsetting savings for plans and providers by simplifying the claims process and coordination of benefits.” (page 4 of the Estimate of Costs of Private Sector Mandates)

The most extensive industry analysis of the effects of EDI standards was developed by WEDI in 1993, which built upon a similar 1992 report. The WEDI report used an extensive amount of information and analysis to develop its estimates, including data from a number of EDI pilot projects. The report included a number of electronic transactions that are not covered by HIPAA, such as materials management. The report projected implementation costs ranging between $5.3 billion and $17.3 billion (3, p. 9-4) and annual savings for the transactions covered by HIPAA ranging from $8.9 billion and $20.5 billion (3, pp. 9-5 and 9-6). Lewin estimated that the data standards proposed in the Healthcare Simplification and Uniformity Act of 1993 would save from 2.0 to 3.9 percent of administrative costs annually ($2.6 to $5.2 billion based on 1991 costs) (1, p.12). A 1995 study commissioned by the New Jersey Legislature estimated yearly savings of $760 million in New Jersey alone, related to EDI claims processing, reducing claims rejection, performing eligibility checks, decreasing accounts receivable, and other potential EDI applications (4, p.316)

We have drawn heavily on the WEDI report for many of our estimates. However, our conclusions differ, especially in the area of savings, for a number of reasons. The WEDI report was intended to assess the savings from a totally EDI environment, which HIPAA does not mandate. Health care providers may still choose to conduct HIPAA transactions on paper. In addition, a significant amount of movement toward EDI has been made (especially in the claims area) since 1993, and it is reasonable to assume that EDI would have continued to grow at some rate even without HIPAA. In order to assess the true impact of the legislation and these regulations, we cannot claim that all subsequent benefits are attributable to HIPAA.

D. Implementation Costs

The costs of implementing the standards specified in the statute are primarily one-time or short-term costs related to conversion. They can be characterized as follows:

  1. System Conversion/Upgrade -- Health care providers and health plans will incur costs to convert existing software to utilize the standards. Health plans and large health care providers generally have their own information systems, which they maintain with in-house or contract support. Small health care providers are more likely to use off-the-shelf software developed and maintained by a vendor. Examples of software changes include the ability to generate and accept transactions using the standard (for example, claims, remittance advices) and converting or crosswalking current provider files and medical code sets to chosen standards. However, health care providers have considerable flexibility in determining how and when to accomplish these changes. One alternative to a complete system redesign would be to purchase a translator that reformats existing system outputs into standard transaction formats. A health plan or health care provider could also decide to implement two or more related standards at once or to implement one or more standards during a software upgrade. We expect that each health care provider’s and health plan’s situation will differ and that each will select a cost-effective implementation scheme. Many health care providers use billing agents or claims clearinghouses to facilitate EDI. (Although we discuss billing agents and claims clearinghouses as separate entities in this impact analysis, billing agents are considered to be the same as clearinghouses for purposes of administrative simplification). Those entities would also have to reprogram to accommodate standards. We would expect these costs to be passed on to health care providers in the form of fee increases or to be absorbed as a cost of doing business.
  2. Start-up Cost of Automation -- The legislation does not require health care providers to conduct transactions electronically. Those who do not currently have electronic capabilities would have to purchase and implement hardware and software and train staff to use it in order to benefit from EDI. However, this is likely to be less costly once standards are in place, because there will be more vendors supporting the standard.
  3. Training -- Health care provider and health plan personnel will require training on use of the various standard identifiers, formats, and code sets. For the most part this will be directed toward administrative personnel, but training in new code sets would be required for clinical staff as well.
  4. Implementation problems -- The implementation of any industry-wide standards will inevitably introduce additional complexity as health plans and health care providers struggle to re-establish communication and process transactions using the new formats, identifiers, and code sets. This is likely to result in a temporary increase in rejected transactions, manual exception processing, payment delays, and requests for additional information.

While the majority of costs are one-time costs related to implementation, there are also on-going costs associated with administrative simplification. Health care providers and health plans may incur on-going costs to subscribe to or purchase documentation and implementation guides related to code sets and standard formats as well as health plan and provider identifier directories or data files. These entities may already be incurring some of these costs, and the costs under HIPAA would be incremental. We will be pursuing low-cost distribution options to keep these costs as low as possible.

In addition, EDI could affect cash flow throughout the health insurance industry. Electronic claims reach the health plan faster and can be processed faster. This has the potential to improve health care providers’ cash flow situations while decreasing health plans’ earnings on cash reserves.

The only known impact on individuals and employers (other than those that function as health plans) is the need to obtain an identifier.

E. Benefits of Increased Use of EDI for Health Care Transactions

Some of the benefits attributable to increased EDI can be readily quantified, while others are more intangible. For example, it is easy to compute the savings in postage from EDI claims, but attributing a dollar value to processing efficiencies is difficult. In fact, the latter may not result in lower costs to health care providers or health plans but may be categorized as cost avoidance, rather than savings. For example, a health care provider may find that its billing office staff can be reduced from four clerks to three after standards are implemented. The health care provider could decide to reduce the staff size, to reduce the billing office staff and hire additional clinical personnel, or to retain the staff and assign new duties to them. Only the first option results in a “savings” (i.e., fewer total dollars spent) for the health care provider or the health care industry. However, all three options allow health care providers to reduce administrative costs associated with billing. We are considering these to be benefits for purposes of this analysis because it is consistent with the way the industry views them. The benefits of EDI to industry in general are well documented in the literature. One of the most significant benefits of EDI is the reduction in manual data entry. The paper processing of business transactions requires manual data entry at the point in which the data are received and entered into a system. For example, the data on a paper health care transaction from a health care provider to a health plan have to be manually entered into the health plan’s business system. If the patient has more than one health plan, the second health plan would also have to manually enter the data into its system if it cannot receive the information electronically. The potential for repeated keying of information transmitted via paper results in increased labor as well as significant opportunities for keying errors. EDI allows for direct data transmission between computer systems, which reduces the need to rekey data.

Another problem with paper-based transactions is that these documents are mostly mailed. Normal delivery times of mailings can vary anywhere from one to several days for normal first class mail. To ship paper documents more quickly can be expensive. While bulk mailings can reduce some costs, paper mailings remain costly. Using postal services can also lead to some uncertainty as to whether the transaction was received, unless more expensive certified mail options are pursued. A benefit of EDI is that the capability exists for the sender of the transaction to receive an electronic acknowledgment once the data is opened by the recipient. Also, because EDI involves direct computer to computer data transmission, the associated delays with postal services are eliminated. With EDI, communication service providers such as value added networks function as electronic post offices and provide 24-hour service. Value added networks deliver data instantaneously to the receiver’s electronic mailbox.

In addition to mailing time delays, there are other significant costs in using paper forms. These include the costs of maintaining an inventory of forms, typing data onto forms, addressing envelopes, and the cost of postage. The use of paper also requires significant staff resources to receive and store the paper during normal processing. The paper must be organized to permit easy retrieval if necessary.

F. The Role of Standards in Increasing the Efficiency of EDI

There has been a steady increase in use of EDI in the health care market since 1993, and we predict that there would be some continued growth, even without national standards. However, we believe the upward trend in EDI health care transactions will be enhanced by having national standards in place. Because national standards are not in place today, there continues to be a proliferation of proprietary formats in the health care industry. Proprietary formats are those that are unique to an individual business. Due to proprietary formats, business partners that wish to exchange information via EDI must agree on which formats to use. Since most health care providers do business with a number of plans, they must produce EDI transactions in many different formats. For small health care providers, this is a significant disincentive for converting to EDI.

National standards would allow for common formats and translations of electronic information that would be understandable to both the sender and receiver. If national standards were in place, there would be no need to determine what format a trading partner was using. Standards also reduce software development and maintenance costs that are required for converting proprietary formats. The basic costs of maintaining unique formats are the human resources spent converting data or in personally contacting entities to gather the data because of incompatible formats. These costs are reflected in increased office overhead, and a reliance on paper and third party vendors as well as communication delays and general administrative hassle. Health care transaction standards will improve the efficiency of the EDI market and will help further persuade reluctant industry partners to choose EDI over traditional mail services.

The statute directs the Secretary to establish standards and sets out the timetable for doing so. The Secretary must designate a standard for each of the specified transactions and identifiers but does have the discretion to designate alternate standards (for example, both a flat file and X12N format for a particular transaction). We have chosen to designate a single standard for each identifier and transaction. On the surface, allowing alternate standards would seem to be a more flexible approach, permitting health care providers and health plans to choose which standard best fits their business needs. In reality, health plans and health care providers generally conduct EDI with multiple partners. Since the choice of a standard transaction format is a bilateral decision between the sender and receiver, most health plans and health care providers would need to support all of the designated standards for the transaction in order to meet the needs of all of their trading partners. Single standards will maximize net benefits and minimize ongoing confusion.

Health care providers and health plans have a great deal of flexibility in how and when they will implement standards. The statute specifies dates by which health plans will have adopted standards, but within that time period health plans can determine when and in which order they will implement standards. Health care providers have the flexibility to determine when it is cost- effective for them to convert to EDI. Health plans and health care providers have a wide range of vendors and technologies from which to choose in implementing standards and can choose to utilize a health care clearinghouse to produce standard transactions. Implementation options for transactions will be the subject of more detailed analysis in a subsequent regulation.

G. Cost/Benefit Tables

The tables below illustrate the costs for health plans and health care providers to implement the standards and the savings that will occur over time as a result of the HIPAA administrative simplification provisions. All estimates are stated in 1998 dollars -- no adjustment has been made for present value.

The tables are extracted from a report prepared by our actuaries, who analyzed the impact of the HIPAA administrative simplification provisions. Using standard actuarial principles, they utilized data from a wide range of industry sources as a base for their estimates but revised them as needed to precisely reflect the impact of the legislation. For example, the number of health care providers and percentage of EDI transactions were adjusted to reflect expected 1998 levels. Where data were not available (for example, the percentage of EDI billing for hospices), estimates were developed based on assumptions. Where data from multiple sources were in conflict, the various sources were considered in developing an independent estimate. These processes are complex and are described in detail in the actuaries’ report, both in narrative form and in footnotes to tables. The report is too voluminous to publish here, and it is not feasible to describe the processes used to arrive at each and every number. We are presenting here the data that are most critical to assessing the impact of HIPAA administrative simplification provisions and a general description of the processes used to develop those data. The full actuarial report is available for inspection at the HCFA document room and at the following web site: http://aspe.hhs.gov/admnsimp/.

The costs are based on estimates for the cost of a moderately complex set of software upgrades. The range of costs that health plans and health care providers will incur is quite large and is based on such factors as the size and complexity of the existing systems, ability to implement using existing low-cost translator software, and reliance on health care clearinghouses to create standard transactions. The cost of a moderately complex upgrade represents a reasonable midpoint in this range. In addition, we assume that health plans and health care providers with existing EDI systems will incur implementation costs related to manual operations to make those processes compatible with the EDI systems. For example, manual processes may be converted to recognize standard identifiers or to produce paper remittance advices that contain the same data elements as the EDI standard transaction. We have estimated those costs to equal 50 percent of the upgrade cost. Health care providers that do not have existing EDI systems will also incur some costs due to HIPAA, even if they choose not to implement EDI for all of the HIPAA transactions. For example, a health care provider may have to change accounting practices in order to process the revised paper remittance advice discussed above. Health plans must accept HIPAA transactions via EDI, but not all health plans will be called upon to accept all HIPAA transactions. For example, some health plans process only dental claims, while others process claims for institutional and noninstitutional services. We have assumed the average cost for non-EDI health care providers and health plans to be half that of already-automated health care providers and health plans.

Savings are based on the estimated increase in EDI attributable to the HIPAA administrative simplification provisions, multiplied by a per transaction savings for each type of transaction. Our estimates are much lower than those included in the WEDI report, primarily because we only recognize savings that would not have occurred without the legislation. While some industry estimates of gross savings (not net of costs) have been as high as $32.8 billion over five years, we believed it was important to utilize the most conservative assumptions possible. It is important to view these estimates as an attempt to furnish a realistic context rather than as precise budgetary predictions. Our estimates also do not include any benefits attributable to qualitative aspects of Administrative simplification, because of the lack of reliable data. (For example, we do not attempt to put a dollar value on improved public health practices that will result from implementation of standard identifiers.) We strongly encourage comments on how to quantitatively and qualitatively measure the efficiencies realized as a result of the HIPAA administrative simplification standards.

More detailed information regarding data sources and assumptions is provided in the explanations for the specific tables.

Table 1 below shows estimated costs and savings for health plans. The number of entities is based on the WEDI report, Department of Labor data, and various trade publications trended forward to 1998. The cost per health plan for software upgrades is based on the WEDI report, which estimated a range of costs required to implement a fully capable EDI environment. The high- end estimates ranged from two to ten times higher than the low-end estimates. We have used the lower end of the estimates in most cases because, as explained above, HIPAA does not require as extensive changes as envisioned by WEDI. The estimated percentages of health plans that accept electronic billing are based on reports in the 1997 edition of Faulkner & Gray’s Health Data Directory (5). The total cost for each type of health plan is the sum of the cost for EDI and non-EDI plans. Cost for EDI plans is computed as follows:

Total Entities x EDI % x Average Upgrade Cost x 1.5 (NOTE: As described above, the cost of changing manual processes is estimated to be half the cost of system changes.)

Cost for non-EDI plans is computed as follows:

Total entities x (1 - EDI %) x Average Upgrade Cost x .5 (NOTE: As described above, cost to non-EDI health care providers is assumed to be half the cost of systems changes.)

The $3.9 billion in savings is derived from Table 4, and represents savings to health plans for the first five years of implementation. The assumptions related to these savings are contained in the explanation to Table 4. The savings have been apportioned to each type of health plan based on the ratio of that health plan type’s cost to the cost to all health plans. For example, a plan type that incurs ten percent of the costs would be assigned ten percent of the savings. We acknowledge that this is an imprecise method for allocating savings. We have not been able to identify a reliable method for allocating savings to specific types of health plans but nonetheless believed that it was important to present costs and savings together in order to provide a sense of how the HIPAA administrative simplification provisions would affect various entities.

Table 1 - Health Plan Implementation Costs and Savings (in Millions) (1998-2002)

Type of Plan

Number of Plans

Average Cost

% EDI

Total Cost (in Millions)

Savings (in Millions)

Large commercials

250

$1,000,000

.90

$ 350

$ 620

Smaller commercials

400

500,000

.50

200

354

Blue Cross/ Blue Shield

75

1,000,000

.90

106

188

Third-party administered

750

500,000

.50

375

665

HMO/PPO

1,500

250,000

.50

375

665

Self- administered

16,000

50,000

.25

600

1,063

Other employer plans

3,900,000

100

.00

195

345

TOTAL

     

$2,201

$3,900

Table 2 illustrates the costs and savings attributable to various types of health care providers.

The number of entities (practices, not individual health care providers) is based on the 1992 Census of Services, the 1996 Statistical Abstract of the United States, and the American Medical Association survey of group practices trended forward to 1998. Estimated percentages of EDI billing are based on the 1997 edition of Faulkner & Gray’s Health Data Directory or are actuarial estimates.

The cost of software upgrades for personal computers (PCS) is based on reports on the cost of software upgrades to translate and communicate standardized claims forms. The low end is used for smaller practices and the high end for larger practices with PCS. The estimate for mainframe upgrade packages is twice the upper end for PCS. The cost per upgrade for facilities is ours after considering estimates by WEDI and estimates of the cost of new software packages in the literature. The estimates fall within the range of the WEDI estimates, but that range is quite large. For example, WEDI estimates the cost for a large hospital upgrade would be from $50,000 to $500,000. For an explanation of the method for computing Total Cost, see the explanation for Table 1.

The $3.4 billion in savings is derived from Table 4 and represents savings to health care providers for the first five years of implementation. We have included them here to provide a sense of how the HIPAA administrative simplification provisions would affect various entities. As in Table 1, the savings have been apportioned to each type of health care provider based on the ratio of that health care provider type’s cost to the cost to all health care providers.

Table 2 - Health Care Provider Implementation Costs and Savings (in Millions) (1998-2002)

Type of Provider

Number of Providers

Average Cost

% EDI

Total Cost (in Millions)

Savings (in Millions)

Hospitals <100 beds

2,850

$100,000

.86

$ 388

$ 369

Hospitals 100+ beds

3,150

250,000

.86

1,071

1,019

Nursing facility <100 beds

27,351

10,000

.50

274

260

Nursing facility 100+ beds

8,369

20,000

.50

167

159

Home health agency

10,608

10,000

.75

133

126

Hospice

1,191

10,000

.10

7

7

Dialysis facility

1,211

10,000

.75

15

14

Specialty outpatient

7,175

10,000

.75

90

85

Pharmacy

70,100

4,000

.85

379

360

Medical labs

9,000

4,000

.85

49

46

Dental labs

8,000

1,500

.50

12

11

DME

116,800

1,500

.50

175

167

Physicians solo and groups <3

337,000

1,500

.20

354

337

Physicians groups 3+ with mainframe

17,000

8,000

.75

170

162

Physicians groups 3+ with PCS

15,000

4,000

.40

54

51

Physicians groups 3+ no automation

2,000

0

.00

0

0

Osteopaths

35,600

1,500

.10

32

30

Dentists

147,000

1,500

.14

141

134

Podiatrists

8,400

1,500

.05

7

6

Chiropractors

29,000

1,500

.05

24

23

Optometrists

18,200

1,500

.05

14

14

Other professionals

23,600

1,500

.05

20

19

TOTAL

     

$3,574

$3,400

Table 3 shows the estimates we used to determine the portion of EDI increase attributable to the HIPAA administrative simplification provisions. The proportion of claims that would be processed electronically even without HIPAA is assumed to grow at the same rate from 1998 through 2002 as it did from 1992 to 1996, except that the rate for hospitals, which is already high, is assumed to grow at one percent annually instead of the two percent that was observed from 1992-1996. The proportion of “other” provider claims is high because it includes pharmacies that generate large volumes of claims and have a high rate of electronic billing.

The increase attributable to HIPAA is highly uncertain and is critical to the savings estimate. Our actuary arrived at these estimates based on an analysis of the current EDI environment. Because the rate of growth in electronic billing is already high, there is not much room for added growth. On the other hand, much of the increase that has already occurred is attributable to Medicare and Medicaid; private insurers and third party administrators still have fairly low rates of electronic billing and may benefit significantly from standardization.

Type of Provider

1998

1999

2000

2001

2002

Table 3 - Percent Growth in EDI Claims Attributable to HIPAA AS Provisions (Cumulative)

Physician:

% before HIPAA

% after HIPAA

Difference

45%

45

--

50%

52

2

55%

59

4

60%

66

6

65%

73

8

Hospital:

% before HIPAA

% after HIPAA

Difference

86%

86

--

87%

88

1

88%

89

1

89%

91

2

90%

92

2

Other:

% before HIPAA

% after HIPAA

Difference

75%

75

--

76%

78

2

77%

81

4

78%

84

6

79%

87

8

Table 4 shows the annual costs, savings, and net savings over a five-year implementation period. We assume that the costs will be incurred within the first three years, since the statute requires health plans other than small health plans to implement within 24 months and small health plans to implement within 36 months. As each health plan implements a standard, health care providers that conduct electronic transactions with that health plan would also implement the standard. We assume that no savings would accrue in the first year, because not enough health plans and health care providers would have implemented the standards. Savings would increase as more health plans and health care providers implement, exceeding costs in the fourth year. At that point, the majority of health plans and health care providers will have implemented the standards, and costs will decrease and benefits will increase as a result.

The savings per claim processed electronically instead of manually is based on the lower end of the range estimated by WEDI. We have used $1 per claim for health plans and physicians, and $.75 per claim for hospitals and other health care providers. These estimates are based on surveys of health care providers and health plans. Savings per EDI claim are computed by multiplying the per claim savings times the number of EDI claims attributed to HIPAA. The total number of EDI claims is used in computing the savings to health plans, while the savings for specific health care provider groups is computed using only the number of EDI claims generated by that group (for example, savings to physicians is computed using only physician EDI claims).

WEDI also estimated savings resulting from other HIPAA transactions. The savings per transaction was higher than the savings from electronic billing, but the number of transactions was much smaller. Our estimates for transactions other than claims were derived by assuming a number of transactions and a savings per transaction relative to those assumed for the savings for electronic billing (see table 4a). In general our assumptions are close to those used by WEDI. One major difference is that we derived the number of enrollment/disenrollment transactions from Department of Labor statistics. We used their estimate of the number of events requiring a certificate to be issued, which includes such actions as starting or leaving a firm, children “aging out” of coverage and death of policyholder. That estimate is about 45 million events. We used WEDI’s estimate that the savings per transaction is about half that of billing transactions.

We also assumed that savings could be expected from simplifications in manual claims. The basic assumption is that the savings are ten percent (per transaction) of those that are projected for conversion to electronic billing. However, it is also assumed that the standards only gradually allow health care providers and health plans to abandon old forms and identifiers because of the many relationships that have been established with other entities that will require a period of overlap.

Costs and Savings

1998

1999

2000

2001

2002

Total

Table 4 - Five-Year Net Savings (in Billions of Dollars)

Costs:

Provider

Plan

Total

1.3

0.8

2.0

1.3

0.8

2.0

1.1

0.7

1.7

0.0

0.0

0.0

0.0

0.0

0.0

3.6

2.2

5.8

Savings from Claims Processing:

Provider

Plan

Total

0.0

0.0

0.0

0.1

0.1

0.2

0.3

0.2

0.5

0.4

0.4

0.8

0.6

0.5

1.1

1.4

1.2

2.6

Savings from Other Transactions:

Provider

Plan

Total

0.0

0.0

0.0

0.2

0.2

0.3

0.4

0.4

0.8

0.7

0.6

1.2

1.1

0.8

1.8

2.4

2.0

4.1

Savings from Manual Transactions:

Provider

Plan

Total

0.0

0.0

0.0

0.0

0.0

0.1

0.1

0.1

0.1

0.1

0.1

0.2

0.1

0.1

0.2

0.3

0.3

0.6

Total Savings:

Provider

Plan

Total

0.0

0.0

0.0

0.3

0.3

0.6

0.6

0.7

1.4

1.0

1.2

2.2

1.5

1.6

3.1

3.4

3.9

7.3

Net:

Provider

Plan

Total

(1.3)

(0.8)

(2.0)

(1.0)

(0.5)

(1.4)

(0.5)

0.0

(0.3)

1.0

1.2

2.2

1.5

1.6

3.1

(0.2)

1.7

1.5

NOTE: Figures do not total due to rounding.

Table 4a shows the savings per nonclaim transaction as a multiple of claims savings per transaction and the ratio of transactions to number of claims. These values were used to determine the savings for nonclaims transactions.

Table 4a - Relative Savings and Volume of Other Transactions

Transaction

Savings

Volume

Claim

1.0

1.0

Claims inquiry

4.0

0.5

Remittance advice

1.5

0.10

Coordination of benefits

0.5

0.10

Eligibility inquiry

0.5

0.05

Enrollment/ disenrollment

0.5

0.01

Referral

0.1

0.10

H. Qualitative Impacts of Administrative Simplification

Administration simplification produces more than hard-dollar savings. There are also qualitative benefits that are less tangible, but nevertheless important. These changes become possible when data can be more easily integrated across entities. WEDI suggests in its 1993 report that there will be a “ripple-effect” of implementing an EDI infrastructure on the whole health care delivery system in that there would be a reduction in duplicate medical procedures and processes as a patient is handled by a continuum of health care providers during an episode of care. WEDI also suggests that there will be a reduction in the exposure to health care fraud as security controls on electronic transactions will prevent unauthorized access to financial data.

We also believe that having standards in place would reduce administrative burden and improve job satisfaction. For example, fewer administrative staff would be required to translate procedural codes, since a common set of codes would be used. All codes used in these transactions will be standardized, eliminating different values for data elements (for example, place of service).

Administrative simplification would promote the accuracy, reliability and usefulness of the information shared. For example, today there are any number of claims formats and identifiers in use. We estimate that there are over 400 variations of electronic formats for claims transactions alone. As we noted earlier, these variations make it difficult for parties to exchange information electronically. At a minimum, it requires data to be translated from the sender’s own format to the different formats specified by each intended receiver. Also, since industry has taken different approaches to uniquely identifying patients, health care providers and health plans (based on their individual business needs and preferences), it has become difficult to develop methods to compare services across health care providers and health plans. This mixed approach to enumeration has made it extremely difficult for health care researchers to do comparative analysis across settings and over time, and complicates identification of individuals for public health and epidemiologic purposes.

Administrative simplification greatly enhances the sharing of data both within entities and across entities. It facilitates the coordination of benefit information by having in place a standardized set of data that is known to all parties, along with standardized name and address information that tells where to route transactions. Today, health care providers are reluctant to file claims to multiple health plans on the behalf of the patient because information about a patient’s eligibility in a health plan is difficult to verify. Additionally, identifying information about health plans is not standardized or centralized for easy access. Most claims filed by patients today are submitted in hardcopy. We anticipate that more health care providers will file claims and coordinate benefits on the patient’s behalf once standard identifiers are adopted and this information is made available electronically.

I. Regulatory Flexibility Analysis

The Regulatory Flexibility Act (RFA) of 1980, Public Law 96- 354, requires us to prepare a regulatory flexibility analysis if the Secretary certifies that a proposed regulation would have a significant economic impact on a substantial number of small entities. In the health care sector, a small entity is one with less than $5 million in annual revenues. Nonprofit organizations are considered small entities; however, individuals and States are not included in the definition of a small entity. We have attempted to estimate the number of small entities and provide a general discussion of the effects of the statute. We request comments and additional information about our estimates and discussion.

All nonprofit Blue Cross-Blue Shield Plans are considered small entities. Two percent of the approximately 3.9 million employer health plans are considered small businesses. All doctors of osteopathy, dentists, podiatrists, chiropractors, and solo and group physicians’ offices with fewer than three physicians are considered small entities. Forty percent of group practices with 3 or more physicians and 90 percent of optometrist practices are considered small entities. Seventy-five percent of all pharmacies, medical laboratories, dental laboratories and durable medical equipment suppliers are assumed to be small entities.

We found the best source for information about the health data information industry to be Faulkner & Gray’s Health Data Dictionary. This publication is the most comprehensive we found of its kind. The information in this directory is gathered by Faulkner & Gray editors and researchers who called all of the more than 3,000 organizations that are listed in the book to elicit information about their operations. It is important to note that some businesses are listed as more than one type of business entity. That is because in reporting the information, companies could list themselves as up to three different types of entities. For example, some businesses listed themselves as both practice management vendors as well as claims software vendors because their practice management software was “EDI enabled.”

All the statistics referencing Faulkner & Gray’s come from the 1996 edition of its Health Data Dictionary. It lists 100 third party claims processors, which includes health care clearinghouses (5-33). Faulkner & Gray define third party claims processors as entities under contract that take electronic and paper health care claims data from health care providers and billing companies that prepare bills on a health care provider’s behalf. The third party claims processor acts as a conduit to health plans; it batches claims and routes transactions to the appropriate health plan in a form that expedites payment.

Of the 100 third party processors/clearinghouses listed in this publication, seven processed more that 20 million electronic transactions per month. Another 14 handled 2 million or more transactions per month and another 29 handled over a million electronic transactions per month. The remaining 50 entities listed processed less than a million electronic transactions per month. We believe that almost all of these entities have annual revenues of under $5 million and would therefore be considered small entities by our definition.

Another entity that is involved in the electronic transmission of health care transactions is the value added network. Value added networks are involved in the electronic transmission of data over telecommunication lines. We include value added networks in the definition of a health care clearinghouse. Faulkner & Gray list 23 value added networks that handle health care transactions (5, p. 544). After further discussion, the editors clarified that only 8 of the 23 would be considered “pure” value added networks. We believe that all of these companies have annual revenues of over $5 million.

A billing company is another entity involved in the electronic routing of health care transactions. It works primarily with physicians either in office or hospital-based settings. Billing companies, in effect, take over the office administrative functions for a physician; they take information such as copies of medical notes and records and prepare claim forms that are then forwarded to an insurer for payment. Billing companies may also handle the receipt of payments, including posting payment to the patient’s record on behalf of the health care provider. They can be located within or outside of the physician’s practice setting.

The International Billing Association is a trade association representing billing companies. The International Billing Association estimated that there are approximately 4500 billing companies currently in business in the United States. The International Billing Association’s estimates are based on the name and address of actual billing companies that it compiled in developing its mailing list. We believe all of the 4500 billing companies known to be in business have revenues under $5 million annually.

Software system vendors provide computer software applications support to health care clearinghouses, billing companies, and health care providers. They particularly work with health care providers’ practice management and health information systems. These businesses provide integrated software applications for such services as accounts receivable management, electronic claims submission (patient billing), record keeping, patient charting, practice analysis and patient scheduling. Some software vendors are also involved in providing applications for translating paper and nonstandard computer documents into standardized formats that are acceptable to health plans.

Faulkner & Gray list 104 physician practice management vendors and suppliers (5, p. 520), 105 hospital information systems vendors and suppliers (5, p. 444), 134 software vendors and suppliers for claims-related transactions (5, p. 486), and 28 translation vendors (5, p. 534). We were unable to determine the number of these entities with revenues over $5 million, but we assume most of these businesses would be considered small entities under our definition.

As discussed earlier in this analysis, the cost of implementing the standards specified in the statute are primarily one-time or short-term costs related to conversion. They were characterized as follows: software conversion, cost of automation, training, implementation problems, and cost of documentation and implementation guides. Rather than repeat that information here, we refer you to the beginning of this impact analysis.

1. Health care Providers and Health Plans

As a result of standard data format and content, health care providers and health plans that wish to do business electronically could do so knowing that whatever capital outlays they make are worthwhile, with some certainty of return on investment. This is because entities that exchange electronic health care transactions would be required to receive and send transactions in the same standard formats using the same health care provider and health plan identifiers. We believe this will be an incentive to small physicians’ offices to convert from paper to EDI. In a 1996 Office of the Inspector General study entitled “Encouraging Physicians to Use Paperless Claims,” the Office of the Inspector General and HCFA agreed that over $36 million in annual Medicare claims processing savings could be achieved if all health care providers submitting 50 or more Medicare claims per month submitted them electronically. Establishment of EDI standards will make it financially beneficial for many small health care providers to convert to electronic claim submissions, because all health plans would accept the same formats.

Additionally, we believe that those health care providers that currently use health care clearinghouses and billing agencies will see costs stabilize and potentially some cost reduction. This would result from the increased efficiency that health care clearinghouses and billing companies will realize from being able to more easily link with health care industry business partners.

2. Third Party Vendors

Third party vendors include third party processors/clearinghouses (including value added networks), billing companies, and software system vendors. While the market for third party vendors will change as a result of standardization, these changes will be positive to the industry and its customers over the long term. However, the short term/one time costs discussed above will apply to the third party vendor community.

a. Clearinghouses and Billing Companies

As noted above, health care clearinghouses are entities that take health care transactions, convert them into standardized formats acceptable to the receiver, and forward them on to the insurer. Billing companies take on the administrative functions of a physician’s office. The market for clearinghouse and billing company services will definitely be affected by the HIPAA administrative simplification provisions; however there appears to be some debate on how the market for these services will be affected.

It is likely that competition among health care clearinghouses and billing companies will increase over time. This is because standards would reduce some of the technical limitations that currently inhibit health care providers from conducting their own EDI. For example, by eliminating the requirement to maintain several different claims standards for different trading partners, health care providers will be able to more easily link themselves directly to health plans. This could negatively affect the market for health care clearinghouses and system vendors that do translation services; however, standards should increase the efficiency in which health care clearinghouses operate by allowing them to more easily link to multiple health plans. The increased efficiency in operations resulting from standards could, in effect, lower their overhead costs as well as attract new health care clearinghouse customers to offset any loss in market share that they might experience.

Another potential area of change is that brought about through standardized code sets. Standards would lower costs and break down logistical barriers that discouraged some health care providers from doing their own coding and billing. As a result, some health care providers may choose an in-house transaction system rather than using a billing company as a means of exercising more control over information. Conversely, health care clearinghouses may acquire some short-term increase in business from those health care providers that are automated but do not use the selected standards. These health care providers would hire health care clearinghouses to take data from the nonstandard formats they are using and convert them into the appropriate standards. Generally, we would also expect health care clearinghouses to identify opportunities to add value to transaction processing and to find new business opportunities, either in marketing promotional materials or in training health care providers on the new transaction sets. Standards would increase the efficiency of health care clearinghouses, which could in turn drive costs for these services down. Health care clearinghouses may be able to operate more efficiently or at a lower cost based on their ability to gain market share. Some small billing companies may be consumed by health care clearinghouses that may begin offering billing services to augment their health care clearinghouse activities. However, most health care providers that use billing companies would probably continue to do so because of the comprehensive and personalized services these companies offer.

Value added networks do not manipulate data but rather transmit data in its native form over telecommunication lines. We anticipate that the demand for value added network services would increase as additional health care providers and health plans move to electronic data exchange. Standards would eliminate the need for data to be reformatted, which would allow health care providers to purchase value added network services individually rather than as a component of the full range of clearinghouse services.

b. Software Vendors

As noted above, software vendors provide computer software applications support to health care clearinghouses and health care providers. They particularly work with health care providers’ practice management and health information systems. We believe these entities would be affected positively, at least in the short term. The implementation of administrative simplification would enhance their business opportunities as they would be involved in developing computerized software solutions that would allow for health care providers and other entities that exchange health care data to integrate the new transaction set into their existing systems. They may also be involved in developing software solutions to manage the crosswalk of existing health care provider and health plan identifiers to the national provider identifier and health plan identifier (PAYERID) until such time as all entities have implemented the identifiers.

J. Unfunded mandates

We have identified costs to the private sector to implement these standards. Although these costs are unfunded, we expect that they will be offset by subsequent savings as detailed in this impact analysis.

Most costs will occur in the first 3 years following the adoption of the HIPAA standards, with savings to health care providers and health plans exceeding costs in the fourth year. Five-year costs of implementing the HIPAA standards are estimated at $ 5.8 billion for health care providers and health plans combined. Savings to these entities over the same period in electronic claims processing, other electronic transactions (e.g., enrollments and disenrollments), and manual transactions are estimated at $ 7.3 billion, for a net savings of $ 1.5 billion in 5 years.

The costs to State and local governments and tribal organizations are also unfunded, but we do not have sufficient information to provide estimates of the impact of these standards on those entities. Several State Medicaid agencies have estimated that it would cost $1 million per state to implement all the HIPAA standards. However, the Congressional Budget Office analysis stated that “States are already in the forefront in administering the Medicaid program electronically; the only costs--which should not be significant--would involve bringing the software and computer systems for the Medicaid programs into compliance with the new standards.” The report went on to point out that Medicaid State agencies have the option to compensate by reducing other expenditures and that other State and local government agencies are likely to incur less in the way of costs since most of them will have fewer enrollees. Moreover, the Federal government pays a portion of the cost of converting State Medicaid Management Information Systems (MMIS) as Federal Financial Participation -- 75 percent for system maintenance changes and 90 percent for new software (if approved). Many States are in the process of changing systems as they convert many of the current functions in the move to enroll Medicaid beneficiaries in managed care.

K. Specific Impact of Provider Identifier

This is the portion of the impact analysis that relates specifically to the standard that is the subject of this regulation -- the health care provider identifier. This section describes specific impacts that relate to the provider identifiers. However, as we indicated in the introduction to this impact analysis, we do not intend to associate costs and savings to specific standards. In addition, this section assesses the relative cost impact of the various identifier options and implementation options set out in the regulation.

Although we cannot determine the specific economic impact of the standard being proposed in this rule (and individually each standard may not have a significant impact), the overall impact analysis makes clear that, collectively, all the standards will have a significant impact of over $100 million on the economy. Also, while each standard may not have a significant impact on a substantial number of small entities, the combined effects of all the proposed standards may have a significant effect on a substantial number of small entities. Therefore, the following impact analysis should be read in conjunction with the overall impact analysis.

In accordance with the provisions of Executive Order 12866, this proposed rule was reviewed by the Office of Management and Budget.

1. Affected entities.

a. Health care providers.

Health care providers that conduct electronic transactions with health plans would have to begin to use the NPI in those transactions. Health care providers that are indirectly involved in electronic transactions (for example, by submitting a paper claim that the health plan transmits electronically to a secondary payer) may also use the NPI. Any negative impact on these health care providers generally would be related to the initial implementation period. They would incur implementation costs for converting systems, especially those that generate electronic claims, from current provider identifiers to the NPI. Some health care providers would incur those costs directly and others would incur them in the form of fee increases from billing agents and health care clearinghouses.

Health care providers not only would have to include their own NPI on claims, but they would also have to obtain and use NPIs of other health care providers (for example, for referring and ordering). This would be a more significant implementation workload for larger institutional health care providers, such as hospitals, that would have to obtain the NPIs for each physician practicing in the hospital. However, these health care providers are accustomed to maintaining these types of data. There would also be a potential for disruption of claims processes and timely payments during a particular health plan’s transition to the NPI. Some health care providers that do not do business with government programs may be resistant to obtaining an NPI and providing data about themselves that would be stored in a national database.

Health care providers would also have to obtain an NPI and report changes in pertinent data. Under one of the enumeration options presented in this preamble, current Medicare providers will receive their NPIs automatically, and other health care providers may be enumerated in this manner to the extent that appropriate valid data files are available. New health care providers would have to apply for an NPI. This does not impose a new burden on health care providers. The vast majority of health plans issue identifiers to the health care providers with whom they transact business in order to facilitate the electronic processing of claims and other transactions. The information that health care providers must supply in order to receive an NPI is significantly less than the information most health plans require to enroll a health care provider. There would be no new cost burden; the statute does not support our charging health care providers to receive an NPI.

After implementation, health care providers would no longer have to keep track of and use different identifiers for different insurers. This would simplify provider billing systems and processes and reduce administrative expenses. A standard identifier would facilitate and simplify coordination of benefits, resulting in faster, more accurate payments. Under option 2 of the enumeration options, (see section IX.K.2.d. of this preamble, on enumerators), many health care providers (all those doing business with Medicare) would receive their NPIs automatically and would be able to report changes in the data contained in the NPS to a single place and have the changes made available to many health plans.

b. Health plans.

Health plans that engage in electronic commerce would have to modify their systems to use the NPI. This conversion would have a one-time cost impact on Federal, State, and private health plans alike and is likely to be more costly for health plans with complex systems that rely on intelligent provider numbers. Disruption of claims processing and payment delays could result. However, health plans would be able to schedule their implementation of the NPI and other standards in a manner that best fits their needs, as long as they meet the deadlines specified in the legislation.

Once the NPI has been implemented, health plans’ coordination of benefits activities would be greatly simplified because all health plans would use the same health care provider identifier. In addition, utilization review and other payment safeguard activities would be facilitated, since health care providers would not be able to use multiple identifiers and could be easily tracked over time and across geographic areas. Health plans currently assign their own identification numbers to health care providers as part of their enrollment procedures, and this would no longer be necessary. Existing enumeration systems maintained by Federal health programs would be phased out, and savings would result.

c. Health care clearinghouses.

Health care clearinghouses would face impacts (both positive and negative) similar to those experienced by health plans. However, implementation would likely be more complex, because health care clearinghouses deal with many health care providers and health plans and would have to accommodate both old and new health care provider identifiers until all health plans with which they deal have converted.

2. Effects of Various Options

a. Guiding Principles for Standard Selection

The implementation teams charged with designating standards under the statute have defined, with significant input from the health care industry, a set of common criteria for evaluating potential standards. These criteria are based on direct specifications in the HIPAA, the purpose of the law, and principles that support the regulatory philosophy set forth in Executive Order 12866 of September 30, 1993, and the Paperwork Reduction Act of 1995. These criteria also support and are consistent with the principles of the Paperwork Reduction Act of 1995. In order to be designated as a standard, a proposed standard should:

  • Improve the efficiency and effectiveness of the health care system by leading to cost reductions for or improvements in benefits from electronic HIPAA health care transactions. This principle supports the regulatory goals of cost-effectiveness and avoidance of burden.
  • Meet the needs of the health data standards user community, particularly health care providers, health plans, and health care clearinghouses. This principle supports the regulatory goal of cost-effectiveness.
  • Be consistent and uniform with the other HIPAA standards -- their data element definitions and codes and their privacy and security requirements -- and, secondarily, with other private and public sector health data standards. This principle supports the regulatory goals of consistency and avoidance of incompatibility, and it establishes a performance objective for the standard.
  • Have low additional development and implementation costs relative to the benefits of using the standard. This principle supports the regulatory goals of cost-effectiveness and avoidance of burden.
  • Be supported by an ANSI-accredited standards developing organization or other private or public organization that will ensure continuity and efficient updating of the standard over time. This principle supports the regulatory goal of predictability.
  • Have timely development, testing, implementation, and updating procedures to achieve administrative simplification benefits faster. This principle establishes a performance objective for the standard.
  • Be technologically independent of the computer platforms and transmission protocols used in HIPAA health transactions, except when they are explicitly part of the standard. This principle establishes a performance objective for the standard and supports the regulatory goal of flexibility.
  • Be precise and unambiguous, but as simple as possible. This principle supports the regulatory goals of predictability and simplicity.
  • Keep data collection and paperwork burdens on users as low as is feasible. This principle supports the regulatory goals of cost-effectiveness and avoidance of duplication and burden.
  • Incorporate flexibility to adapt more easily to changes in the health care infrastructure (such as new services, organizations, and provider types) and information technology. This principle supports the regulatory goals of flexibility and encouragement of innovation.

We assessed the various candidates for a provider identifier against the principles listed above, with the overall goal of achieving the maximum benefit for the least cost. We found that the NPI met all the principles, but no other candidate identifier met all the principles, or even those principles supporting the regulatory goal of cost-effectiveness. We are assessing the costs and benefits of the NPI, but we did not assess the costs and benefits of other identifier candidates, because they did not meet the guiding principles. We invite your comments on the costs and benefits of the alternative candidate NPI options for the various market segments.

b. Need to Convert

Because there is no standard provider identifier in widespread use throughout the industry, adopting any of the candidate identifiers would require most health care providers, health plans and health care clearinghouses to convert to the new standard. In the case of the NPI, all health care providers would have to convert because this identifier is not in use presently. As we pointed out in our analysis of the candidates, even the identifiers that are in use are not used for all purposes or for all provider types. The selection of the NPI does not impose a greater burden on the industry than the nonselected candidates, and presents significant advantages in terms of cost- effectiveness, universality, uniqueness and flexibility.

c. Complexity of Conversion

Some existing provider identifier systems assign multiple identifiers to a single health care provider in order to distinguish the multiple identities the health care provider has in the system. For example, in these systems, the health care provider may have a different identifier to represent each “pay- to” identity, contract or provider agreement, practice location, and specialty or provider type. Since the NPI is a unique identifier for each health care provider, it would not distinguish these multiple identities. Systems that need to distinguish these identities would need to use data other than the NPI to do so. The change to use other data would add complexity to the conversion to the NPI or to any other standard provider identifier, but it is necessary in order to achieve the goal of unique identification of the health care provider.

The complexity of the conversion would also be significantly affected by the degree to which health plans’ processing systems currently rely on intelligent identifiers. For example, a health plan may route claims to different processing routines based on the type of health care provider by keying on a provider type code included in the identifier. Converting from one unintelligent identifier to another is less complex than modifying software logic to obtain needed information from other data elements. However, the use of an unintelligent identifier is required in order to meet the guiding principle of assuring flexibility.

Specific technology limitations of existing systems could affect the complexity of conversion. For example, some existing provider data systems use a telephone keypad to enter data. Data entry of alpha characters is inconvenient in these systems. In order to mitigate this inconvenience, we would implement the NPI by initially assigning numeric NPIs. After all numeric possibilities have been exhausted, we would introduce alpha characters in one position at a time. This implementation strategy would allow additional time for systems with technology limitations to overcome conversion difficulties.

In general, the shorter the identifier, the easier it is to implement. It is more likely that a shorter identifier, such as the NPI, would fit into existing data formats.

The selection of the NPI does not impose a greater burden on the industry than the nonselected candidates.

d. Enumerators

Based on the analysis discussed earlier in the preamble, we assess the two most viable combinations of choices for the entities that would enumerate health care providers. We do not assess choices that permit large numbers of enumerators (for example, all health plans, educational institutions, professional associations) because these choices do not satisfy the critical programmatic requirements of maintaining a high degree of data quality and consistency and minimizing confusion for health care providers.

No matter which of the two enumeration options is chosen, certain costs and impacts would not vary.

  • We assume that the NPS would be used in both options to generate NPIs and serve as the central enumeration system and database. We began to develop the NPS for Medicare use, and this effort, which was funded by HCFA, is now nearing completion. As the NPS becomes national in scope, we estimate that the cost of maintaining the NPS software, hardware, and telecommunications, and operating a Help Desk to deal with user questions, would cost approximately $10.4 million over the first three years of operation and approximately $2.9 million per year thereafter. Roughly half of these costs are attributable to telecommunications expenses. This analysis presumes the availability of Federal funds to support the development and operations of the NPS. However, we are seeking comments on how the NPS could be funded once it becomes national.
  • We further assume that, in both options, the same implementation strategy of loading the NPS database using health plans’ existing prevalidated files will be utilized to the extent possible. This would reduce costs by not repeating the process of soliciting, receiving, controlling, validating and keying applications from health care providers that have already been enumerated by a trusted source. For example, we would use existing Medicare provider files to initially load the NPS database. The majority of work to reformat and edit these files has already been completed.

We estimate that approximately 1.2 million current health care providers and 30,000 new health care providers annually would require NPIs because they conduct HIPAA transactions.

An additional 3 million health care providers (120,000 new health care providers annually) do not conduct HIPAA transactions, but they may choose to be enumerated at some future time. We refer to these health care providers as “non-HIPAA-transaction health care providers” (see section 4. Enumeration Phases of this preamble). These health care providers would be primarily individual practitioners such as registered nurses and pharmacists who perform services in institutions and whose services are not billed by the institution. More research is required on the time frame and process for enumerating these health care providers.

Based on Medicare carriers’ costs, we have estimated that the average cost to enumerate a health care provider should not exceed $50. Enumeration activities would include assisting health care providers and answering questions, accepting the application for an NPI; validating as many of the data elements as possible at the point of application to assure the submitted data are accurate and the application is authentic; entering the data into the NPS to obtain an NPI for the health care provider; researching cases where there is a possible match to a health care provider already enumerated; notifying the health care provider of the assigned NPI; and entering updated data into the NPS when notified by the health care provider. The cost of processing a data update is not known, and for purposes of this analysis we are assuming an average cost of $10 per update transaction, and that 5 percent per year of these health care providers on file would have updated data. However, we estimate that approximately 15 percent of health care providers that do not conduct business with Federal health plans or Medicaid would require updates each year. These health care providers may be unfamiliar with the terminology for some of the information they need to provide in order to be enumerated; thus, they may need to correct errors they could have made in completing the applications for NPIs or may have a need to change some of that information for other reasons. The per transaction cost would be lower if practice location addresses and membership in groups were not collected (see section IV., Data, and section IX.E., Maintenance of the Database, of this preamble) and if enumerators were already validating data as part of their own enrollment processes. The number of updates would also be affected by the practice location and group membership issues because these data are more volatile than demographic data (see IV., Data, and IX.E., Maintenance of the Database, of this preamble).

For a similarly sized commercial numbering system that uniquely identifies corporations and assigns unique identifiers, we have received independent estimates from Dun & Bradstreet (D&B) of $7 per enumeration and $3 per update. The D&B estimates are based on the cost of assigning and maintaining the Data Universal Numbering System (D-U-N-S) number. The D-U-N-S number is a nine- digit, non-indicative number assigned to each record in D&B’s file. It uses a modulus 10 check digit in the ninth position. Over 47 million D-U-N-S numbers have been assigned, worldwide, with 22 million attributed to locations in the United States. D&B uses the D-U-N-S number to enumerate businesses, including commercial sites, sole proprietorships, cottage industries, educational institutions, not-for-profits, and government entities, but does not maintain records on private individuals. D&B estimates an average cost of $7 to add a record to its database and assign it a unique record identifier. To establish a record and ensure uniqueness, D&B requires the entity's legal name, any "doing business as" names, physical address, telephone number, chief executive, date started, line of business, number of employees and relationship(s) with other business entities. D&B runs a daily computer process to audit all records added during the day and extracts any that may be duplicates for research by an analyst. Updates to each record are estimated at approximately $3 but can run as high as $30 per year for very robust database entries, some of which contain 1500 different data elements. The D&B estimates may be understated for our purposes because the four to six data elements used to uniquely identify the enumerated corporations do not require verification. We welcome comments on which data elements are required to uniquely identify health care providers (individuals, groups, and organizations), on whether verification of the data is necessary for purposes of enumeration, and on estimates of the cost to enumerate and update that minimum data set. We understand that the cost would be lower if the number and complexity of the data elements were reduced, but this cost must be balanced against the level of confidence that can be placed in the uniqueness of the health care providers identified. Specific consideration of these tradeoffs in submitted comments will be very helpful.

The $50 estimated average cost to enumerate a health care provider is an upper limit. The cost would decrease significantly if the second data alternative is selected (see section IV.B., Practice Addresses and Group/Organization Options, of this preamble). Under this alternative, the NPS would capture only one practice address for an individual or organization provider. It would not assign location codes. The NPS would not link the NPI of a group provider to the NPIs of individuals who are members of the group. Costs would decrease because we would collect significantly less data at the time of enumeration, and the data that would be collected would not need to be updated very frequently. Recent consultations with the industry reveal a growing consensus for this alternative.

Table 5 below provides estimates as to the cost of each enumeration option for start-up and outyear, with Federal, State, and private costs, for HIPAA-transaction and non-HIPAA-transaction health care providers, and the Federal costs of the NPS. We define “start-up” as the first 3 years during which the NPS becomes operational nationally and the bulk of the health care providers requiring NPIs are enumerated. “Outyear” would be each subsequent year, in which the majority of actions would be enumerations of new health care providers and provider updates. Assumptions follow the table.

Table 5 - Enumeration Costs: Federal, State, and Private

ENUMERATION COSTS: Federal, State, and Private

COSTS TO:

START-UP COSTS
HIPAA- TRANSACTION PROVIDERS

OUTYEAR COSTS
HIPAA- TRANSACTION PROVIDERS

START-UP COSTS
NON-HIPAA- TRANSACTION PROVIDERS

OUTYEAR COSTS
NON-HIPAA- TRANSACTION PROVIDERS

OPTION 1 -- REGISTRY

Federal for NPS

10,400,000

2,900,000

   

Federal for non-HIPAA- transaction health care providers

-

-

165,000,000

7,500,000

Federal

64,560,000

2,280,000

-

-

State

0

0

-

-

Private

0

0

-

-

TOTAL

74,960,000

5,180,000

   
 

OPTION 2 -- COMBINATION OF FEDERAL HEALTH PLANS, MEDICAID STATE AGENCIES, AND FEDERALLY-DIRECTED REGISTRY

Federal for NPS

10,400,000

2,900,000

   

Federal for non-HIPAA- transaction health care providers

-

-

165,000,000

7,500,000

Federal (if all Medicaid State agencies participate)

9,990,000

495,000

-

-

Federal (if 5% of Medicaid State agencies decline to participate)

10,310,000

505,000

-

-

State (if all Medicaid State agencies participate)

0

0

-

-

State (if 5% of Medicaid State agencies decline to participate)

0

0

-

-

Private

0

0

-

-

TOTAL (if all Medicaid State agencies participate)

20,390,000

3,395,000

   

TOTAL (if 5% of Medicaid State agencies decline to participate)

20,710,000

3,405,000

   

ASSUMPTIONS:

  1. Definitions:

    a. “HIPAA-transaction health care provider” means a health care provider that we would require to have an NPI; that is, a health care provider that must be identified in the transactions specified in HIPAA.

    b. “Non-HIPAA-transaction health care provider” means a health care provider that we would not require to have an NPI.

    c. “Start-up” means the first 3 years in which the NPS becomes operational nationally and the bulk of the health care providers requiring NPIs are enumerated. It is the sum of the cost of enumerating existing health care providers in the first year plus the annual cost of enumerating new and updating existing health care providers for the 2 subsequent years.

    d. “Outyear” means each subsequent year in which the majority of actions would be enumerating new health care providers and updating existing ones. It is the sum of the cost of enumerating new health care providers plus the cost of updating existing health care providers.

  2. The cost to enumerate a health care provider that is not enrolled or enrolling in a Federal health plan (e.g., Medicare, CHAMPUS) or Medicaid is estimated to be $50. (See Assumption 4.)
  3. The cost to update information on a health care provider that is not enrolled or enrolling in a Federal health plan (e.g., Medicare, CHAMPUS) or Medicaid is estimated to be $10. (See Assumption 4.)
  4. The cost to Federal health plans (e.g., Medicare, CHAMPUS) and Medicaid to enumerate or update their own health care providers is relatively small as these health plans must collect the same information to enroll or update the health care providers in their own programs. Possible up-front costs to these health plans and Medicaid would be offset by simpler, more efficient coordination of benefits, elimination of the need to maintain multiple enumeration systems, and elimination of the need to maintain other provider numbers. The Federal Government pays 75 percent of Medicaid State agencies’ costs to enumerate and update health care providers. Because all of these costs are relatively small and would be offset by savings, they are considered to be $0 (zero).
  5. This analysis presumes the availability of Federal funds to support the registry.
  6. It is estimated that 5 percent of existing HIPAA-transaction health care providers that conduct business with Federal health plans or Medicaid require updates annually; 15 percent of the remaining HIPAA-transaction health care providers require updates annually.
  7. It is estimated that 5 percent of Medicaid State agencies may decline to participate in enumerating/updating their health care providers. The registry would enumerate/update that 5 percent.
  8. Non-HIPAA-transaction health care providers would not be enumerated in the initial phases of enumeration. These costs are estimated to be $165,000,000 for start-up and $7,500,000 for outyear. The registry would enumerate/update these health care providers only if funds are available.

Option 1 calls for all 1.2 million HIPAA-transaction health care providers to be enumerated by a Federally-directed registry. The one-time cost for the registry to assign NPIs to existing HIPAA-transaction health care providers would depend on the extent to which existing files could be used. The cost could be as high as $60 million (1.2 million health care providers x $50) or as low as $9 million (see option 2). The low estimate assumes that prevalidated provider files are available for 100 percent of all Federal and Medicaid providers. The annual outyear cost would be $2.1 million (30,000 new health care providers x $50 plus 60,000 updates x $10). The Federal health plans and Medicaid State agencies would no longer have to assign their own identifiers, which would result in some savings, but they would still incur costs related to provider enrollment activities that would duplicate Federally-directed registry functions (for example, duplicate collection and verification of some information).

Option 2 calls for enumeration of HIPAA-transaction health care providers to be performed by a combination of Federal programs named as health plans, Medicaid State agencies, and a Federally-directed registry. This registry would enumerate non- Federal, non-Medicaid providers. All enumerators would receive, validate, and enter application data into the NPS and would communicate with health care providers. Data files would be available from a central source. The registry would utilize the NPS and would be operated under Federal oversight but could, if appropriate, be contracted out.

Medicare, Medicaid, CHAMPUS, and the Department of Veterans Affairs already assign identifiers to health care providers with whom they conduct business. They would simply begin to use the NPS to issue NPIs instead of using their own systems to assign the identifiers they now use. Initially, these Federal health plans and Medicaid may incur up-front costs in issuing NPIs; however, these additional costs would be offset by savings from the fact that each health care provider would only have to be enumerated once; multiple enumeration systems would not have to be maintained; other provider numbers would not have to be maintained; and coordination of benefits would be simpler and more efficient. We estimate that approximately 5 percent of Medicaid State agencies may decline to participate (that is, they would not enumerate and update their health care providers). These health care providers would need to be enumerated and updated by the Federally-directed registry; however, that cost would be offset by savings realized by the discontinuance of UPIN assignment and maintenance of the UPIN registry. We estimate that approximately 85 percent of the health care providers that conduct HIPAA transactions would be enumerated in this manner (75 percent by Federal health plans, 10 percent by Medicaid). Additional costs, if any, to enumerate these health care providers or update their data would be insignificant.

The remaining 15 percent of health care providers that conduct HIPAA transactions (180,000) would be enumerated by a Federally-directed registry. The one-time cost of enumerating these health care providers would be $9 million (180,000 health care providers x $50). The cost of enumerating 4,500 new health care providers would be $225,000 per year, and the cost to process 27,000 updates would be $270,000, for a total registry cost of $495,000 per outyear.

Based on the cost estimates in this analysis, option 1 is considerably more expensive than option 2. We believe option 2 to be preferable to option 1 in that Federal programs and Medicaid State agencies would enumerate and update their own health care providers. The enumeration functions of the 5 percent of Medicaid State agencies that may decline to enumerate and update their own health care providers would fall to the Federally-directed registry.

The initial and ongoing cost of developing, implementing and operating the NPS would be borne by the Federal government, depending on the availability of funds; some of this cost could be offset by ceasing current enumeration systems like Medicare’s UPIN registry.

The previous analysis relates only to health care providers that are required to have an NPI to perform HIPAA transactions. The remaining health care providers would not be required to obtain an NPI but could do so if they wished to have one for other reasons. We indicated in the Implementation section of this preamble that we would not issue NPIs to these health care providers until the health care providers that needed NPIs to conduct any of the electronic transactions specified in HIPAA had been enumerated. The cost of enumerating the approximately 3 million non-HIPAA-transaction health care providers could be as high as $150 million (3 million health care providers x $50). We are soliciting comments on sources of information on non-HIPAA-transaction health care providers. We cannot provide a realistic estimate of the cost of enumerating these health care providers without this additional input.

e. Maintenance of the Database

Another cost implication is the maintenance of the database being developed by the NPS. (We discuss this cost implication in more detail in section IV. Data but believe the general discussion should be repeated here in the impact analysis as well.) That database, known as the National Provider File (NPF), is currently being designed to contain the data elements shown in the table entitled, “National Provider File Data Elements” in section IV. Data, A. Data Elements, earlier in this preamble. The majority of the information is used to uniquely identify a health care provider; other information is used for administrative purposes. A few of the data elements are collected at the request of potential users that have been working with HCFA in designing the database prior to the passage of HIPAA. All of these data elements represent only a fraction of the information that would comprise a provider enrollment file. The data elements shown in the “National Provider File Data Elements” table earlier in the preamble, plus cease/effective/termination dates, switches (yes/no), indicators, and history, are being considered as those that would form the NPF. The table includes appropriate comments. The table does not display systems maintenance or similar fields, or health care provider cease/effective/termination dates.

We need to consider the benefits of retaining all of the data elements shown in the table versus lowering the cost of maintaining the database by keeping only the minimum number of data elements needed for unique provider identification. We solicit input on the composition of the minimum set of data elements needed to uniquely identify each type of health care provider. In order to consider the inclusion or exclusion of data elements, we need to assess their purpose and use.

The data elements in the table with a purpose of “I” are being proposed to identify a health care provider, either in the search process (which is electronic) or in the investigation of health care providers designated as possible matches by the search process. These data elements are critical because unique identification is the keystone of the NPS.

The data elements in the table with a purpose of “A” are not essential to the identification processes mentioned above, but they nonetheless are valuable. Certain “A” data elements can be used to contact a health care provider for clarification of information or resolution of issues encountered in the enumeration process and for sending written communications; other “A” data elements (e.g., Provider Enumerate Date, Provider Update Date, Establishing Enumerator/Agent Number) are used to organize and manage the data.

The data elements in the table with a purpose of “U” are collected at the request of potential users of the information in the system. While not used by the system’s search process to uniquely identify a health care provider, Race (with a purpose of “U”) is nevertheless valuable in the investigation of health care providers designated as possible matches as a result of that process. In addition, Race is important to the utility of the NPS as a statistical sampling frame. Race is collected “as reported”; that is, it is not validated. It is not maintained, only stored. The cost of keeping this data element is virtually nil. Other data elements (Resident/Intern Code, Provider Certification Code and Number, and Organization Type Control Code) with a purpose of “U”, while not used for enumeration of a health care provider, have been requested to be included by some members of the health care industry for reports and statistics. These data elements are optional and do not require validation; many remain constant by their nature; and the cost to store them is negligible.

The data elements that we judge will be expensive to either validate or maintain (or both) are the license information, provider practice location addresses, and membership in groups. We solicit comments on whether these data elements are necessary for the unique enumeration of health care providers and whether validation or maintenance is required for that purpose.

Licenses may be critical in determining uniqueness of a health care provider (particularly in resolving identifies involving compound surnames) and are, therefore, considered to be essential by some. License information is expensive to validate initially, but it is not expensive to maintain because it does not change frequently.

The practice location addresses can be used to aid in investigating possible provider matches, in converting existing provider numbers to NPIs, and in research involving fraud or epidemiology. Location codes, which are discussed in detail in section B. Practice Addresses and Group/Organization Options of this preamble, could be assigned by the NPS to point to and identify practice locations of individuals and groups. Some potential users felt that practice addresses changed too frequently to be maintained efficiently at the national level. The average Medicare physician has two to three addresses at which he or she practices. Group providers may have many more practice locations. We estimate that 5 percent of health care providers require updates annually and that addresses are one of the most frequently changing attributes. As a result, maintaining more than one practice address for an individual provider on a national scale could be burdensome and time consuming. Many potential users believe that practice addresses could more adequately be maintained at local, health-plan specific levels.

Some potential users felt that membership in groups was useful in identifying health care providers. Many others, however, felt that these data are highly volatile and costly to maintain. These users felt it was unlikely that membership in groups could be satisfactorily maintained at the national level.

We welcome comments on the data elements proposed for the NPF and input as to the potential usefulness and tradeoffs for these elements such as those discussed above.

References:

  1. Dobson, Allen, Ph.D. and Bergheiser, Matthew; “Reducing Administrative Costs in a Pluralistic Delivery System through Automation;” Lewin-VHI Report prepared for the Healthcare Financial Management Association; 1993.
  2. Congressional Budget Office; “Federal Cost Estimate for H.R. 3070;” 1996.
  3. Workgroup for Electronic Data Interchange; “Report,” 1993.
  4. “Electronic Network Solution for Rising Healthcare Costs;” New Jersey Institute of Technology and Thomas Edison State College, 1995.
  5. Faulkner & Gray’s Health Data Directory, 1997 Edition; Kurt T. Peters, Publisher (also earlier editions).

List of Subjects in 45 CFR Part 142

Administrative practice and procedure, Health facilities, Health insurance, Hospitals, Medicare, Medicaid.

Accordingly, 45 CFR subtitle A, subchapter B, would be amended by adding Part 142 to read as follows:

NOTE TO READER: This proposed rule and another proposed rule found elsewhere in this Federal Register are two of several proposed rules that are being published to implement the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996. We propose to establish a new 45 CFR Part 142. Proposed Subpart A--General Provisions is exactly the same in each rule unless we have added new sections or definitions to incorporate additional general information. The subparts that follow relate to the specific provisions announced separately in each proposed rule. When we publish the first final rule, each subsequent final rule will revise or add to the text that is set out in the first final rule.

Part 142--administrative Requirements

Subpart A--General Provisions

Sec.

142.101 Statutory basis and purpose.

142.102 Applicability.

142.103 Definitions.

142.104 General requirements for health plans.

142.105 Compliance using a health care clearinghouse.

142.106 Effective date of a modification to a standard or implementation specification.

Subparts B--C [RESERVED]

Subpart D--National Provider Identifier Standard

142.402 National provider identifier standard.

142.404 Requirements: Health plans.

142.406 Requirements: Health care clearinghouses.

142.408 Requirements: Health care providers.

142.410 Effective dates of the initial implementation of the national provider identifier standard.

Authority: Sections 1173 and 1175 of the Social Security Act (42 U.S.C. 1320d-2 and 1320d-4).

Subpart A--General Provisions

§ 142.101 Statutory basis and purpose.

Sections 1171 through 1179 of the Social Security Act, as added by section 262 of the Health Insurance Portability and Accountability Act of 1996, require HHS to adopt national standards for the electronic exchange of health information in the health care system. The purpose of these sections is to promote administrative simplification.

§ 142.102 Applicability.

(a) The standards adopted or designated under this part apply, in whole or in part, to the following:

(1) A health plan.

(2) A health care clearinghouse when doing the following:

(i) Transmitting a standard transaction (as defined in § 142.103) to a health care provider or health plan.

(ii) Receiving a standard transaction from a health care provider or health plan.

(iii) Transmitting and receiving the standard transactions when interacting with another health care clearinghouse.

(3) A health care provider when transmitting an electronic transaction as defined in § 142.103.

(b) Means of compliance are stated in greater detail in § 142.105.

§ 142.103 Definitions.

For purposes of this part, the following definitions apply:

Code set means any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes.

Health care clearinghouse means a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements. The entity receives health care transactions from health care providers, health plans, other entities, or other clearinghouses, translates the data from a given format into one acceptable to the intended recipient, and forwards the processed transaction to the appropriate recipient. Billing services, repricing companies, community health management information systems, community health information systems, and “value-added” networks and switches that perform these functions are considered to be health care clearinghouses for purposes of this part.

Health care provider means a provider of services as defined in section 1861(u) of the Social Security Act, a provider of medical or other health services as defined in section 1861(s) of the Social Security Act, and any other person who furnishes or bills and is paid for health care services or supplies in the normal course of business.

Health information means any information, whether oral or recorded in any form or medium, that--

(1) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and

(2) Relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.

Health plan means an individual or group plan that provides, or pays the cost of, medical care. Health plan includes the following, singly or in combination:

(1) Group health plan. A group health plan is an employee welfare benefit plan (as currently defined in section 3(1) of the Employee Retirement Income and Security Act of 1974, 29 U.S.C. 1002(1)), including insured and self-insured plans, to the extent that the plan provides medical care, including items and services paid for as medical care, to employees or their dependents directly or through insurance, or otherwise, and

(i) Has 50 or more participants; or

(ii) Is administered by an entity other than the employer that established and maintains the plan.

(2) Health insurance issuer. A health insurance issuer is an insurance company, insurance service, or insurance organization that is licensed to engage in the business of insurance in a State and is subject to State law that regulates insurance.

(3) Health maintenance organization. A health maintenance organization is a Federally qualified health maintenance organization, an organization recognized as a health maintenance organization under State law, or a similar organization regulated for solvency under State law in the same manner and to the same extent as such a health maintenance organization.

(4) Part A or Part B of the Medicare program under title XVIII of the Social Security Act.

(5) The Medicaid program under title XIX of the Social Security Act.

(6) A Medicare supplemental policy (as defined in section 1882(g)(1) of the Social Security Act).

(7) A long-term care policy, including a nursing home fixed-indemnity policy.

(8) An employee welfare benefit plan or any other arrangement that is established or maintained for the purpose of offering or providing health benefits to the employees of two or more employers.

(9) The health care program for active military personnel under title 10 of the United States Code.

(10) The veterans health care program under 38 U.S.C., chapter 17.

(11) The Civilian Health and Medical Program of the Uniformed Services (CHAMPUS), as defined in 10 U.S.C. 1072(4).

(12) The Indian Health Service program under the Indian Health Care Improvement Act (25 U.S.C. 1601 et seq.).

(13) The Federal Employees Health Benefits Program under 5 U.S.C. chapter 89.

(14) Any other individual or group health plan, or combination thereof, that provides or pays for the cost of medical care.

Medical care means the diagnosis, cure, mitigation, treatment, or prevention of disease, or amounts paid for the purpose of affecting any body structure or function of the body; amounts paid for transportation primarily for and essential to these items; and amounts paid for insurance covering the items and the transportation specified in this definition.

Participant means any employee or former employee of an employer, or any member or former member of an employee organization, who is or may become eligible to receive a benefit of any type from an employee benefit plan that covers employees of that employer or members of such an organization, or whose beneficiaries may be eligible to receive any of these benefits. “Employee” includes an individual who is treated as an employee under section 401(c)(1) of the Internal Revenue Code of 1986 (26 U.S.C. 401(c)(1)).

Small health plan means a group health plan or individual health plan with fewer than 50 participants.

Standard means a set of rules for a set of codes, data elements, transactions, or identifiers promulgated either by an organization accredited by the American National Standards Institute or HHS for the electronic transmission of health information.

Transaction means the exchange of information between two parties to carry out financial and administrative activities related to health care. It includes the following:

(1) Health claims or equivalent encounter information.

(2) Health care payment and remittance advice.

(3) Coordination of benefits.

(4) Health claims status.

(5) Enrollment and disenrollment in a health plan.

(6) Eligibility for a health plan.

(7) Health plan premium payments.

(8) Referral certification and authorization.

(9) First report of injury.

(10) Health claims attachments.

(11) Other transactions as the Secretary may prescribe by regulation.

§ 142.104 General requirements for health plans.

If a person conducts a transaction (as defined in § 142.103) with a health plan as a standard transaction, the following apply:

(a) The health plan may not refuse to conduct the transaction as a standard transaction.

(b) The health plan may not delay the transaction or otherwise adversely affect, or attempt to adversely affect, the person or the transaction on the ground that the transaction is a standard transaction.

(c) The health information transmitted and received in connection with the transaction must be in the form of standard data elements of health information.

(d) A health plan that conducts transactions through an agent must assure that the agent meets all the requirements of this part that apply to the health plan.

§ 142.105 Compliance using a health care clearinghouse.

(a) Any person or other entity subject to the requirements of this part may meet the requirements to accept and transmit standard transactions by either--

(1) Transmitting and receiving standard data elements, or

(2) Submitting nonstandard data elements to a health care clearinghouse for processing into standard data elements and transmission by the health care clearinghouse and receiving standard data elements through the health care clearinghouse.

(b) The transmission, under contract, of nonstandard data elements between a health plan or a health care provider and its agent health care clearinghouse is not a violation of the requirements of this part.

§ 142.106 Effective date of a modification to a standard or implementation specification.

HHS may modify a standard or implementation specification after the first year in which HHS requires the standard or implementation specification to be used, but not more frequently than once every 12 months. If HHS adopts a modification to a standard or implementation specification, the implementation date of the modified standard or implementation specification may be no earlier than 180 days following the adoption of the modification. HHS determines the actual date, taking into account the time needed to comply due to the nature and extent of the modification. HHS may extend the time for compliance for small health plans.

Subpart B--C [RESERVED]

Subpart D--National Provider Identifier Standard

§ 142.402 National provider identifier standard.

(a) The provider identifier standard that must be used under this subpart is the national provider identifier, which is supported by the Health Care Financing Administration. The national provider identifier is an 8-position alphanumeric identifier, which includes as the eighth position a check digit.

(b) The file containing identifying information for each health care provider for its national provider identifier includes the following information:

(1) The national provider identifier.

(2) Other identifiers, such as the social security number (optional), employer identification number for some provider types, and identifying numbers from other health programs, if applicable.

(3) Provider names.

(4) Addresses and associated practice location codes.

(5) Demographics (date of birth, State/country of birth, date of death if applicable, race (optional), sex).

(6) Provider type(s), classification(s), area(s) of specialization.

(7) Education for certain provider types, State licensure for certain provider types (optional), and board certification (optional for some classifications).

§ 142.404 Requirements: Health plans.

Each health plan must accept and transmit the national provider identifier of any health care provider that must be identified by the national provider identifier in any standard transaction.

§ 142.406 Requirements: Health care clearinghouses.

Each health care clearinghouse must use the national provider identifier of any health care provider that must be identified by the national provider identifier in any standard transaction.

§ 142.408 Requirements: Health care providers.

(a) Each health care provider must obtain, by application if necessary, a national provider identifier.

(b) Each health care provider must accept and transmit national provider identifiers wherever required on all transactions it accepts or transmits electronically.

(c) Each health care provider must communicate any changes to the data elements in its file in the national provider system to an enumerator of national provider identifiers within 60 days of the change.

(d) Each health care provider may receive and use only one national provider identifier. Upon dissolution of a health care provider that is a corporation or a partnership, or upon the death of a health care provider who is an individual, the national provider identifier is inactivated.

§ 142.410 Effective dates of the initial implementation of the national provider identifier standard.

(a) Health plans. (1) Each health plan that is not a small health plan must comply with the requirements of §§ 142.104 and 142.404 by [24 months after the effective date of the final rule in the Federal Register].

(2) Each small health plan must comply with the requirements of §§ 142.104 and 142.404 by [36 months after the effective date of the final rule in the Federal Register].

(b) Health care clearinghouses and health care providers. Each health care clearinghouse and health care provider must begin using the standard specified in § 142.402 by [24 months after the effective date of the final rule in the Federal Register].

Dated:

Donna E. Shalala
Secretary.

BILLING CODE 4120-01-P