The Secretary has formulated a 5-part strategy for developing and implementing the standards mandated under Part C of title XI of the Act:
- To ensure necessary interagency coordination and required interaction with other Federal departments and the private sector, establish interdepartmental implementation teams to identify and assess potential standards for adoption. The subject matter of the teams includes claims/encounters, identifiers, enrollment/eligibility, systems security, and medical coding/classification. Another team addresses cross-cutting issues and coordinates the subject matter teams. The teams consult with external groups such as the NCVHS’ Workgroup on Data Standards, WEDI, ANSI’s Health Informatics Standards Board, the NUCC, the NUBC, and the ADA. The teams are charged with developing regulations and other necessary documents and making recommendations for the various standards to the HHS’ Data Council through its Committee on Health Data Standards. (The HHS Data Council is the focal point for consideration of data policy issues. It reports directly to the Secretary and advises the Secretary on data standards and privacy issues.)
- Develop recommendations for standards to be adopted.
- Publish proposed rules in the Federal Register describing the standards. Each proposed rule provides the public with a 60-day comment period.
- Analyze public comments and publish the final rules in the Federal Register.
- Distribute standards and coordinate preparation and distribution of implementation guides.
This strategy affords many opportunities for involvement of interested and affected parties in standards development and adoption:
- Participate with standards development organizations.
- Provide written input to the NCVHS.
- Provide written input to the Secretary of HHS.
- Provide testimony at NCVHS’ public meetings.
- Comment on the proposed rules for each of the proposed standards.
- Invite HHS staff to meetings with public and private sector organizations or meet directly with senior HHS staff involved in the implementation process.
The implementation teams charged with reviewing standards for designation as required national standards under the statute have defined, with significant input from the health care industry, a set of principles for guiding choices for the standards to be adopted by the Secretary. These principles are based on direct specifications in HIPAA and the purpose of the law, principles that are consistent with the regulatory philosophy set forth in Executive Order 12866 and the Paperwork Reduction Act of 1995. To be designated as a HIPAA standard, each standard should:
- Improve the efficiency and effectiveness of the health care system by leading to cost reductions for or improvements in benefits from electronic health care transactions.
- Meet the needs of the health data standards user community, particularly health care providers, health plans, and health care clearinghouses.
- Be consistent and uniform with the other HIPAA standards --their data element definitions and codes and their privacy and security requirements--and, secondarily, with other private and public sector health data standards.
- Have low additional development and implementation costs relative to the benefits of using the standard.
- Be supported by an ANSI-accredited standards developing organization or other private or public organization that will ensure continuity and efficient updating of the standard over time.
- Have timely development, testing, implementation, and updating procedures to achieve administrative simplification benefits faster.
- Be technologically independent of the computer platforms and transmission protocols used in electronic transactions, except when they are explicitly part of the standard.
- Be precise and unambiguous, but as simple as possible.
- Keep data collection and paperwork burdens on users as low as is feasible.
- Incorporate flexibility to adapt more easily to changes in the health care infrastructure (such as new services, organizations, and provider types) and information technology.
A master data dictionary providing for common data definitions across the standards selected for implementation under HIPAA will be developed and maintained. We intend for the data element definitions to be precise, unambiguous, and consistently applied. The transaction-specific reports and general reports from the master data dictionary will be readily available to the public. At a minimum, the information presented will include data element names, definitions, and appropriate references to the transactions where they are used.
This proposed rule would establish the standard health care provider identifier and is the first proposed standard under HIPAA. The remaining standards will be grouped, to the extent possible, by subject matter and audience in future regulations. We anticipate publishing several more separate documents to promulgate the remaining standards required under HIPAA.