In this proposed rule, we propose a standard health care provider identifier and requirements concerning its implementation. This rule would establish requirements that health plans, health care providers, and health care clearinghouses would have to meet to comply with the statutory requirement to use a unique identifier in electronic transactions. We propose to add a new part to title 45 of the Code of Federal Regulations for health plans, health care providers, and health care clearinghouses in general. The new part would be part 142 of title 45 and would be titled “Administrative Requirements.” Subpart D would contain provisions specific to the NPI.
-
A. Applicability
-
Section 262 of HIPAA applies to all health plans, all health care clearinghouses, and any health care providers that transmit any health information in electronic form in connection with transactions referred to in section 1173(a)(1) of the Act. Our proposed rules (at 45 CFR 142.102) would apply to the health plans and health care clearinghouses as well, but we would clarify the statutory language in our regulations for health care providers: we would have the regulations apply to any health care provider only when electronically transmitting any of the transactions to which section 1173(a)(1) of the Act refers.
Electronic transmissions would include transmissions using all media, even when the transmission is physically moved from one location to another using magnetic tape, disk, or CD media. Transmissions over the Internet (wide-open), Extranet (using Internet technology to link a business with information only accessible to collaborating parties), leased lines, dial-up lines, and private networks are all included. Telephone voice response and “faxback” systems would not be included. The “HTML” interaction between a server and a browser by which the elements of a transaction are solicited from a user would not be included, but once assembled into a transaction by the server, transmission of the full transaction to another corporate entity, such as a health plan, would be required to comply.
Our regulations would apply to health care clearinghouses when transmitting transactions to, and receiving transactions from, a health care provider or health plan that transmits and receives standard transactions (as defined under “transaction”) and at all times when transmitting to or receiving electronic transactions from another health care clearinghouse. The law would apply to each health care provider when transmitting or receiving any electronic transaction.
The law applies to health plans for all transactions.
Section 142.104 would contain the following provisions (from section 1175 of the Act):
If a person desires to conduct a transaction (as defined in § 142.103) with a health plan as a standard transaction, the following apply:
(1) The health plan may not refuse to conduct the transaction as a standard transaction.
(2) The health plan may not delay the transaction or otherwise adversely affect, or attempt to adversely affect, the person or the transaction on the ground that the transaction is a standard transaction.
(3) The information transmitted and received in connection with the transaction must be in the form of standard data elements of health information.
As a further requirement, we would require that a health plan that conducts transactions through an agent assure that the agent meets all the requirements of part 142 that apply to the health plan.
Section 142.105 would state that a person or other entity may meet the requirements of § 142.104 by either--
(1) Transmitting and receiving standard data elements, or
(2) Submitting nonstandard data elements to a health care clearinghouse for processing into standard data elements and transmission by the health care clearinghouse and receiving standard data elements through the clearinghouse.
Health care clearinghouses would be able to accept nonstandard transactions for the sole purpose of translating them into standard transactions for sending customers and would be able to accept standard transactions and translate them into nonstandard formats for receiving customers. We would state in § 142.105 that the transmission of nonstandard transactions, under contract, between a health plan or a health care provider and a health care clearinghouse would not violate the law.
Transmissions within a corporate entity would not be required to comply with the standards. A hospital that is wholly owned by a managed care company would not have to use the standards to pass encounter information back to the home office, but it would have to use the standard claims transaction to submit a claim to another health plan. Another example might be transactions within Federal agencies and their contractors and between State agencies within the same State. For example, Medicare enters into contracts with insurance companies and common working file sites that process Medicare claims using government furnished software. There is constant communication, on a private network, between HCFA Central Office and the Medicare carriers, intermediaries and common working file sites. This communication may continue in nonstandard mode. However, these contractors must comply with the standards when exchanging any of the transactions covered by HIPAA with an entity outside these “corporate” boundaries.
-
-
B. Definitions
-
Section 1171 of the Act defines several terms and our proposed rules would, for the most part, simply restate the law. The terms that we are defining in this proposed rule follow:
-
-
C. Effective Dates - General
-
In general, any given standard would be effective 24 months after the effective date (36 months for small health plans) of the final rule for that standard. Because there are other standards to be established than those in this proposed rule, we specify the date for a given standard under the subpart for that standard.
If HHS adopts a modification to an implementation specification or a standard, the implementation date of the modification would be no earlier than the 180th day following the adoption of the modification. HHS would determine the actual date, taking into account the time needed to comply due to the nature and extent of the modification. HHS would be able to extend the time for compliance for small health plans. This provision would be at § 142.106.
The law does not address scheduling of implementation of the standards; it gives only a date by which all concerned must comply. As a result, any of the health plans, health care clearinghouses, and health care providers may implement a given standard earlier than the date specified in the subpart created for that standard. We realize that this may create some problems temporarily, as early implementers would have to be able to continue using old standards until the new ones must, by law, be in place.
At the WEDI Healthcare Leadership Summit held on August 15, 1997, it was recommended that health care providers not be required to use any of the the standards during the first year after the adoption of the standard. However, willing trading partners could implement any or all of the standards by mutual agreement at any time during the 2-year implementation phase (3- year implementation phase for small health plans). In addition, it was recommended that a health plan give its health care providers at least 6 months notice before requiring them to use a given standard.
We welcome comments specifically on early implementation as to the extent to which it would cause problems and how any problems might be alleviated.
-
-
D. NPI Standard
-
Section 142.402, Provider identifier standard, would contain the national health care provider identifier standard. There is no recognized standard for health care provider identification as defined in the law. (That is, there is no standard that has been developed, adopted, or modified by a standard setting organization after consultation with the NUBC, NUCC, WEDI, and the ADA.) Therefore, we would designate a new standard.
We are proposing as the standard the national provider identifier (NPI), which would be maintained by HCFA. As discussed under the Background section earlier in this preamble, the NPI is an 8-position alphanumeric identifier. It includes as the 8th position a numeric check digit to assist in identifying erroneous or invalid NPIs. The check digit is a recognized International Standards Organization [ISO] standard. The check digit algorithm must be computed from an all-numeric base number. Therefore, any alpha characters that may be part of the NPI are translated to specific numerics before the calculation of the check digit. The NPI format would allow for the creation of approximately 20 billion unique identifiers.
The 8-position alphanumeric format was chosen over a longer numeric-only format in order to keep the identifier as short as possible while providing for an identifier pool that would serve the industry’s needs for a long time. However, we recognize that some health care providers and health plans might have difficulty in the short term in accommodating alphabetic characters. Therefore, we propose to issue numeric-only identifiers first and to introduce alphabetic characters starting with the first position of the NPI. This would afford additional time for health care providers and health plans to accommodate the alphabetic characters.
-
-
F. Effective Dates of the NPI
-
Health plans would be required to comply with our requirements as follows:
- Each health plan that is not a small health plan would have to comply with the requirements of §§ 142.104 and 142.404 no later than 24 months after the effective date of the final rule.
- Each small health plan would have to comply with the requirements of §§ 142.104 and 142.404 no later than 36 months after the effective date of the final rule.
- If HHS adopts a modification to a standard or implementation specification, the implementation date of the modification would be no earlier than the 180th day following the adoption of the modification. HHS would determine the actual date, taking into account the time needed to comply due to the nature and extent of the modification. HHS would be able to extend the time for compliance for small health plans.
Health care clearinghouses and affected health care providers would have to begin using the NPI no later than 24 months after the effective date of the final rule.
Failure to comply with standards may result in monetary penalties. The Secretary is required by statute to impose penalties of not more than $100 per violation on any person who fails to comply with a standard, except that the total amount imposed on any one person in each calendar year may not exceed $25,000 for violations of one requirement. We will propose enforcement procedures in a future Federal Register document once the industry has more experience with using the standards.
-