[Please label written and e-mailed comments about this section with the subject: PROVISIONS.]
In this proposed rule, we propose a standard employer identifier and requirements concerning its implementation. This rule would establish requirements that health plans, health care clearinghouses, and health care providers would have to meet to comply with the statutory requirement to use a unique employer identifier in electronic transactions.
We propose to add a new part to title 45 of the Code of Federal Regulations for health plans, health care providers, and health care clearinghouses in general. The new part would be part 142 of title 45 and would be titled “Administrative Requirements.” Subpart F would contain provisions specific to the employer identifier.
Section 262 of HIPAA applies to any health plans, any health care clearinghouses, and any health care provider that transmits any health information in electronic form in connection with transactions referred to in section 1173(a)(1) of the Act. Our proposed rules (at 45 CFR 142.102) would apply to the health plans and health care clearinghouses as well, but we would clarify the statutory language in our regulations for health care providers: we would have the regulations apply to any health care provider only when electronically transmitting any of the transactions to which section 1173(a)(1) of the Act refers.
Electronic transmissions would include transmissions using all media, even when the transmission is physically moved from one location to another using magnetic tape, disk, or CD media. Transmissions over the Internet (wide-open), Extranet (using Internet technology to link a business with information only accessible to collaborating parties), leased lines, dial-up lines, and private networks are all included. Telephone voice response and “faxback” systems would not be included. The “HTML” interaction between a server and a browser by which the elements of a transaction are solicited from a user would not be included, but once assembled into a transaction by the server, transmission of the full transaction to another corporate entity, such as a health plan, would be required to comply.
Our regulations would apply to health care clearinghouses when transmitting transactions to, and receiving transactions from, a health care provider or health plan that transmits and receives standard transactions (as defined under “transaction”) and at all times when transmitting to or receiving electronic transactions from another health care clearinghouse. The law would apply to each health care provider when transmitting or receiving any electronic transaction.
The law applies to health plans for all transactions.
Section 142.104 would contain the following provisions (from section 1175 of the Act):
If a person desires to conduct a transaction (as defined in § 142.103) with a health plan as a standard transaction, the following apply:
(1) The health plan may not refuse to conduct the transaction as a standard transaction.
(2) The health plan may not delay the transaction or otherwise adversely affect, or attempt to adversely affect, the person or the transaction on the ground that the transaction is a standard transaction.
(3) The information transmitted and received in connection with the transaction must be in the form of standard data elements of health information.
As a further requirement, we would require that a health plan that conducts transactions through an agent assure that the agent meets all the requirements of part 142 that apply to the health plan.
Section 142.105 would state that a person or other entity may meet the requirements of § 142.104 by either--
(1) Transmitting and receiving standard data elements, or
(2) Submitting nonstandard data elements to a health care clearinghouse for processing into standard data elements and transmission by the health care clearinghouse and receiving standard data elements through the clearinghouse.
Health care clearinghouses would be able to accept nonstandard transactions for the sole purpose of translating them into standard transactions for sending customers and would be able to accept standard transactions and translate them into nonstandard formats for receiving customers. We would state in § 142.105 that the transmission of nonstandard transactions, under contract, between a health plan or a health care provider and a health care clearinghouse would not violate the law.
Transmissions within a corporate entity would not be required to comply with the standards. For example, a hospital that is wholly owned by a managed care company would not have to use the standards to pass encounter information back to the home office, but it would have to use the standard claims transaction to submit a claim to another health plan.
Although there are situations in which the use of the standards is not required (for example, health care providers may continue to submit paper claims and employers are not required to use any of the standard transactions), we stress that a standard may be used voluntarily in any situation in which it is not required.
Section 1171 of the Act defines several terms and our proposed rules would, for the most part, simply restate the law. The terms that we are defining in this proposed rule follow:
1. Code set.
We would define “code set” as section 1171(1) of the Act does: “code set” means any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes.
We would define “employer” as 26 U.S.C. 3401(d) does: “employer” means the person for whom an individual performs or performed any service, of whatever nature, as the employee of that person or organization, except that:
a. If the person for whom the individual performs or performed the services does not have control of the payment of wages for those services, the term “employer” means the person having control of the payment of those wages; and
b. In the case of a person paying wages on behalf of a nonresident alien individual, foreign partnership, or foreign corporation, not engaged in trade or business within the United States, the term “employer” means that person.
3. Health care clearinghouse.
We would define “health care clearinghouse” as section 1171(2) of the Act does, but we are adding a further, clarifying sentence. The statute defines a “health care clearinghouse” as a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements. We would further explain that such an entity is one that currently receives health care transactions from health care providers and other entities, translates the data from a given format into one acceptable to the intended recipient and forwards the processed transaction to appropriate health plans and other clearinghouses, as necessary, for further action.
There are currently a number of private clearinghouses that perform these functions for health care providers. For purposes of this rule, we would consider billing services, repricing companies, community health management information systems or community health information systems, value-added networks, and switches performing these functions to be health care clearinghouses.
4. Health care provider.
As defined by section 1171(3) of the Act, a “health care provider” is a provider of services as defined in section 1861(u) of the Act, a provider of medical or other health services as defined in section 1861(s) of the Act, and any other person who furnishes health care services or supplies. Our regulations would define “health care provider” as the statute does and clarify that the definition of a health care provider is limited to those entities that furnish, or bill and are paid for, health care services in the normal course of business.
For a more detailed discussion of the definition of health care provider, we refer the reader to our proposed rule, HCFA-0045-P, Standard Health Care Provider Identifier, published on May 7, 1998 (63 FR 25320).
5. Health information.
“Health information,” as defined in section 1171 of the Act, means any information, whether oral or recorded in any form or medium, that--
- Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
- Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
We propose the same definition for our regulations.
6. Health plan.
We propose that a “health plan” be defined essentially as section 1171 of the Act defines it. Section 1171 of the Act cross refers to definitions in section 2791 of the Public Health Service Act (as added by Public Law 104-191, 42 U.S.C. 300gg-91); we would incorporate those definitions as currently stated into our proposed definitions for the convenience of the public. We note that many of these terms are defined in other statutes, such as the Employee Retirement Income Security Act of 1974 (ERISA), Public Law 93-406, 29 U.S.C. 1002(7) and the Public Health Service Act. Our definitions are based on the roles of plans in conducting administrative transactions, and any differences should not be construed to affect other statutes.
For purposes of implementing the provisions of administrative simplification, a “health plan” would be an individual or group health plan that provides, or pays the cost of, medical care. This definition includes, but is not limited to, the 13 types of plans listed in the statute. On the other hand, plans such as property and casualty insurance plans and workers compensation plans, which may pay health care costs in the course of administering nonhealth care benefits, are not considered to be health plans in the proposed definition of health plan. Of course, these plans may voluntarily adopt these standards for their own business needs. At some future time, the Congress may choose to expressly include some or all of these plans in the list of health plans that must comply with the standards.
Health plans often carry out their business functions through agents, such as plan administrators (including third party administrators), entities that are under “administrative services only” (ASO) contracts, claims processors, and fiscal agents. These agents may or may not be health plans in their own right; for example, a health plan may act as another health plan’s agent as another line of business. As stated earlier, a health plan that conducts HIPAA transactions through an agent is required to assure that the agent meets all HIPAA requirements that apply to the plan itself.
“Health plan” includes the following, singly or in combination:
a. “Group health plan” (as currently defined by section 2791(a) of the Public Health Service Act). A group health plan is a plan that has 50 or more participants (as the term “participant” is currently defined by section 3(7) of ERISA) or is administered by an entity other than the employer that established and maintains the plan. This definition includes both insured and self-insured plans. We define “participant” separately below.
Section 2791(a)(1) of the Public Health Service Act defines “group health plan” as an employee welfare benefit plan (as currently defined in section 3(1) of ERISA) to the extent that the plan provides medical care, including items and services paid for as medical care, to employees or their dependents directly or through insurance, or otherwise.
It should be noted that group health plans that have fewer than 50 participants and that are administered by the employer would be excluded from this definition and would not be subject to the administrative simplification provisions of HIPAA.
b. “Health insurance issuer” (as currently defined by section 2791(b) of the Public Health Service Act).
Section 2791(b)(2) of the Public Health Service Act currently defines a “health insurance issuer” as an insurance company, insurance service, or insurance organization that is licensed to engage in the business of insurance in a State and is subject to State law that regulates insurance.
c. “Health maintenance organization” (as currently defined by section 2791(b) of the Public Health Service Act).
Section 2791(b) of the Public Health Service Act currently defines a “health maintenance organization” as a Federally qualified health maintenance organization, an organization recognized as such under State law, or a similar organization regulated for solvency under State law in the same manner and to the same extent as such a health maintenance organization. These organizations may include preferred provider organizations, provider sponsored organizations, independent practice associations, competitive medical plans, exclusive provider organizations, and foundations for medical care.
d. Part A or Part B of the Medicare program (title XVIII of the Act).
e. The Medicaid program (title XIX of the Act).
f. A “Medicare supplemental policy” as defined under section 1882(g)(1) of the Act.
Section 1882(g)(1) of the Act defines a “Medicare supplemental policy” as a health insurance policy that a private entity offers a Medicare beneficiary to provide payment for expenses incurred for services and items that are not reimbursed by Medicare because of deductible, coinsurance, or other limitations under Medicare. The statutory definition of a Medicare supplemental policy excludes a number of plans that are generally considered to be Medicare supplemental plans, such as health plans for employees and former employees and for members and former members of trade associations and unions. A number of these health plans may be included under the definitions of “group health plan” or “health insurance issuer”, as defined in a. and b. above.
g. A “long-term care policy,” including a nursing home fixed-indemnity policy. A “long-term care policy” is considered to be a health plan regardless of how comprehensive it is. We recognize the long-term care insurance segment of the industry is largely unautomated and we welcome comments regarding the impact of HIPAA on the long-term care segment.
h. An employee welfare benefit plan or any other arrangement that is established or maintained for the purpose of offering or providing health benefits to the employees of two or more employers. This includes plans and other arrangements that are referred to as multiple employer welfare arrangements (“MEWAs”) as defined in section 3(40) of ERISA.
i. The health care program for active military personnel under title 10 of the United States Code.
j. The veterans health care program under chapter 17 of title 38 of the United States Code.
This health plan primarily furnishes medical care through hospitals and clinics administered by the Department of Veterans Affairs for veterans with a service-connected disability that is compensable. Veterans with non-service-connected disabilities (and no other health benefit plan) may receive health care under this health plan to the extent resources and facilities are available.
k. The Civilian Health and Medical Program of the Uniformed Services (CHAMPUS), as defined in 10 U.S.C. 1072(4).
CHAMPUS primarily covers services furnished by civilian medical providers to dependents of active duty members of the uniformed services and retirees and their dependents under age 65.
l. The Indian Health Service program under the Indian Health Care Improvement Act (25 U.S.C. 1601 et seq.).
This program furnishes services, generally through its own health care providers, primarily to persons who are eligible to receive services because they are of American Indian or Alaskan Native descent.
m. The Federal Employees Health Benefits Program under 5 U.S.C. chapter 89.
This program consists of health insurance plans offered to active and retired Federal employees and their dependents. Depending on the health plan, the services may be furnished on a fee-for-service basis or through a health maintenance organization.
(Note: Although section 1171(5)(M) of the Act refers to the “Federal Employees Health Benefit Plan,” this and any other rules adopting administrative simplification standards will use the correct name, the Federal Employees Health Benefits Program. One health plan does not cover all Federal employees; there are over 350 health plans that provide health benefits coverage to Federal employees, retirees, and their eligible family members. Therefore, we will use the correct name, the Federal Employees Health Benefits Program, to make clear that the administrative simplification standards apply to all health plans that participate in the Program.)
n. Any other individual or group health plan, or combination thereof, that provides or pays for the cost of medical care.
We would include a fourteenth category of health plan in addition to those specifically named in HIPAA, as there are health plans that do not readily fit into the other categories but whose major purpose is providing health benefits. The Secretary would determine which of these plans are health plans for purposes of title II of HIPAA. This category would include the Medicare Plus Choice plans that will become available as a result of section 1855 of the Act as amended by section 4001 of the Balanced Budget Act of 1997 (Public Law 105-33) to the extent that these health plans do not fall under any other category.
7. Medical care.
“Medical care,” which is used in the definition of health plan, would be defined as current section 2791 of the Public Health Service Act defines it: the diagnosis, cure, mitigation, treatment, or prevention of disease, or amounts paid for the purpose of affecting any body structure or function of the body; amounts paid for transportation primarily for and essential to these items; and amounts paid for insurance covering the items and the transportation specified in this definition.
We would define the term “participant” as section 3(7) of ERISA currently defines it: a “participant” is any employee or former employee of an employer, or any member or former member of an employee organization, who is or may become eligible to receive a benefit of any type from an employee benefit plan that covers employees of such an employer or members of such an organization, or whose beneficiaries may be eligible to receive any of these benefits. An “employee” would include an individual who is treated as an employee under section 401(c)(1) of the Internal Revenue Code of 1986 (26 U.S.C. 401(c)(1)).
9. Small health plan.
We would define a “small health plan” as a group health plan or individual health plan with fewer than 50 participants.
The HIPAA does not define a “small health plan” but instead leaves the definition to be determined by the Secretary. The Conference Report suggests that the appropriate definition of a “small health plan” is found in current section 2791(a) of the Public Health Service Act, which is a group health plan with fewer than 50 participants. We would also define small individual health plans as those with fewer than 50 participants.
Section 1171 of the Act defines “standard,” when used with reference to a data element of health information or a transaction referred to in section 1173(a)(1) of the Act, as any such data element or transaction that meets each of the standards and implementation specifications adopted or established by the Secretary with respect to the data element or transaction under sections 1172 through 1174 of the Act.
Under our definition, a standard would be a set of rules for a set of codes, data elements, transactions, or identifiers promulgated either by an organization accredited by the American National Standards Institute or HHS for the electronic transmission of health information.
“Transaction” would mean the exchange of information between two parties to carry out financial and administrative activities related to health care. A transaction would be any of the transactions listed in section 1173(a)(2) of the Act and any determined appropriate by the Secretary in accordance with section 1173(a)(1)(B) of the Act. We present them below in the order in which we propose to list them in the regulations text to thisdocument and in the regulations document for proposed standards for these transactions that we will publish later.
A “transaction” would mean any of the following:
a. Health claims or equivalent encounter information.
This transaction may be used to submit health care claim billing information, encounter information, or both, from health care providers to health plans, either directly or via intermediary billers and claims clearinghouses.
b. Health care payment and remittance advice.
This transaction may be used by a health plan to make a payment to a financial institution for a health care provider (sending payment only), to send an explanation of benefits or a remittance advice directly to a health care provider (sending data only), or to make payment and send an explanation of benefits remittance advice to a health care provider via a financial institution (sending both payment and data).
c. Coordination of benefits.
This transaction can be used to transmit health care claims and billing payment information between health plans with different payment responsibilities where coordination of benefits is required or between health plans and regulatory agencies to monitor the rendering, billing, and/or payment of health care services within a specific health care/insurance industry segment.
In addition to the nine electronic transactions specified in section 1173(a)(2) of the Act, section 1173(f) directs the Secretary to adopt standards for transferring standard data elements among health plans for coordination of benefits and sequential processing of claims. This particular provision does not state that these should be standards for electronic transfer of standard data elements among health plans. However, we believe that the Congress, when writing this provision, intended for these standards to apply to the electronic form of transactions for coordination of benefits and sequential processing of claims. The Congress expressed its intent on these matters generally in section 1173(a)(1)(B), where the Secretary is directed to adopt "other financial and administrative transactions . . . consistent with the goals of improving the operation of the health care system and reducing administrative costs". Adoption of a standard for electronic transmission of standard data elements among health plans for coordination of benefits and sequential processing of claims would serve these goals expressed by the Congress.
d. Health claim status.
This transaction may be used by health care providers and recipients of health care products or services (or their authorized agents) to request the status of a health care claim or encounter from a health plan.
e. Enrollment and disenrollment in a health plan.
This transaction may be used to establish communication between the sponsor of a health benefit and the health plan. It provides enrollment data, such as subscriber and dependents, employer information, and primary care health care provider information. The sponsor is the backer of the coverage, benefit, or product. A sponsor can be an employer, union, government agency, association, or insurance company. The health plan refers to an entity that pays claims, administers the insurance product or benefit, or both.
f. Eligibility for a health plan.
This transaction may be used to inquire about the eligibility, coverage, or benefits associated with a benefit plan, employer, plan sponsor, subscriber, or a dependent under the subscriber’s policy. It also can be used to communicate information about or changes to eligibility, coverage, or benefits from information sources (such as insurers, sponsors, and health plans) to information receivers (such as physicians, hospitals, third party administrators, and government agencies).
g. Health plan premium payments.
This transaction may be used by, for example, employers, employees, unions, and associations to make and keep track of payments of health plan premiums to their health insurers. This transaction may also be used by a health care provider, acting as liaison for the beneficiary, to make payment to a health insurer for coinsurance, copayments, and deductibles.
h. Referral certification and authorization.
This transaction may be used to transmit health care service referral information between primary care health care providers, health care providers furnishing services, and health plans. It can also be used to obtain authorization for certain health care services from a health plan.
i. First report of injury.
This transaction may be used to report information pertaining to an injury, illness, or incident to entities interested in the information for statistical, legal, claims, and risk management processing requirements.
j. Health claims attachments.
This transaction may be used to transmit health care service information, such as subscriber, patient, demographic, diagnosis, or treatment data for the purpose of a request for review, certification, notification, or reporting the outcome of a health care services review.
k. Other transactions as the Secretary may prescribe by regulation.
Under section 1173(a)(1)(B) of the Act, the Secretary shall adopt standards, and data elements for those standards, for other financial and administrative transactions deemed appropriate by the Secretary. These transactions would be consistent with the goals of improving the operation of the health care system and reducing administrative costs.
C. Effective Dates - General
In general, any given standard would be effective 24 months after the effective date (36 months for small health plans) of the final rule for that standard. Because there are other standards to be established than those in this proposed rule, we specify the date for a given standard under the subpart for that standard.
If HHS adopts a modification to an implementation specification or a standard, the implementation date of the modification would be no earlier than the 180th day following the adoption of the modification. HHS would determine the actual date, taking into account the time needed to comply due to the nature and extent of the modification. HHS would be able to extend the time for compliance for small health plans. This provision would be at § 142.106.
The law does not address scheduling of implementation of the standards; it gives only a date by which all concerned must comply. As a result, any of the health plans, health care clearinghouses, and health care providers may implement a given standard earlier than the date specified in the subpart created for that standard. We realize that this may create some problems temporarily, as early implementers would have to be able to continue using old standards until the new ones must, by law, be in place.
At the WEDI Healthcare Leadership Summit held on August 15, 1997, it was recommended that health care providers not be required to use any of the standards during the first year after the adoption of the standard. However, willing trading partners could implement any or all of the standards by mutual agreement at any time during the 2-year implementation phase (3-year implementation phase for small health plans). In addition, it was recommended that a health plan give its health care providers at least 6 months notice before requiring them to use a given standard.
We welcome comments specifically on early implementation as to the extent to which it would cause problems and how any problems might be alleviated.