NRPM: Standards for Electronic Transactions. Provisions of the Proposed Regulations


[Please label written comments or e-mailed comments about this section with the subject: Provisions]

In this proposed rule, we propose standards for eight transactions and for code sets to be used in the transactions. We also propose requirements concerning the implementation of these standards. This proposed rule would set forth requirements that health plans, health care clearinghouses, and certain health care providers would have to meet concerning the use of these standards.

We propose to add a new part to title 45 of the Code of Federal Regulations for health plans, health care providers, and health care clearinghouses in general. The new part would be part 142 of title 45 and would be titled “Administrative Requirements.” Subparts J through R would contain the provisions specifically concerning the standards proposed in this rule.

A. Applicability

Section 262 of HIPAA applies to all health plans, all health care clearinghouses, and any health care providers that transmit any health information in electronic form in connection with transactions referred to in section 1173(a)(1) of the Act. Our proposed rules (at 45 CFR 142.102) would apply to the health plans and health care clearinghouses as well, but we would clarify the statutory language in our regulations for health care providers: we would have the regulations apply to any health care provider only when electronically transmitting any of the transactions to which section 1173(a)(1) of the Act refers.

Electronic transmissions would include transmissions using all media, even when the transmission is physically moved from one location to another using magnetic tape, disk, or CD media. Transmissions over the Internet (wide-open), Extranet (using Internet technology to link a business with information only accessible to collaborating parties), leased lines, dial-up lines, and private networks are all included. Telephone voice response and “faxback” systems would not be included.

Our regulations would apply to health care clearinghouses when transmitting transactions to, and receiving transactions from, any health care provider or health plan that transmits and receives standard transactions (as defined under “transaction”) and at all times when transmitting to or receiving transactions from another health care clearinghouse.

Entities that offer on-line interactive transmission must comply with the standards. The HyperText Markup Language (HTML)interaction between a server and a browser by which the data elements of a transaction are solicited from a user would not have to use the standards, although the data content must be equal to that required for the standard. Once the data elements are assembled into a transaction by the server, the transmitted transaction would have to comply with the standards.

The law would apply to each health care provider when transmitting or receiving any of the specified electronic transactions. Transactions for certain services that are not normally considered health care services, but which may be covered by some health plans, would not be subject to the standards proposed in this rule. These services would include, but not be limited to: nonemergency transportation, physical alterations to living quarters for the purpose of accommodating disabilities, and case management. Other services may be added to this list at the discretion of the Secretary.

We invite comments on this list and ask for identification of other types of services that may fall into this category. We will publish a complete list of these services and a process to request an exemption in the final rule.

The law applies to health plans for all transactions.

Section 142.104 would contain the following provisions (from section 1175 of the Act):

If a person conducts a transaction (as defined in § 142.103) with a health plan as a standard transaction, the following apply:

(1) The health plan may not refuse to conduct the transaction as a standard transaction.

(2) The health plan may not delay the transaction or otherwise adversely affect, or attempt to adversely affect, the person or the transaction on the ground that the transaction is a standard transaction.

(3) The information transmitted and received in connection with the transaction must be in the form of standard data elements of health information.

As a further requirement, we would provide that a health plan that conducts transactions through an agent assure that the agent meets all the requirements of part 142 that apply to the health plan.

Section 142.105 would state that a person or other entity may meet the requirements of § 142.104 by either--

(1) Transmitting and receiving standard data elements, or

(2) Submitting nonstandard data elements to a health care clearinghouse for processing into standard data elements and transmission by the health care clearinghouse and receiving standard data elements through the health care clearinghouse.

Health care clearinghouses would be able to accept nonstandard transactions for the sole purpose of translating them into standard transactions for sending customers and would be able to accept standard transactions and translate them into nonstandard formats for receiving customers. We would state in § 142.105 that the transmission of nonstandard transactions, under contract, between a health plan or a health care provider and a health care clearinghouse would not violate the law.

Transmissions within a corporate entity would not be required to comply with the standards. A hospital that is wholly owned by a managed care company would not have to use the standards to pass encounter information back to the home office, but it would have to use the standard claims transaction to submit a claim to another health plan. Another example might be transactions within Federal agencies and their contractors and between State agencies within the same State. For example, Medicare enters into contracts with insurance companies and common working file sites that process Medicare claims using government furnished software. There is constant communication, on a private network, between HCFA Central Office and the Medicare carriers, intermediaries and common working file sites. This communication may continue in nonstandard mode. However, these contractors must comply with the standards when exchanging any of the transactions covered by HIPAA with an entity outside these “corporate” boundaries.

Although there are situations in which the use of the standards is not required (for example, health care providers may continue to submit paper claims and employers are not required to use any of the standard transactions), we stress that a standard may be used voluntarily in any situation in which it is not required.

B. Definitions

Section 1171 of the Act defines several terms and our proposed rules would, for the most part, simply restate the law. The terms that we are defining in this proposed rule follow:

  1. ASC X12 stands for the Accredited Standards Committee chartered by the American National Standards Institute to design national electronic standards for a wide range of business applications.
  2. ASC X12N stands for the ASC X12 subcommittee chartered to develop electronic standards specific to the insurance industry.
  3. Code set.

    We would define “code set” as section 1171(1) of the Act does: “code set” means any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnosis codes, or medical procedure codes.

  4. Health care clearinghouse.

    We would define “health care clearinghouse” as section 1171(2) of the Act does, but we are adding a further, clarifying sentence. The statute defines a “health care clearinghouse” as a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements. We would further explain that such an entity is one that currently receives health care transactions from health care providers and other entities, translates the data from a given format into one acceptable to the intended recipient, and forwards the processed transaction to appropriate health plans and other health care clearinghouses, as necessary, for further action.

    There are currently a number of private clearinghouses that perform these functions for health care providers. For purposes of this rule, we would consider billing services, repricing companies, community health management information systems or community health information systems, value-added networks, and switches performing these functions to be health care clearinghouses.

  5. Health care provider.

    As defined by section 1171(3) of the Act, a “health care provider” is a provider of services as defined in section 1861(u) of the Act, a provider of medical or other health services as defined in section 1861(s) of the Act, and any other person who furnishes health care services or supplies. Our regulations would define “health care provider” as the statute does and clarify that the definition of a health care provider is limited to those entities that furnish, or bill and are paid for, health care services in the normal course of business.

    For a more detailed discussion of the definition of health care provider, we refer the reader to our proposed rule, HCFA-0045-P, Standard Health Care Provider Identifier, published elsewhere in this Federal Register.

  6. Health information.

    “Health information,” as defined in section 1171 of the Act, means any information, whether oral or recorded in any form or medium, that--

    • Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
    • Relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.

    We propose the same definition for our regulations.

  7. Health plan.

    We propose that a “health plan” be defined essentially as section 1171 of the Act defines it. Section 1171 of the Act cross refers to definitions in section 2791 of the Public Health Service Act (as added by Public Law 104-191, 42 U.S.C. 300gg-91); we would incorporate those definitions as currently stated into our proposed definitions for the convenience of the public. We note that many of these terms are defined in other statutes, such as the Employee Retirement Income Security Act of 1974 (ERISA), Public Law 93-406, 29 U.S.C. 1002(7) and the Public Health Service Act. Our definitions are based on the roles of plans in conducting administrative transactions, and any differences should not be construed to affect other statutes.

    For purposes of implementing the provisions of administrative simplification, a “health plan” would be an individual or group health plan that provides, or pays the cost of, medical care. This definition includes, but is not limited to, the 13 types of plans listed in the statute. On the other hand, plans such as property and casualty insurance plans and workers compensation plans, which may pay health care costs in the course of administering nonhealth care benefits, are not considered to be health plans in the proposed definition of health plan. Of course, these plans may voluntarily adopt these standards for their own business needs. At some future time, the Congress may choose to expressly include some or all of these plans in the list of health plans that must comply with the standards.

    Health plans often carry out their business functions through agents, such as plan administrators (including third party administrators), entities that are under “administrative services only” (ASO) contracts, claims processors, and fiscal agents. These agents may or may not be health plans in their own right; for example, a health plan may act as another health plan’s agent as another line of business. As stated earlier, a health plan that conducts HIPAA transactions through an agent is required to assure that the agent meets all HIPAA requirements that apply to the plan itself.

    “Health plan” includes the following, singly or in combination:

    a. “Group health plan” (as currently defined by section 2791(a) of the Public Health Service Act). A group health plan is a plan that has 50 or more participants (as the term “participant” is currently defined by section 3(7) of ERISA) or is administered by an entity other than the employer that established and maintains the plan. This definition includes both insured and self-insured plans. We define “participant” separately below.

    Section 2791(a)(1) of the Public Health Service Act defines “group health plan” as an employee welfare benefit plan (as currently defined in section 3(1) of ERISA) to the extent that the plan provides medical care, including items and services paid for as medical care, to employees or their dependents directly or through insurance, or otherwise.

    It should be noted that group health plans that have fewer than 50 participants and that are administered by the employer would be excluded from this definition and would not be subject to the administrative simplification provisions of HIPAA.

    b. “Health insurance issuer” (as currently defined by section 2791(b) of the Public Health Service Act).

    Section 2791(b)(2) of the Public Health Service Act currently defines a “health insurance issuer” as an insurance company, insurance service, or insurance organization that is licensed to engage in the business of insurance in a State and is subject to State law that regulates insurance.

    c. “Health maintenance organization” (as currently defined by section 2791(b) of the Public Health Service Act).

    Section 2791(b) of the Public Health Service Act currently defines a “health maintenance organization” as a Federally qualified health maintenance organization, an organization recognized as such under State law, or a similar organization regulated for solvency under State law in the same manner and to the same extent as such a health maintenance organization. These organizations may include preferred provider organizations, provider sponsored organizations, independent practice associations, competitive medical plans, exclusive provider organizations, and foundations for medical care.

    d. Part A or Part B of the Medicare program (title XVIII of the Act).

    e. The Medicaid program (title XIX of the Act).

    f. A “Medicare supplemental policy” as defined under section 1882(g)(1) of the Act.

    Section 1882(g)(1) of the Act defines a “Medicare supplemental policy” as a health insurance policy that a private entity offers a Medicare beneficiary to provide payment for expenses incurred for services and items that are not reimbursed by Medicare because of deductible, coinsurance, or other limitations under Medicare. The statutory definition of a Medicare supplemental policy excludes a number of plans that are generally considered to be Medicare supplemental plans, such as health plans for employees and former employees and for members and former members of trade associations and unions. A number of these health plans may be included under the definitions of “group health plan” or “health insurance issuer”, as defined in a. and b. above.

    g. A “long-term care policy,” including a nursing home fixed-indemnity policy. A “long-term care policy” is considered to be a health plan regardless of how comprehensive it is. We recognize the long-term care insurance segment of the industry is largely unautomated and we welcome comments regarding the impact of HIPAA on the long-term care segment.

    h. An employee welfare benefit plan or any other arrangement that is established or maintained for the purpose of offering or providing health benefits to the employees of two or more employers. This includes plans and other arrangements that are referred to as multiple employer welfare arrangements (“MEWAs”) as defined in section 3(40) of ERISA.

    i. The health care program for active military personnel under title 10 of the United States Code.

    j. The veterans health care program under chapter 17 of title 38 of the United States Code.

    This health plan primarily furnishes medical care through hospitals and clinics administered by the Department of Veterans Affairs for veterans with a service-connected disability that is compensable. Veterans with non-service-connected disabilities (and no other health benefit plan) may receive health care under this health plan to the extent resources and facilities are available.

    k. The Civilian Health and Medical Program of the Uniformed Services (CHAMPUS), as defined in 10 U.S.C. 1072(4).

    CHAMPUS primarily covers services furnished by civilian medical providers to dependents of active duty members of the uniformed services and retirees and their dependents under age 65.

    l. The Indian Health Service program under the Indian Health Care Improvement Act (25 U.S.C. 1601 et seq.).

    This program furnishes services, generally through its own health care providers, primarily to persons who are eligible to receive services because they are of American Indian or Alaskan Native descent.

    m. The Federal Employees Health Benefits Program under 5 U.S.C. chapter 89.

    This program consists of health insurance plans offered to active and retired Federal employees and their dependents. Depending on the health plan, the services may be furnished on a fee-for-service basis or through a health maintenance organization.

    (Note: Although section 1171(5)(M) of the Act refers to the “Federal Employees Health Benefit Plan,” this and any other rules adopting administrative simplification standards will use the correct name, the Federal Employees Health Benefits Program. One health plan does not cover all Federal employees; there are over 350 health plans that provide health benefits coverage to Federal employees, retirees, and their eligible family members. Therefore, we will use the correct name, the Federal Employees Health Benefits Program, to make clear that the administrative simplification standards apply to all health plans that participate in the Program.)

    n. Any other individual or group health plan, or combination thereof, that provides or pays for the cost of medical care.

    We would include a fourteenth category of health plan in addition to those specifically named in HIPAA, as there are health plans that do not readily fit into the other categories but whose major purpose is providing health benefits. The Secretary would determine which of these plans are health plans for purposes of title II of HIPAA. This category would include the Medicare Plus Choice plans that will become available as a result of section 1855 of the Act as amended by section 4001 of the Balanced Budget Act of 1997 (Public Law 105-33) to the extent that these health plans do not fall under any other category.

  8. Medical care.

    “Medical care,” which is used in the definition of health plan, would be defined as current section 2791 of the Public Health Service Act defines it: the diagnosis, cure, mitigation, treatment, or prevention of disease, or amounts paid for the purpose of affecting any body structure or function of the body; amounts paid for transportation primarily for and essential to these items; and amounts paid for insurance covering the items and the transportation specified in this definition.

  9. Participant.

    We would define the term “participant” as section 3(7) of ERISA currently defines it: a “participant” is any employee or former employee of an employer, or any member or former member of an employee organization, who is or may become eligible to receive a benefit of any type from an employee benefit plan that covers employees of such an employer or members of such organizations, or whose beneficiaries may be eligible to receive any such benefits. An “employee” would include an individual who is treated as an employee under section 401(c)(1) of the Internal Revenue Code of 1986 (26 U.S.C. 401(c)(1)).

  10. Small health plan.

    We would define a “small health plan” as a group health plan with fewer than 50 participants.

    The HIPAA does not define a “small health plan” but instead leaves the definition to be determined by the Secretary. The Conference Report suggests that the appropriate definition of a “small health plan” is found in current section 2791(a) of the Public Health Service Act, which is a group health plan with fewer than 50 participants. We would also define small individual health plans as those with fewer than 50 participants.

  11. Standard.

    Section 1171 of the Act defines “standard,” when used with reference to a data element of health information or a transaction referred to in section 1173(a)(1) of the Act, as any such data element or transaction that meets each of the standards and implementation specifications adopted or established by the Secretary with respect to the data element or transaction under sections 1172 through 1174 of the Act.

    Under our definition, a standard would be a set of rules for a set of codes, data elements, transactions, or identifiers promulgated either by an organization accredited by ANSI or the HHS for the electronic transmission of health information.

  12. Transaction.

    “Transaction” would mean the exchange of information between two parties to carry out financial and administrative activities related to health care. A transaction would be (a) any of the transactions listed in section 1173(a)(2) of the Act and (b) any determined appropriate by the Secretary in accordance with section 1173(a)(1)(B) of the Act. We present them below in the order in which we propose standards for them in the regulations text.

    A “transaction” would mean any of the following:

    a. Health claims or equivalent encounter information.

    This transaction may be used to submit health care claim billing information, encounter information, or both, from health care providers to health plans, either directly or via intermediary billers and claims clearinghouses.

    b. Health care payment and remittance advice.

    This transaction may be used by a health plan to make a payment to a financial institution for a health care provider (sending payment only), to send an explanation of benefits or a remittance advice directly to a health care provider (sending data only), or to make payment and send an explanation of benefits remittance advice to a health care provider via a financial institution (sending both payment and data).

    c. Coordination of benefits.

    This transaction can be used to transmit health care claims and billing payment information between health plans with different payment responsibilities where coordination of benefits is required or between health plans and regulatory agencies to monitor the rendering, billing, and/or payment of health care services within a specific health care/insurance industry segment.

    In addition to the nine electronic transactions specified in section 1173(a)(2) of the Act, section 1173(f) directs the Secretary to adopt standards for transferring standard data elements among health plans for coordination of benefits and sequential processing of claims. This particular provision does not state that there should be standards for electronic transfer of standard data elements among health plans. However, we believe that the Congress, when writing this provision, intended for these standards to apply to the electronic form for coordination of benefits and sequential processing of claims. The Congress expressed its intent on these matters generally in section 1173(a)(1)(B), where the Secretary is directed to adopt "other financial and administrative transactions...consistent with the goals of improving the operation of the health care system and reducing administrative costs."

    d. Health claim status.

    This transaction may be used by health care providers and recipients of health care products or services (or their authorized agents) to request the status of a health care claim or encounter from a health plan.

    e. Enrollment and disenrollment in a health plan.

    This transaction may be used to establish communication between the sponsor of a health benefit and the health plan. It provides enrollment data, such as subscriber and dependents, employer information, and health care provider information. The sponsor is the backer of the coverage, benefit or product. A sponsor can be an employer, union, government agency, association, or insurance company. The health plan refers to an entity that pays claims, administers the insurance product or benefit, or both.

    f. Eligibility for a health plan.

    This transaction may be used to inquire about the eligibility, coverage, or benefits associated with a benefit plan, employer, plan sponsor, subscriber, or a dependent under the subscriber’s policy. It also can be used to communicate information about or changes to eligibility, coverage, or benefits from information sources (such as insurers, sponsors, and health plans) to information receivers (such as physicians, hospitals, third party administrators, and government agencies).

    g. Health plan premium payments.

    This transaction may be used by, for example, employers, employees, unions, and associations to make and keep track of payments of health plan premiums to their health insurers.

    h. Referral certification and authorization.

    This transaction may be used to transmit health care service referral information between health care providers, health care providers furnishing services, and health plans. It can also be used to obtain authorization for certain health care services from a health plan.

    i. First report of injury.

    This transaction may be used to report information pertaining to an injury, illness, or incident to entities interested in the information for statistical, legal, claims, and risk management processing requirements. Although we are proposing a definition for this transaction, we are not proposing a standard for it in this Federal Register document. (See section E.9 for a more in-depth discussion.) We will publish a separate proposed rule for it.

    j. Health claims attachments.

    This transaction may be used to transmit health care service information, such as subscriber, patient, demographic, diagnosis, or treatment data for the purpose of a request for review, certification, notification, or reporting the outcome of a health care services review. Although we are proposing a definition for this transaction, we are not proposing a standard for it in this Federal Register document because the legislation gave the Secretary an additional year to designate this standard. We will publish a separate proposed rule for it.

    k. Other transactions as the Secretary may prescribe by regulation.

    Under section 1173(a)(1)(B) of the Act, the Secretary shall adopt standards, and data elements for those standards, for other financial and administrative transactions deemed appropriate by the Secretary. These transactions would be consistent with the goals of improving the operation of the health care system and reducing administrative costs.

C. Effective Dates - General

Health plans would be required by Part 142 to comply with our requirements as follows:

  1. Each health plan that is not a small health plan would have to comply with the requirements of Part 142 no later than 24 months after the effective date of the final rule.
  2. Each small health plan would have to comply with the requirements of Part 142 no later than 36 months after the effective date of the final rule.

Health care providers and health care clearinghouses would be required to begin using the standard by 24 months after the effective date of the final rule.

(The effective date of the final rule will be 60 days after the final rule is published in the Federal Register.)

Provisions of trading partner agreements that stipulate data content, format definitions or conditions that conflict with the adopted standard would be invalid beginning 36 months from the effective date of the final rule for small health plans, and 24 months from the effective date of the final rule for all other health plans.

If HHS adopts a modification to an implementation specification or a standard, the implementation date of the modification would be no earlier than the 180th day following the adoption of the modification. HHS would determine the actual date, taking into account the time needed to comply due to the nature and extent of the modification. HHS would be able to extend the time for compliance for small health plans. This provision would be at § 142.106.

The law does not address scheduling of implementation of the standards; it gives only a date by which all concerned must comply. As a result, any of the health plans, health care clearinghouses, and health care providers may implement a given standard earlier than the date specified in the subpart created for that standard. We realize that this may create some problems temporarily, as early implementers would have to be able to continue using old standards until the new ones must, by law, be in place.

At the WEDI Healthcare Leadership Summit held on August 15, 1997, it was recommended that health care providers not be required to use any of the the standards during the first year after the adoption of the standard. However, willing trading partners could implement any or all of the standards by mutual agreement at any time during the 2-year implementation phase (3- year implementation phase for small health plans). In addition, it was recommended that a health plan give its health care providers at least 6 months notice before requiring them to use a given standard.

We welcome comments specifically on early implementation as to the extent to which it would cause problems and how any problems might be alleviated.