What are the major differences between the proposed rule and the final rule?



The proposed rule included an exception for person-to-computer transactions (interaction between server to browser, direct data entry, faxback, etc.). This exception has been eliminated in the final rule. Although we recognize that there are no X12N standards for these interactions, there are standard elements and data content. Therefore, those transmissions must use the adopted standard data elements and data content. The "direct data entry" process, using dumb terminals or computer browser screens, where the data are directly keyed by a provider into a health plan's computer would not have to use the format, but the data content must conform. If the data are entered into a system that is outside the health plan's system, to be sent later, it must be sent using the full standard.

The final rule includes a statement in the preamble to recognize that the Secretary has the authority under HIPAA to adopt standards for all transactions (not just those in electronic form), but that she has chosen to exercise her authority for electronic transactions. Most paper forms cannot accommodate all of the data content required on the electronic transactions.

The final rule has eliminated the discussion of internal/external transactions. Instead, the final rule lays out a simpler process to determine when standards must be used for transactions. This process is not defined on the basis of corporate boundaries.

Exceptions for State Law

This issue will be addressed in the final rule for privacy standards.


Small Health Plan - We amended the definition to be consistent with the requirements of the Small Business Administration. A small health plan is defined as one with a maximum of $5 million in annual receipts.

Modifications to Adopted Standards - The final rule distinguishes between "maintenance" and "modifications" of the standard transactions. "Maintenance" is defined as those activities necessary to support the use of a standard adopted by the Secretary. These activities include technical corrections to an implementation specification and enhancements or expansion of a data code set. Such changes could be non-substantive, or error corrections. Public comment and notification is required as part of the normal ANSI-accredited standards development process, so a new regulation would not be required. "Modification" is defined as a change to a standard or an implementation specification adopted by the Secretary through regulation.

Designated Standard Maintenance Organizations (DSMOs) - The groups designated as DSMOs were published in a seperate Federal Register notice on the same day as the final rule.

Changes to Regulation Text

In parts 160 and 162, the final rule includes the addition of many new definitions to clarify the applicability and scope of the rule. These include definitions for such items as covered entity, business associate, direct data entry, and electronic media. Other definitions were added to aid in the articulation of the process by which standards are adopted and changed; these include definitions for compliance date, modification, Standard Setting organization (SSO), maintenance, and Designated Standards Maintenance Organization (DSMO).

Language from the proposed rule was revised in the final rule to state that a health plan may not delay the transaction or otherwise adversely affect, or attempt to adversely affect, the person or the transaction on the basis that the transaction is a standard transaction.

The final rule names the NCPDP telecommunication standard 5.1 and batch equivalent, instead of X12N standards, for the following transactions with retail pharmacies: eligibility for a health plan, health care payment and remittance advice.