[Please label written and e-mailed comments about this section with the subject: Provisions.]
In this proposed rule, we propose a standard health care provider identifier and requirements concerning its implementation. This rule would establish requirements that health plans, health care providers, and health care clearinghouses would have to meet to comply with the statutory requirement to use a unique identifier in electronic transactions. We propose to add a new part to title 45 of the Code of Federal Regulations for health plans, health care providers, and health care clearinghouses in general. The new part would be part 142 of title 45 and would be titled “Administrative Requirements.” Subpart D would contain provisions specific to the NPI.
Section 262 of HIPAA applies to all health plans, all health care clearinghouses, and any health care providers that transmit any health information in electronic form in connection with transactions referred to in section 1173(a)(1) of the Act. Our proposed rules (at 45 CFR 142.102) would apply to the health plans and health care clearinghouses as well, but we would clarify the statutory language in our regulations for health care providers: we would have the regulations apply to any health care provider only when electronically transmitting any of the transactions to which section 1173(a)(1) of the Act refers.
Electronic transmissions would include transmissions using all media, even when the transmission is physically moved from one location to another using magnetic tape, disk, or CD media. Transmissions over the Internet (wide-open), Extranet (using Internet technology to link a business with information only accessible to collaborating parties), leased lines, dial-up lines, and private networks are all included. Telephone voice response and “faxback” systems would not be included. The “HTML” interaction between a server and a browser by which the elements of a transaction are solicited from a user would not be included, but once assembled into a transaction by the server, transmission of the full transaction to another corporate entity, such as a health plan, would be required to comply.
Our regulations would apply to health care clearinghouses when transmitting transactions to, and receiving transactions from, a health care provider or health plan that transmits and receives standard transactions (as defined under “transaction”) and at all times when transmitting to or receiving electronic transactions from another health care clearinghouse. The law would apply to each health care provider when transmitting or receiving any electronic transaction.
The law applies to health plans for all transactions.
Section 142.104 would contain the following provisions (from section 1175 of the Act):
If a person desires to conduct a transaction (as defined in § 142.103) with a health plan as a standard transaction, the following apply:
(1) The health plan may not refuse to conduct the transaction as a standard transaction.
(2) The health plan may not delay the transaction or otherwise adversely affect, or attempt to adversely affect, the person or the transaction on the ground that the transaction is a standard transaction.
(3) The information transmitted and received in connection with the transaction must be in the form of standard data elements of health information.
As a further requirement, we would require that a health plan that conducts transactions through an agent assure that the agent meets all the requirements of part 142 that apply to the health plan.
Section 142.105 would state that a person or other entity may meet the requirements of § 142.104 by either--
(1) Transmitting and receiving standard data elements, or
(2) Submitting nonstandard data elements to a health care clearinghouse for processing into standard data elements and transmission by the health care clearinghouse and receiving standard data elements through the clearinghouse.
Health care clearinghouses would be able to accept nonstandard transactions for the sole purpose of translating them into standard transactions for sending customers and would be able to accept standard transactions and translate them into nonstandard formats for receiving customers. We would state in § 142.105 that the transmission of nonstandard transactions, under contract, between a health plan or a health care provider and a health care clearinghouse would not violate the law.
Transmissions within a corporate entity would not be required to comply with the standards. A hospital that is wholly owned by a managed care company would not have to use the standards to pass encounter information back to the home office, but it would have to use the standard claims transaction to submit a claim to another health plan. Another example might be transactions within Federal agencies and their contractors and between State agencies within the same State. For example, Medicare enters into contracts with insurance companies and common working file sites that process Medicare claims using government furnished software. There is constant communication, on a private network, between HCFA Central Office and the Medicare carriers, intermediaries and common working file sites. This communication may continue in nonstandard mode. However, these contractors must comply with the standards when exchanging any of the transactions covered by HIPAA with an entity outside these “corporate” boundaries.
Section 1171 of the Act defines several terms and our proposed rules would, for the most part, simply restate the law. The terms that we are defining in this proposed rule follow:
We would define “code set” as section 1171(1) of the Act does: “code set” means any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes.
We would define “health care clearinghouse” as section 1171(2) of the Act does, but we are adding a further, clarifying sentence. The statute defines a “health care clearinghouse” as a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements. We would further explain that such an entity is one that currently receives health care transactions from health care providers and other entities, translates the data from a given format into one acceptable to the intended recipient and forwards the processed transaction to appropriate health plans and other clearinghouses, as necessary, for further action.
There are currently a number of private clearinghouses that perform these functions for health care providers. For purposes of this rule, we would consider billing services, repricing companies, community health management information systems or community health information systems, value-added networks, and switches performing these functions to be health care clearinghouses.
As defined by section 1171(3) of the Act, a “health care provider” is a provider of services as defined in section 1861(u) of the Act, a provider of medical or other health services as defined in section 1861(s) of the Act, and any other person who furnishes health care services or supplies. Our regulations would define “health care provider” as the statute does and clarify that the definition of a health care provider is limited to those entities that furnish, or bill and are paid for, health care services in the normal course of business.
The statutory definition of a health care provider is broad. Section 1861(u) contains the Medicare definition of a provider, which encompasses institutional providers such as hospitals, skilled nursing facilities, home health agencies, and comprehensive outpatient rehabilitation facilities. Section 1861(s) defines other Medicare facilities and practitioners, including assorted clinics and centers, physicians, clinical laboratories, various licensed/certified health care practitioners, and suppliers of durable medical equipment. The last portion of the definition encompasses any appropriately licensed or certified health care practitioners or organizations, including pharmacies and nursing homes and many types of therapists, technicians, and aides. It also includes any other individual or organization that furnishes health care services or supplies. We believe that an individual or organization that bills and is paid for health care services or supplies is also a health care provider for purposes of the statute.
Section 1173(b)(1) of the Act requires the Secretary to adopt standards for unique identifiers for all health care providers. The definition of a “health care provider” at section 1171(3) includes all Medicare providers and “any other person furnishing health care services and supplies.” These two provisions require that provider identifiers may not be limited to only those health care providers that bill electronically or those that bill in their own right. Instead provider identifiers will eventually be available to all those that provide health services. Penalties for failure to use the correct identifiers, however, are limited to those that fail to use the identifiers or other standards in the nine designated electronic transactions. As we discuss under a later section in this preamble,III. Implementation of the NPI, we do not expect to be able to assign identifiers immediately to all health care providers that do not participate in electronic transactions.
Our proposed definition of a health care provider would not include health industry workers who support the provision of health care but who do not provide health services, such as admissions and billing personnel, housekeeping staff, and orderlies.
We describe two alternatives for defining general categories of health care providers for enumeration purposes. In the first, we would categorize health care providers as individuals, organizations, or groups. In the second, we would categorize health care providers as individuals or organizations, which would include groups. The data to be collected for each category of health care provider are described in the preamble in section IV. B. Data Elements. We welcome your comments on whether group providers need to be distinguished from organization providers.
Individuals are treated differently than organizations and groups because the data available to search for duplicates (for example, date and place of birth) are different. Organizations and groups may need to be treated differently from each other because it is possible that a group is not specifically licensed or certified to provide health care, whereas an organization usually is. It may, therefore, be important to be able to link the individual members to the group. It would not be possible to distinguish one category from another by looking at the NPI. The NPS would contain the kinds of data necessary to adequately categorize each health care provider.
The categories are described as follows:
Individual--A human being who is licensed, certified or otherwise authorized to perform medical services or provide medical care, equipment and/or supplies in the normal course of business. Examples of individuals are physicians, nurses, dentists, pharmacists, and physical therapists.
Organization--An entity, other than an individual, that is licensed, certified or otherwise authorized to provide medical services, care, equipment or supplies in the normal course of business. The licensure, certification, or other recognition is granted to the organization entity. Individual owners, managers, or employees of the organization may also be certified, licensed, or otherwise recognized as individual health care providers in their own right. Each separate physical location of an organization, each member of an organization chain, and each subpart of an organization that needs to be identified would receive its own NPI. NPIs of organization providers would not be linked within the NPS to NPIs of other health care providers. Examples of organizations are hospitals, laboratories, ambulance companies, health maintenance organizations, and pharmacies.
In the first alternative for categorizing health care providers, as described above, we would distinguish a group from an organization. We would define a group as follows:
Group--An entity composed of one or more individuals (as defined above), generally created to provide coverage of patients’ needs in terms of office hours, professional backup and support, or range of services resulting in specific billing or payment arrangements. It is possible that the group itself is not licensed or certified, but the individual(s) who compose the group are licensed, certified or otherwise authorized to provide health care services. The NPIs of the group member(s) would be linked within the NPS to the NPI of the group. An individual can be a member of multiple groups. Examples of groups are (1) two physicians practicing as a group where they bill and receive payment for their services as a group and (2) an incorporated individual billing and receiving payment as a corporation.
The ownership of a group or organization can change if it is sold, consolidated, or merged, or if control changes due to stock acquisition. In many cases, the nature of the provider itself (for example, its location, staff or types of services provided) is not affected. In general, the NPI of the provider should not change in these situations unless the change of ownership affects the nature of the provider. (Example: If a hospital is acquired and then converted to a rehabilitation center, it would need to obtain a new NPI.) There may also be circumstances where a new NPI should be issued. (Example: a physicians’ group practice operating as a partnership dissolves that partnership and another partnership of physicians acquires and operates the practice.) We solicit comments on rules to be applied.
We discuss the enumeration of health care providers in more detail, in III. Implementation of the NPI, later in this preamble.
“Health information,” as defined in section 1171 of the Act, means any information, whether oral or recorded in any form or medium, that--
We propose the same definition for our regulations.
We propose that a “health plan” be defined essentially as section 1171 of the Act defines it. Section 1171 of the Act cross refers to definitions in section 2791 of the Public Health Service Act (as added by Public Law 104-191, 42 U.S.C. 300gg-91); we would incorporate those definitions as currently stated into our proposed definitions for the convenience of the public. We note that many of these terms are defined in other statutes, such as the Employee Retirement Income Security Act of 1974 (ERISA), Public Law 93-406, 29 U.S.C. 1002(7) and the Public Health Service Act. Our definitions are based on the roles of plans in conducting administrative transactions, and any differences should not be construed to affect other statutes.
For purposes of implementing the provisions of administrative simplification, a “health plan” would be an individual or group health plan that provides, or pays the cost of, medical care. This definition includes, but is not limited to, the 13 types of plans listed in the statute. On the other hand, plans such as property and casualty insurance plans and workers compensation plans, which may pay health care costs in the course of administering nonhealth care benefits, are not considered to be health plans in the proposed definition of health plan. Of course, these plans may voluntarily adopt these standards for their own business needs. At some future time, the Congress may choose to expressly include some or all of these plans in the list of health plans that must comply with the standards.
Health plans often carry out their business functions through agents, such as plan administrators (including third party administrators), entities that are under “administrative services only” (ASO) contracts, claims processors, and fiscal agents. These agents may or may not be health plans in their own right; for example, a health plan may act as another health plan’s agent as another line of business. As stated earlier, a health plan that conducts HIPAA transactions through an agent is required to assure that the agent meets all HIPAA requirements that apply to the plan itself.
“Health plan” includes the following, singly or in combination:
a. “Group health plan” (as currently defined by section 2791(a) of the Public Health Service Act). A group health plan is a plan that has 50 or more participants (as the term “participant” is currently defined by section 3(7) of ERISA) or is administered by an entity other than the employer that established and maintains the plan. This definition includes both insured and self-insured plans. We define “participant” separately below.
Section 2791(a)(1) of the Public Health Service Act defines “group health plan” as an employee welfare benefit plan (as currently defined in section 3(1) of ERISA) to the extent that the plan provides medical care, including items and services paid for as medical care, to employees or their dependents directly or through insurance, or otherwise.
It should be noted that group health plans that have fewer than 50 participants and that are administered by the employer would be excluded from this definition and would not be subject to the administrative simplification provisions of HIPAA.
b. “Health insurance issuer” (as currently defined by section 2791(b) of the Public Health Service Act).
Section 2791(b)(2) of the Public Health Service Act currently defines a “health insurance issuer” as an insurance company, insurance service, or insurance organization that is licensed to engage in the business of insurance in a State and is subject to State law that regulates insurance.
c. “Health maintenance organization” (as currently defined by section 2791(b) of the Public Health Service Act).
Section 2791(b) of the Public Health Service Act currently defines a “health maintenance organization” as a Federally qualified health maintenance organization, an organization recognized as such under State law, or a similar organization regulated for solvency under State law in the same manner and to the same extent as such a health maintenance organization. These organizations may include preferred provider organizations, provider sponsored organizations, independent practice associations, competitive medical plans, exclusive provider organizations, and foundations for medical care.
d. Part A or Part B of the Medicare program (title XVIII of the Act).
e. The Medicaid program (title XIX of the Act).
f. A “Medicare supplemental policy” as defined under section 1882(g)(1) of the Act.
Section 1882(g)(1) of the Act defines a “Medicare supplemental policy” as a health insurance policy that a private entity offers a Medicare beneficiary to provide payment for expenses incurred for services and items that are not reimbursed by Medicare because of deductible, coinsurance, or other limitations under Medicare. The statutory definition of a Medicare supplemental policy excludes a number of plans that are generally considered to be Medicare supplemental plans, such as health plans for employees and former employees and for members and former members of trade associations and unions. A number of these health plans may be included under the definitions of “group health plan” or “health insurance issuer”, as defined in a. and b. above.
g. A “long-term care policy,” including a nursing home fixed-indemnity policy. A “long-term care policy” is considered to be a health plan regardless of how comprehensive it is. We recognize the long-term care insurance segment of the industry is largely unautomated and we welcome comments regarding the impact of HIPAA on the long-term care segment.
h. An employee welfare benefit plan or any other arrangement that is established or maintained for the purpose of offering or providing health benefits to the employees of two or more employers. This includes plans and other arrangements that are referred to as multiple employer welfare arrangements (“MEWAs”) as defined in section 3(40) of ERISA.
i. The health care program for active military personnel under title 10 of the United States Code.
j. The veterans health care program under chapter 17 of title 38 of the United States Code.
This health plan primarily furnishes medical care through hospitals and clinics administered by the Department of Veterans Affairs for veterans with a service-connected disability that is compensable. Veterans with non-service-connected disabilities (and no other health benefit plan) may receive health care under this health plan to the extent resources and facilities are available.
k. The Civilian Health and Medical Program of the Uniformed Services (CHAMPUS), as defined in 10 U.S.C. 1072(4).
CHAMPUS primarily covers services furnished by civilian medical providers to dependents of active duty members of the uniformed services and retirees and their dependents under age 65.
l. The Indian Health Service program under the Indian Health Care Improvement Act (25 U.S.C. 1601 et seq.).
This program furnishes services, generally through its own health care providers, primarily to persons who are eligible to receive services because they are of American Indian or Alaskan Native descent.
m. The Federal Employees Health Benefits Program under 5 U.S.C. chapter 89.
This program consists of health insurance plans offered to active and retired Federal employees and their dependents. Depending on the health plan, the services may be furnished on a fee-for-service basis or through a health maintenance organization.
(Note: Although section 1171(5)(M) of the Act refers to the “Federal Employees Health Benefit Plan,” this and any other rules adopting administrative simplification standards will use the correct name, the Federal Employees Health Benefits Program. One health plan does not cover all Federal employees; there are over 350 health plans that provide health benefits coverage to Federal employees, retirees, and their eligible family members. Therefore, we will use the correct name, the Federal Employees Health Benefits Program, to make clear that the administrative simplification standards apply to all health plans that participate in the Program.)
n. Any other individual or group health plan, or combination thereof, that provides or pays for the cost of medical care.
We would include a fourteenth category of health plan in addition to those specifically named in HIPAA, as there are health plans that do not readily fit into the other categories but whose major purpose is providing health benefits. The Secretary would determine which of these plans are health plans for purposes of title II of HIPAA. This category would include the Medicare Plus Choice plans that will become available as a result of section 1855 of the Act as amended by section 4001 of the Balanced Budget Act of 1997 (Public Law 105-33) to the extent that these health plans do not fall under any other category.
“Medical care,” which is used in the definition of health plan, would be defined as current section 2791 of the Public Health Service Act defines it: the diagnosis, cure, mitigation, treatment, or prevention of disease, or amounts paid for the purpose of affecting any body structure or function of the body; amounts paid for transportation primarily for and essential to these items; and amounts paid for insurance covering the items and the transportation specified in this definition.
We would define the term “participant” as section 3(7) of ERISA currently defines it: a “participant” is any employee or former employee of an employer, or any member or former member of an employee organization, who is or may become eligible to receive a benefit of any type from an employee benefit plan that covers employees of such an employer or members of such organizations, or whose beneficiaries may be eligible to receive any such benefits. An “employee” would include an individual who is treated as an employee under section 401(c)(1) of the Internal Revenue Code of 1986 (26 U.S.C. 401(c)(1)).
We would define a “small health plan” as a group health plan with fewer than 50 participants.
The HIPAA does not define a “small health plan” but instead leaves the definition to be determined by the Secretary. The Conference Report suggests that the appropriate definition of a “small health plan” is found in current section 2791(a) of the Public Health Service Act, which is a group health plan with fewer than 50 participants. We would also define small individual health plans as those with fewer than 50 participants.
Section 1171 of the Act defines “standard,” when used with reference to a data element of health information or a transaction referred to in section 1173(a)(1) of the Act, as any such data element or transaction that meets each of the standards and implementation specifications adopted or established by the Secretary with respect to the data element or transaction under sections 1172 through 1174 of the Act.
Under our definition, a standard would be a set of rules for a set of codes, data elements, transactions, or identifiers promulgated either by an organization accredited by the American National Standards Institute or HHS for the electronic transmission of health information.
“Transaction” would mean the exchange of information between two parties to carry out financial and administrative activities related to health care. A transaction would be any of the transactions listed in section 1173(a)(2) of the Act and any determined appropriate by the Secretary in accordance with section 1173(a)(1)(B) of the Act. We present them below in the order in which we propose to list them in the regulations text to this document and in the regulations document for proposed standards for these transactions that we will publish later.
A “transaction” would mean any of the following:
This transaction may be used to submit health care claim billing information, encounter information, or both, from health care providers to health plans, either directly or via intermediary billers and claims clearinghouses.
This transaction may be used by a health plan to make a payment to a financial institution for a health care provider (sending payment only), to send an explanation of benefits or a remittance advice directly to a health care provider (sending data only), or to make payment and send an explanation of benefits remittance advice to a health care provider via a financial institution (sending both payment and data).
This transaction can be used to transmit health care claims and billing payment information between health plans with different payment responsibilities where coordination of benefits is required or between health plans and regulatory agencies to monitor the rendering, billing, and/or payment of health care services within a specific health care/insurance industry segment.
In addition to the nine electronic transactions specified in section 1173(a)(2) of the Act, section 1173(f) directs the Secretary to adopt standards for transferring standard data elements among health plans for coordination of benefits and sequential processing of claims. This particular provision does not state that these should be standards for electronic transfer of standard data elements among health plans. However, we believe that the Congress, when writing this provision, intended for these standards to apply to the electronic form of transactions for coordination of benefits and sequential processing of claims. The Congress expressed its intent on these matters generally in section 1173(a)(1)(B), where the Secretary is directed to adopt "other financial and administrative transactions . . . consistent with the goals of improving the operation of the health care system and reducing administrative costs". Adoption of a standard for electronic transmission of standard data elements among health plans for coordination of benefits and sequential processing of claims would serve these goals expressed by the Congress.
This transaction may be used by health care providers and recipients of health care products or services (or their authorized agents) to request the status of a health care claim or encounter from a health plan.
This transaction may be used to establish communication between the sponsor of a health benefit and the health plan. It provides enrollment data, such as subscriber and dependents, employer information, and primary care health care provider information. The sponsor is the backer of the coverage, benefit, or product. A sponsor can be an employer, union, government agency, association, or insurance company. The health plan refers to an entity that pays claims, administers the insurance product or benefit, or both.
This transaction may be used to inquire about the eligibility, coverage, or benefits associated with a benefit plan, employer, plan sponsor, subscriber, or a dependent under the subscriber’s policy. It also can be used to communicate information about or changes to eligibility, coverage, or benefits from information sources (such as insurers, sponsors, and health plans) to information receivers (such as physicians, hospitals, third party administrators, and government agencies).
This transaction may be used by, for example, employers, employees, unions, and associations to make and keep track of payments of health plan premiums to their health insurers. This transaction may also be used by a health care provider, acting as liaison for the beneficiary, to make payment to a health insurer for coinsurance, copayments, and deductibles.
This transaction may be used to transmit health care service referral information between primary care health care providers, health care providers furnishing services, and health plans. It can also be used to obtain authorization for certain health care services from a health plan.
This transaction may be used to report information pertaining to an injury, illness, or incident to entities interested in the information for statistical, legal, claims, and risk management processing requirements.
This transaction may be used to transmit health care service information, such as subscriber, patient, demographic, diagnosis, or treatment data for the purpose of a request for review, certification, notification, or reporting the outcome of a health care services review.
Under section 1173(a)(1)(B) of the Act, the Secretary shall adopt standards, and data elements for those standards, for other financial and administrative transactions deemed appropriate by the Secretary. These transactions would be consistent with the goals of improving the operation of the health care system and reducing administrative costs.
In general, any given standard would be effective 24 months after the effective date (36 months for small health plans) of the final rule for that standard. Because there are other standards to be established than those in this proposed rule, we specify the date for a given standard under the subpart for that standard.
If HHS adopts a modification to an implementation specification or a standard, the implementation date of the modification would be no earlier than the 180th day following the adoption of the modification. HHS would determine the actual date, taking into account the time needed to comply due to the nature and extent of the modification. HHS would be able to extend the time for compliance for small health plans. This provision would be at § 142.106.
The law does not address scheduling of implementation of the standards; it gives only a date by which all concerned must comply. As a result, any of the health plans, health care clearinghouses, and health care providers may implement a given standard earlier than the date specified in the subpart created for that standard. We realize that this may create some problems temporarily, as early implementers would have to be able to continue using old standards until the new ones must, by law, be in place.
At the WEDI Healthcare Leadership Summit held on August 15, 1997, it was recommended that health care providers not be required to use any of the the standards during the first year after the adoption of the standard. However, willing trading partners could implement any or all of the standards by mutual agreement at any time during the 2-year implementation phase (3- year implementation phase for small health plans). In addition, it was recommended that a health plan give its health care providers at least 6 months notice before requiring them to use a given standard.
We welcome comments specifically on early implementation as to the extent to which it would cause problems and how any problems might be alleviated.