23
Oct

The Health Insurance Portability and Accountability Act (HIPAA) requires the Department of Health and Human Services (HHS) to adopt standards for certain transactions to promote the efficient and uniform transmission of health information. One of the standards is a unique identifier for health plans.

HHS released a final rule adopting the health plan identifier (HPID) standard on Sept. 5, 2012. In addition, HHS released a Quick Reference Guide to Obtaining a Controlling Health Plan HPID on Sept. 25, 2014, as well as a number of Frequently Asked Questions (FAQs) on the HPID requirement.

PURPOSE OF HPID

The HPID is a standard, unique health plan identifier that is primarily intended for use in standard transactions. In standard transactions, the HPID replaces proprietary health plan identifiers that vary in lengths and formats. The HPID is a 10-digit, all numeric code similar to a credit card number. In addition, information about health plans and their HPIDs will be available in a public database to facilitate the routing of transactions.

Also, the HPID will likely be used for future administrative simplification initiatives under HIPAA. For example, HHS may use the HPID to track whether controlling health plans (or CHPs) comply with the health plan certification for HIPAA compliance. The initial health plan certification deadline is Dec. 31, 2015.

AFFECTED HEALTH PLANS

The HPID requirement applies to group health plans subject to HIPAA’s administrative simplification provisions, including insured and self-insured plans. However, health plans with less than 50 participants that are administered by the employer that maintains the plan are NOT subject to the HPID requirement.

Flexible spending accounts (FSAs) and health savings accounts (HSAs) are individual accounts directed by the consumer to pay health care costs. As such, they do not require an HPID. Health reimbursement arrangements (HRAs) may require an HPID if they meet the definition of health plan. HRAs that cover deductibles only or out-of-pocket costs do not require HPIDs as these are more like additional plan benefits than stand-alone plans.

Wrap-plans and cafeteria plans can be composed of combinations of health plan arrangements (for example, self-insured, fully-insured, FSA, HSA, HRA). The rules governing these types of plans are the same as for the individual plan types.

CHPs and SHPs

For purposes of the HPID, there are two classifications of health plans—controlling health plans (CHPs) and subhealth plans (SHPs). A CHP is a health plan that: (1) controls its own business activities, actions or policies; or (2) is controlled by an entity that is not a health plan and, if it has SHPs, exercises sufficient control over the SHPs to direct their business activities, actions or policies. All CHPs must obtain an HPID.

Self-insured plans generally qualify as CHPs, and are required to obtain their own HPIDs.
For insured health plans, the health insurance issuer,
not the employer sponsoring the plan, is generally required to obtain the HPID.

A SHP is a health plan whose business activities, actions or policies are directed by a CHP. A SHP is eligible, but not required, to obtain an identifier. To determine whether a SHP should get an HPID, the CHP or the SHP should consider whether the SHP needs to be identified in the standard transactions. A CHP may get an HPID for its SHP or may direct a SHP to get an HPID.

 

ENTITY REQUIREMENT OPTIONS

ENTITY                                                    REQUIREMENT                                                             OPTIONS                                             
Controlling health plans (CHPs)      Must get an HPID for itself          May get HPID for its SHPs or direct its SHPs to get HPIDs

Subhealth plans (SHPs)             Not required to get an HPID     May get an HPID at the direction of its CHP or get an HPID on its own initiative

OTHER ENTITIES

The final rule adopted an optional data element that would serve as an identifier for entities that are not health plans or health care providers but that perform health plan functions and need to be identified in standard transactions. This identifier is called an “other entity identifier” (OEID).
An entity is eligible to get an OEID if the entity:

• Needs to be identified in standard transactions;
• Is not eligible to obtain an HPID;
• Is not eligible to obtain a National Provider Identifier (NPI); and
• Is not an individual.

Examples of entities that are eligible to get an OEID include health care clearinghouses, third party administrators (TPAs), and non-HIPAA covered entities, such as auto liability and workers compensation carriers. According to HHS, the OEID will create greater standardization in health care transactions by providing all parties that need to be identified in the transactions with a standard identifier that will be listed in a publicly available searchable database.

DEADLINES

The deadline for health plans (except small health plans) to obtain their HPIDs is Nov. 5, 2014. Small health plans (those with annual gross receipts of $5 million or less) have an additional year to comply, until Nov. 5, 2015. By Nov. 7, 2016, all covered entities must use the HPID in standard transactions involving health plans that have an identifier.

Other entities are not required to get or use OEIDs. The OEID is a voluntary identifier.

Entity Type                                    Date for Obtaining HPID         Full Implementation Date for Using HPID in Standard Transactions
Health plans, excluding                         Nov. 5, 2014                                          Nov. 7, 2016

   small health plans

Small health plans                                  Nov. 5, 2015                                          Nov. 7, 2016

Covered health care providers              N/A                                                       Nov. 7, 2016

Healthcare clearinghouses                    N/A                                                       Nov. 7, 2016

 

Small Health Plans

In 2002, HHS released an FAQ to clarify how annual gross receipts are calculated to determine whether a health plan qualifies as a small health plan. This guidance explains that for purposes of determining whether a health plan has annual receipts of $5 million or less:

• Fully insured group health plans should use the amount of total premiums that they paid for health insurance benefits during the plan’s last full fiscal year.
• Self-funded plans should use the total amount paid for health care claims by the employer, plan sponsor or benefit fund, as applicable to their circumstances, on behalf of the plan during the plan’s last full fiscal year.
• Plans that provide health benefits through a mix of fully-insured and self-funded arrangements should combine total premiums and health care claims paid to determine their annual receipts.

APPLICATION PROCESS

Applications for HPIDs and OEIDs are submitted through HHS’ Health Plan and Other Entity Enumeration System (HPOES). HPOES is housed within the Health Insurance Oversight System (HIOS). Users go to the CMS Enterprise Portal at https://portal.cms.gov/ to access HIOS. The application process involves the following steps:

Step 1: Register organization in HIOS:

To determine if the organization already exists in HIOS, search by the organization’s federal employer identification number (EIN). If the organization does not already exist in HIOS, users must register their organization. All registration requests are reviewed prior to approval. The following information is needed to register a new company: company legal name; EIN; incorporated state; and domiciliary address.

Step 2: Access User Role Management:

Users must determine their user role and identify the company they need access to. Users can only have one user role at a time. There are three different user roles:

• Guest: A user that is able to view general information (no company association needed)
• Submitter: A representative of a health plan or other entity that submits an application
• Authorizing Official: An individual who has the authority to legally bind the entity and holds ultimate responsibility, for example, the chief executive officer (CEO), chief compliance officer or chief financial officer (CFO). An Authorizing Official approves applications submitted by the company’s submitter users.

Step 3: Select Application Type:

There are two different types of HPID applications, CHP and SHP. If completing a SHP application, users will be required to select a CHP company. There is also an OEID application for other entities.

Step 4: Complete Application:

Users will need to complete their application and provide the necessary information. The company’s Authorizing Official needs to be identified if one has not already been designated. SHP applications will display the CHP’s Authorizing Official information. All Authorizing Official information provided in the application is reviewed prior to the user being assigned the Authorizing Official role. Users will be able to review their application information prior to submission.

Step 5: Number Assigned:

Once the application is approved, the system will generate an HPID or OEID. An email notification will be sent to the submitter user with the HPID or OEID.

In addition, on Sept. 25, 2014, CMS issued a reference guide to detail the steps for obtaining an HPID for a CHP.

REQUIRED USES

A covered entity is required to use an HPID when it identifies a health plan in a HIPAA standard transaction. Also, if a covered entity uses one or more business associates to conduct standard transactions on its behalf, the covered entity must require its business associates to use an HPID to identity a health plan in the standard transactions.

The final rule does not require that health plans be identified in standard transactions if they were not identified before the HPID requirement. For example, if a covered entity is currently identifying a TPA as the information source, the covered entity can continue to identify that TPA as the information source (using whatever identifier the TPA uses) after the adoption of the HPID.

The final rule outlines a number of additional uses for the HPID that are permitted, but not required, such as using the HPID:

• In internal files, to facilitate processing of health care transactions;
• On an enrollee’s health insurance card;
• As a cross-reference in health care fraud and abuse files and other program integrity files;
• In patient medical records to help specify patients’ health care benefit packages;
• In electronic health records to identify health plans;
• In federal and state health insurance exchanges to identify health plans; and
• For public health data reporting purposes.

MORE INFORMATION

More detailed information on the HPID and OEID application process, including an HPID User Manual, is available on CMS’ health plan identifier webpage.

Source: Department of Health and Human Services

 

This ACA Update is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice. Zywave and Howell Benefit Services, Inc. provided the content for this publication, unless otherwise noted. © 2014 Zywave, Inc. © 2014 Howell Benefit Services, Inc. All rights reserved.