One of the lesser-known health plan requirements adopted by the Patient Protection and Affordable Care Act (ACA) has an initial deadline that is fast approaching, and most employers will need to take action to ensure that their group health plans remain in compliance. As discussed below, the ACA built upon an earlier directive in the Health Insurance Portability and Accountability Act (HIPAA) to require unique identifiers for health plans and health care providers, among others. The unique identifiers, along with data formatting standards previously adopted under HIPAA, are intended to facilitate transactions between participants in the health care delivery and payment system. In 2012, the U.S. Department of Health and Human Services (DHHS) finalized regulations relating to the health plan identifier (HPID) requirement, and that requirement will soon become effective.
What is the HPID and Who Will Use It?
The HPID requirements resulted from a HIPAA directive to the DHHS to adopt an identifier system for employers, health care providers, health plans, and individuals so that all electronic transmissions of certain types of health information would be uniform (on a national basis). Any HIPAA-covered entity (which includes health plans, many health care providers, and health care clearinghouses) that conducts a standard transaction with a health plan will be required to use the plan’s HPID number and must also require its third-party vendors (“business associates” in HIPAA-speak) to use the appropriate HPID number when conducting these types of transactions on its behalf.
When Must the HPID Be Obtained?
The final DHHS regulations require health plans (including both fully-insured and self-insured plans) to obtain an HPID by November 5, 2014. However, “small” health plans have one additional year—until November 5, 2015—to register for an HPID. For this purpose, a “small” health plan is a plan that has “annual receipts” of $5 million or less. To determine which deadline is applicable, insured plans should calculate the total premiums paid for the prior plan year, and self-funded plans should calculate aggregate claims paid for the prior plan year.
Who Must Obtain an HPID?
Each health plan is responsible for obtaining its own HPID, regardless of its funding mechanism (e.g., fully-insured or self-insured). As a practical matter, we anticipate that insurers will be obtaining HPIDs for fully insured plans while employers that sponsor self-insured plans will need to take steps to obtain HPIDs.
How Many HPIDs Must Be Obtained?
In broad terms, the number of HPIDs necessary will depend on the number of “health plans” an employer maintains. Since the Employee Retirement Income Security Act (ERISA) allows employers substantial leeway in structuring their health plans, an employer might need only a single HPID for a consolidated health plan or it might instead require several HPIDs if it maintains separate plans providing different welfare benefits. A good point of reference on this issue for many employers will be the number of annual reports (Form 5500s) filed for the health plan or plans that they maintain. DHHS is encouraging employers to perform this analysis on the front end of the process to avoid duplication or confusion later through the issuance of multiple HPIDs for the same plan.
Per the final regulations, a “controlling health plan” (i.e., a health plan that controls its own business activities, actions, or policies and, if it has sufficient control over a “subhealth plan,” exercises sufficient control to direct the subhealth plan’s business activities, actions, or policies) must obtain its own HPID. Also, the controlling health plan may also use its HPID for any “subhealth plans” (health plans whose business activities, actions, or policies are directed by a controlled health plan). Alternatively, the subhealth plans may obtain their own HPIDs.
What is the Electronic Transaction Certification Requirement?
As if the new HPID requirement was not enough, a new electronic transaction certification requirement will go into effect either on December 31, 2015 or on December 31, 2016 depending on the size of the health plan (i.e., annual receipts more than $5 million or $5 million or less). The certification requirement obliges health plans (or, presumably, their business associates) to certify their ability to conduct HIPAA standard transactions where required. Previously, health plans and other HIPAA covered entities were required to conduct standard transactions in the appropriate circumstances but a formal certification of their ability to conduct standard transactions was not required. To comply with this requirement, health plans will be required to file an attestation with DHHS along with supplemental information to demonstrate that they are complying with the HIPAA standard transaction rules. For many employers, the HIPAA standard transaction rules have effectively been a non-issue since they became effective in 2002 because third-party claims administrators or insurers have conducted these transactions in accordance with HIPAA rules. However, the advent of the new certification process will place greater emphasis on standard transactions for health plans and is likely to require employers to confirm that the health plan and/or its business associates are capable of conducting these transactions.
What Needs To Be Done In the Near Future?
- Identify the health plans (controlling health and subhealth plans) that must obtain an HPID and how any applicable insurers will be involved.
- Register to obtain an HPID on the Centers for Medicare & Medicaid Services (CMS) website. CMS, which is a federal agency within the DHHS that administers Medicare, has created a user manual that provides more information about the mechanics of applying for an HPID.
- Once an HPID is received, communicate the HPID to the relevant business associates.
HHS and CMS also issued a quick reference guide for obtaining an HPID. According to the quick guide, to obtain an HPID, users must go through the CMS Enterprise Portal, access the Health Insurance Oversight system (HIOS), and apply for an HPID from the Health Plan and Other Entity System (HPOES). Employers can look to the Health Plan and Other Entity Enumeration System User Manual for more information as well.