The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of Health and Human Services (HHS) to adopt standards for the following identifiers:
HHS issued the Health Insurance Reform: Standard Unique Employer Identifier Final Rule on May 31, 2002 which adopted the Employer Identification Number (EIN) as the standard employer identifier to be used in HIPAA standard transactions.
The EIN, also known as a federal tax identification number, is issued by the Internal Revenue Service and is used to identify a business entity for tax reporting purposes.
The compliance date for using the EIN in standard transactions was July 30, 2004.
HHS issued the HIPAA Administrative Simplification: Standard Unique Health Identifier for Health Care Providers Final Rule on January 23, 2004 which established the National Provider Identifier (NPI) standard as the unique provider identifier to be used in the HIPAA standard transactions.
As established by the regulation, the NPI is intelligence-free, meaning it does not carry any information about the health care provider, such as specialty. NPI’s are issued (enumerated) via the National Plan and Provider Enumeration System (NPPES).
The regulation also:
The compliance date for using the NPI in standard transactions was May 23, 2007.
HHS issued the Administrative Simplification: Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for the International Classification of Diseases, 10th Edition (ICD-10-CM and ICD-10-PCS) Medical Data Code Sets Final Rule on September 5, 2012. This Final Rule established the Health Plan Identifier (HPID) standard as the unique identifier for health plans. The regulation also adopted the Other Entity Identifier (OEID) which can be utilized by entities that do not meet the definition of a health plan under HIPAA, such as third party administrators.
As established by the regulation, the HPID and the OEID are 10-digit numbers that include a check digit. They are issued (enumerated) via the Health Plan and Other Entity Enumeration System (HPOES).
The regulation additionally established the concept of controlling health plans (CHP) and subhealth plans (SHP) and defined the enumeration criteria for CHP’s, SHP’s, and other entities eligible for the OEID.
The compliance date for using the HPID in standard transactions was November 7, 2016.
Effective October 31, 2014, the Centers for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS) announced a delay in enforcement until further notice. This enforcement delay applies to all HIPAA covered entities, including healthcare providers, health plans, and healthcare clearinghouses.
Testimonies by industry leaders to the National Committee on Vital and Health Statistics (NCVHS), an advisory body to HHS, expressed concerns about the impact of utilizing HPID in the HIPAA transactions. As originally designed, the HPID would be in place of payer IDs that are essential to transaction routing. In response, NCVHS recommended that HHS rectify in rulemaking that all covered entities and their business associates would not be required to use HPID in administrative transactions, and that the current payer ID will not be replaced with HPID.
The enforcement delay will allow HHS to review the HCVHS’s recommendation and consider next steps.
On May 29, 2015, HHS issued the Request for Information Regarding the Requirements for the Health Plan Identifier to formally solicit input from the industry on the use of the HPID. The comment period ended July 28, 2015.
Change Healthcare participated and submitted comments in response to the RFI.
While HIPAA requires HHS to establish a standard unique health identifier for patients, HHS has not issued any regulations adopting such a standard.