The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of Health and Human Services (HHS) to adopt standards for the following identifiers: 

  • Employer Identification Number (EIN)
  • Health Plan Identifier (HPID)
  • National Provider Identifier (NPI)
  • Unique Patient Identifier (UPI)

Employer Identification Number (EIN)

HHS issued the Health Insurance Reform: Standard Unique Employer Identifier Final Rule on May 31, 2002 which adopted the Employer Identification Number (EIN) as the standard employer identifier to be used in HIPAA standard transactions.

The EIN, also known as a federal tax identification number, is issued by the Internal Revenue Service and is used to identify a business entity for tax reporting purposes.

The compliance date for using the EIN in standard transactions was July 30, 2004.

View the Regulation

National Provider Identifier (NPI)

HHS issued the HIPAA Administrative Simplification: Standard Unique Health Identifier for Health Care Providers Final Rule on January 23, 2004 which established the National Provider Identifier (NPI) standard as the unique provider identifier to be used in the HIPAA standard transactions.

As established by the regulation, the NPI is intelligence-free, meaning it does not carry any information about the health care provider, such as specialty. NPI’s are issued (enumerated) via the National Plan and Provider Enumeration System (NPPES).

The regulation also:

  • Established the criteria for determining which health care providers must obtain an NPI.
  • Defined the format of the NPI
  • Defined the enumeration requirements for individual health care providers and organizations.

The compliance date for using the NPI in standard transactions was May 23, 2007.

View the Regulation

Health Plan Identifier (HPID)

HHS issued the Administrative Simplification: Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for the International Classification of Diseases, 10th Edition (ICD-10-CM and ICD-10-PCS) Medical Data Code Sets Final Rule on September 5, 2012. This Final Rule established the Health Plan Identifier (HPID) standard as the unique identifier for health plans. The regulation also adopted the Other Entity Identifier (OEID) which can be utilized by entities that do not meet the definition of a health plan under HIPAA, such as third party administrators.

As established by the regulation, the HPID and the OEID are 10-digit numbers that include a check digit. They are issued (enumerated) via the Health Plan and Other Entity Enumeration System (HPOES).

The regulation additionally established the concept of controlling health plans (CHP) and subhealth plans (SHP) and defined the enumeration criteria for CHP’s, SHP’s, and other entities eligible for the OEID.

The compliance date for using the HPID in standard transactions was November 7, 2016.

Enforcement Delay Announced

Effective October 31, 2014, the Centers for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS) announced a delay in enforcement until further notice. This enforcement delay applies to all HIPAA covered entities, including healthcare providers, health plans, and healthcare clearinghouses.

Testimonies by industry leaders to the National Committee on Vital and Health Statistics (NCVHS), an advisory body to HHS, expressed concerns about the impact of utilizing HPID in the HIPAA transactions. As originally designed, the HPID would be in place of payer IDs that are essential to transaction routing. In response, NCVHS recommended that HHS rectify in rulemaking that all covered entities and their business associates would not be required to use HPID in administrative transactions, and that the current payer ID will not be replaced with HPID.

The enforcement delay will allow HHS to review the HCVHS’s recommendation and consider next steps.

View the NCVHS Recommendation

Request for Information

On May 29, 2015, HHS issued the Request for Information Regarding the Requirements for the Health Plan Identifier to formally solicit input from the industry on the use of the HPID. The comment period ended July 28, 2015.

Change Healthcare participated and submitted comments in response to the RFI.

View the RFI

Impact to Customers of Change Healthcare:

  • Change Healthcare will continue to require our published Payer IDs in HIPAA transactions.
  • By clarifying that HPID does not replace the Payer ID, the impact of implementing HPID has been significantly reduced. Industry dialog continues with regard to removing HPID/OEID in healthcare transactions.

View the Regulation

Unique Patient Identifier (UPI)

While HIPAA requires HHS to establish a standard unique health identifier for patients, HHS has not issued any regulations adopting such a standard.