Compliance Alert. New requirement for health plans: HIPAA Health Plan Identifier (HPID) August 29, 2014

Similar documents
The HIPAA Standard Transaction Requirements: How do Health Plans Comply?

Health Insurance Oversight System (HIOS) Health Plan and Other Entity Enumeration System User Manual

Health Plan Certification of Compliance with HIPAA Electronic Transaction Standards

ACA Administrative Simplification Provisions for Health Plans: Time to Apply for an HPID & Prepare for Certification of Compliance

INTERMEDIATE ADMINISTRATIVE SIMPLIFICATION CENTERS FOR MEDICARE & MEDICAID SERVICES. Online Guide to: ADMINISTRATIVE SIMPLIFICATION

Little-Noticed HIPAA Regulations Create New Burdens for Employers

New HIPAA Certification Requirement & Other New Health Plan To Do Tasks under HIPAA Standard Transaction Rules

New ACA Mandate: HIPAA Health Plan Certification Proposed Rules. Christy Tinnes Groom Law Group February 21, 2014

HIPAA: AN OVERVIEW September 2013

HIPAA Administrative Simplification and Privacy (AS&P) Frequently Asked Questions

Department of Health and Human Services. No. 172 September 5, Part II

Submitted via Federal erulemaking Portal

Employer s Guide To Health Care Reform

The HIPAA Privacy Rule: Overview and Impact

HIPAA PRIVACY AND EDI RULES

Legislative & Regulatory Information

Covered Entity Charts

April 3, Submitted Electronically Via Federal Rulemaking Portal:

Important Information for Group Health Plans about HIPAA

Understanding the HIPAA standard transactions: The HIPAA Transactions and Code Set rule

Year-end Checklist for 2015 Compliance

HIPAA. Privacy and Security Frequently Asked Questions for Employers. Gallagher Benefit Services, Inc.

HIPAA. HIPAA and Group Health Plans

Legislative Brief: 2015 COMPLIANCE CHECKLIST. Laurus Strategies

HIPAA PRIVACY AND SECURITY STANDARDS CITY COMPLIANCE

Alert. Client PROSKAUER ROSE LLP. HIPAA Compliance Update: Employers, As Group Health Plan Sponsors, Will Be Affected By HIPAA Privacy Requirements

SECURE EDI ENROLLMENT AGREEMENT INSTRUCTIONS. Select if this is a new application, change of submitter, update.

RONALD V. MCGUCKIN AND ASSOCIATES Post Office Box 2126 Bristol, Pennsylvania (215) (215) (Fax) childproviderlaw.

HIPAA Considerations for Small Non-Profits. Jill M. Girardeau July 20, 2011

An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP

HIPAA Frequently Asked Questions Free & Charitable Clinic HIPAA Toolbox May 2014

Transitional Reinsurance Program Fees

AGREEMENT BETWEEN WEB-BROKERS AND THE CENTERS FOR MEDICARE & MEDICAID SERVICES ( CMS )

Gary Cohen, Deputy Administrator and Director, Center for Consumer Information & Insurance Oversight

Specifically, section 6035 of the DRA amended section 1902(a) (25) of the Act:

MEDICAID MISSISSIPPI PRE ENROLLMENT INSTRUCTIONS 77032

HIPAA Compliance. Saeed Rajput

Electronic Billing, EFT and other EDI Initiatives for Workers Compensation

Entities Covered by the HIPAA Privacy Rule

HIPAA Privacy Rule Primer for the College or University Administrator

Presented by January 6, The National Provider Identifier (NPI): What Dentists Need to Know

HIPAA Compliance Manual

GEORGIA MEDICAL BILLING AND REIMBURSEMENT FOR WORKERS COMPENSATION

ICD-10 Compliance Date. Frequently Asked Questions. ICD-10 Implementation Frequently Asked Questions Updated September 2014

Reporting Requirements for Employers and Health Plans

FAQs on the Required National Provider Identifier (NPI)

Electronic Remittance Advice (835) Instructional Guide

Title 40. Labor and Employment. Part 1. Workers' Compensation Administration

HIPAA - - Basic Concepts and Implementation Roadmap

HIPAA Compliance and PrintFleet Software Applications

HIPAA Compliance for Employers. What is HIPAA? Common HIPAA Misperception. The Penalties. Chapter I HIPAA Overview. The Privacy Regulations Why?

Instructions for Completing the Initial System Assessment for Upcoming HIPAA Changes Due Date: (specify date)

Frequently Asked Questions on Rate Filing, Rate Reviews and Approval of Health Insurance Rates in Connecticut

Chapter 4: Electronic Data Interchange

HIPAA Enforcement Training for State Attorneys General

Christol Green, WellPoint, Inc. Business Consultant Sr. E-Solutions Strategy and Standards Governance

HIPAA Privacy Overview

HOOPS MSP Update: New Programs, Added Burdens, Possible Expanded Opportunities Focus on CMS Implementation of Mandatory Insurance Reporting

National Provider Identifier (NPI) Frequently Asked Questions

Electronic Data Interchange (EDI) Registration for Oregon Medicaid

Agreement to Send Electronic Florida Medicare

HIPAA Transactions and Code Set Standards As of January Frequently Asked Questions

HIPAA. Transactions and Code Sets Toolkit. Health Insurance Portability and Accountability Act

HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction. HIPAA Privacy Regulations-General

Emdeon Claims Provider Information Form *This form is to ensure accuracy in updating the appropriate account

Glossary of Terms and Acronyms

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS

Understanding the Medicare, Medicaid and SCHIP Extension Act of 2007

State of Nevada Department of Health and Human Services (DHHS) Division of Health Care Financing and Policy (DHCFP)

HIPAA Glossary of Terms

APPENDIX B DEFINITIONS

Please look for comments in yellow boxes below to see how your service with RemitDATA is protected under this latest CMS communication.

ICD-10 Compliance Date

The Impact of Reinsurance on Group Health Plans

220 Burnham Street South Windsor, CT Vox Fax

National Provider Identifier (NPI) & Healthcare Claim Settlement

Emdeon Claims Provider Information Form *This form is to ensure accuracy in updating the appropriate account

Transitional reinsurance program results in significant new costs for group health plans

Meaningful Use, ICD-10 and HIPAA 5010 Overview, talking points and FAQs

ELECTRONIC DATA INTERCHANGE (EDI) TRADING PARTNER INSTRUCTIONS

Department of Health and Human Services

SUBCHAPTER 10F ELECTRONIC BILLING RULES SECTION.0100 ADMINISTRATION

220 Burnham Street South Windsor, CT Vox Fax

For information on defined terms used in this document, refer to 45 C.F.R or

NATIONAL MEDICAL SUPPORT NOTICE PART A NOTICE TO WITHHOLD FOR HEALTH CARE COVERAGE

GUIDE TO HEALTH CARE REFORM S TAX PENALTIES

HIPAA Compliance Review

OREGON HEALTH AUTHORITY, OFFICE FOR OREGON HEALTH POLICY AND RESEARCH

Frequently Asked Questions: How Health Reform Law Protects Patients

Health Insurance Portability and Accountability Act HIPAA. Glossary of Common Terms

Frequently Asked Questions About the Privacy Rule Under HIPAA

EDI Solutions Your guide to getting started -- and ensuring smooth transactions empireblue.com/edi

FMH Benefit Services, Inc.

To: From: Date: Subject: Proposed Rule on Meaningful Use Requirements Stage 2 Measures, Payment Penalties, Hardship Exceptions and Appeals

Phase IV CAQH CORE 456 Payroll Deducted and Other Group Premium Payment for Insurance Products (820) Infrastructure Rule v4.0.0

Health Insurance Portability and Accountability Act (HIPAA) Office of HIPAA Implementation HIPAA ASSESSMENT

EDI-ERA Provider Agreement and Enrollment Form (Page 1 of 5)

ICD-10 Overview. The U.S. Department of Health and Human Services implementation deadline for compliance with ICD-10, Mandate is October 1, 2014.

PCORI & Reinsurance Fees Keeping Them Straight

Transcription:

Compliance Alert New requirement for health plans: HIPAA Health Plan Identifier (HPID) August 29, 2014 Quick Facts: Health plans need to obtain a unique health plan identifier number (HPID). For insured plans, the health insurer or HMO is responsible for all steps. For self-funded health plans, the employer sponsor will need to obtain the HPID. Requirements and deadlines for obtaining HPIDs are summarized in this article. Employers may wish to review this matter with their third party administrators before any taking action. The Health Insurance Portability and Accountability Act (HIPAA) requires the Department of Health and Human Services (HHS) to adopt standards for certain transactions to promote the efficient and uniform transmission of health information under a final rule. One of the standards is a unique identifier for health plans. Purpose of HPID The primary purpose of the HPID is to provide a consistent and uniform format for health plans to identify themselves in standard transactions. The HPID replaces proprietary health plan identifiers that vary in lengths and formats. The HPID is a 10-digit, numeric code similar to a credit card number. In addition, information about health plans and their HPIDs will be available in a public database to facilitate the routing of transactions. Also, the HPID will likely be used for future administrative simplification initiatives under HIPAA. For example, HHS may use the HPID to track whether controlling health plans (or CHPs) comply with the health plan certification for HIPAA compliance. (The initial health plan certification deadline is December 31, 2015; guidance has not been issued on this requirement.). The focus of this article is the HPID requirement. For insured plans, the health insurer or HMO is responsible for all steps. Plan sponsors are not required to take any action for their insured plans. For self-funded health plans, the employer will need to obtain the HPID on behalf of the plan. 1

HIPAA standard transactions Standard transactions are electronic transactions between covered entities and must be transmitted in standard formats. Standard transactions for insured plans are performed by insurers. Most if not all standard transactions for self-funded health plans are performed by TPAs. The following are HIPAA standard transactions: Health claims and equivalent encounter information. Enrollment and disenrollment in a health plan. Eligibility for a health plan. Health care payment and remittance advice. Health plan premium payments. Health claim status. Referral certification and authorization. Coordination of benefits. Affected health plans The HPID requirement applies to group health plans subject to HIPAA s administrative simplification provisions, including insured and self-insured plans. For example, major medical plans, dental plans, vision plans, health reimbursement arrangements (HRAs) and health flexible spending accounts are generally subject to the HPID requirement. However, self-funded health plans with less than 50 participants that are self-administered by the employer that maintains the plan are NOT subject to the HPID requirement. CHPs and SHPs For purposes of the HPID, there are two classifications of health plans controlling health plans (CHPs) and subhealth plans (SHPs). All CHPs must obtain an HPID. A CHP is a health plan that: (1) controls its own business activities, actions or policies; or (2) is controlled by an entity that is not a health plan and, if it has SHPs, exercises sufficient control over the SHPs to direct their business activities, actions or policies. A SHP is a health plan whose business activities, actions or policies are directed by a CHP. An example is a subsidiary insurance company of a controlling health insurance company. A SHP is eligible, but not required, to obtain an identifier. To determine whether a SHP should get an HPID, the CHP or the SHP should consider whether the SHP needs to be identified in the standard transactions. A CHP may get an HPID for its SHP or may direct a SHP to get an HPID. Caution. Based on federal guidance currently available, self-insured plans generally qualify as CHPs and will be required to obtain their own HPIDs. However, there are several unanswered questions and HHS may provide additional guidance, or exemptions for certain plan types, before the November 5 deadline. For this reason, employers and TPAs may decide to wait to see if additional guidance is released in the next month or two. Note that CMS estimates the application process to take approximately 10-15 minutes. 2

Entity Requirement Options Controlling health plans (CHPs) Must get an HPID for itself May get HPID for its SHPs May direct its SHPs to get HPIDs Subhealth plans (SHPs) Not required to get an HPID May get an HPID at the direction of its CHP May get an HPID on its own initiative Other Entities The final rule adopted an optional data element that would serve as an identifier for entities that are not health plans or health care providers but that perform health plan functions and need to be identified in standard transactions. This identifier is called an other entity identifier (OEID). An entity is eligible to get an OEID if the entity: needs to be identified in standard transactions; is not eligible to obtain an HPID; is not eligible to obtain a National Provider Identifier (NPI); and is not an individual. Examples of entities that are eligible (but not required) to get an OEID include health care clearinghouses, third party administrators (TPAs), and non-hipaa covered entities, such as auto liability and workers compensation carriers. According to HHS, the OEID will create greater standardization in health care transactions by providing all parties that need to be identified in the transactions with a standard identifier that will be listed in a publicly available searchable database. Deadlines The deadline for large health plans to obtain the HPID is November 5, 2014. Small health plans (those with annual gross receipts of $5 million or less) have an additional year to obtain the HPID, until November 5, 2015. ( Receipts generally means the total amount paid for claims during the prior full plan year.) By November 7, 2016, all covered entities must use the HPID in standard transactions involving health plans that have an identifier. 3

Entity Type Compliance Date for Obtaining HPID Full Implementation Date for Using HPID in Standard Transactions Large health plans (more than $5 November 5, 2014 November 7, 2016 million in receipts ) Small health plans ($5 million or November 5, 2015 November 7, 2016 less in receipts ) Covered health care providers N/A November 7, 2016 Healthcare clearinghouses N/A November 7, 2016 Application Process Health plans and other entities submit applications for HPIDs and OEIDs through HHS Health Plan and Other Entity Enumeration System (HPOES). HPOES is housed within the Health Insurance Oversight System (HIOS) of the Centers for Medicare & Medicaid Services (CMS). Users go to the CMS Enterprise Portal at https://portal.cms.gov/ to access HIOS. The application process involves the following steps: Step 1: Register organization in HIOS Step 2: Access User Role Management Step 1: To determine if the organization already exists in HIOS, search by the organization s federal employer identification number (EIN). If the organization does not already exist in HIOS, users must register their organization. All registration requests are reviewed prior to approval. The following information is needed to register a new company: company legal name; EIN; incorporated state; and domiciliary address. Step 2: Users must determine their user role and identify the company they need access to. Users can only have one user role at a time. There are three different user roles: o Guest: A user that is able to view general information (no company association needed) o Submitter: A representative of a health plan or other entity that submits an application o Authorizing Official: An individual who has the authority to legally bind the entity and holds ultimate responsibility, for example, the chief executive officer (CEO), chief compliance officer or chief financial officer (CFO). An Authorizing Official approves applications submitted by the company s submitter users. 4

Step 3: Select Application Type Step 4: Complete Application Step 5: Application Review Step 6:Number Assigned Step 3: There are two different types of HPID applications, CHP and SHP. If completing a SHP application, users will be required to select a CHP company. There is also an OEID application for other entities. Step 4: Users will need to complete their application and provide the necessary information. The company s Authorizing Official needs to be identified if one has not already been designated. SHP applications will display the CHP s Authorizing Official information. All Authorizing Official information provided in the application is reviewed prior to the user being assigned the Authorizing Official role. Users will be able to review their application information prior to submission. Step 5: Once the application has been submitted, the company s Authorizing Official will be notified that an application is pending approval. The Authorizing Official will need to review each application and will have the option to approve or reject it. Step 6: Once the application is approved by the Authorizing Official, the system will generate an HPID or OEID. An email notification will be sent to the submitter user with the HPID or OEID. Required Uses A covered entity (such as a self-funded health plan or insurer) is required to use an HPID when it identifies a health plan in a HIPAA standard transaction. Also, if a covered entity uses one or more business associates to conduct standard transactions on its behalf, the covered entity must require its business associates to use an HPID to identity a health plan in the standard transactions by the implementation date of November 7, 2016. The final rule does not require that health plans be identified in standard transactions if they were not identified before the HPID requirement. For example, if a covered entity is currently identifying a TPA as the information source, the covered entity can continue to identify that TPA as the information source (using whatever identifier the TPA uses) after the adoption of the HPID. Penalty for non-compliance There is no specific penalty for not obtaining a HPID. However, there are statutory penalties for not complying with the upcoming HIPAA certification requirements, and an HPID is required for that certification. In such case, HHS will assess a penalty based on each covered life of the CHP (including its SHPs) beginning at $1 per covered life per day, up to certain maximums, until the certification is complete. 5

More Information More detailed information on the HPID and OEID application process, including an HPID User Manual, is available on CMS health plan identifier webpage. Recommended next steps Be alert for additional guidance from HHS which may be issued before the November 5 large plan deadline. Self-funded employers may want to wait until October before applying for an HPID in case helpful guidance is forthcoming. Before applying for the HPID: - If you sponsor a self-funded health plan(s), determine whether you have a large plan (more than $5 million in receipts ) or small health plan ($5 million or less in receipts ). - Decide whether to obtain a single HPID or separate HPIDs for different health plans. - Contact third party administrators to review plan requirements before taking any action to apply for an HPID. Follow the application process described in this article and any other future guidance prior to the due date for your self-funded health plan(s). Kristina Beale, Senior Compliance Consultant, EPIC Employee Benefits. For further information on this or any other topics, please contact your EPIC benefits consulting team. This Compliance Alert is offered for general informational purposes only. It does not provide, and is not intended to provide, tax or legal advice. 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information