Health Plan Identifier under HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) requires the Department of Health and Human Services (HHS) to adopt standards for certain transactions to promote the efficient and uniform transmission of health information. One of the standards is a unique identifier for health plans.

HHS released a final rule adopting the health plan identifier (HPID) standard on Sept. 5, 2012.

PURPOSE OF HPID

The primary purpose of the HPID is for use in standard transactions. In standard transactions, the HPID replaces proprietary health plan identifiers that vary in lengths and formats. The HPID is a 10-digit, all numeric code similar to a credit card number.

In addition, information about health plans and their HPIDs will be available in a public database to facilitate the routing of transactions.

AFFECTED HEALTH PLANS

For purposes of the HPID, there are two classifications of health plans—controlling health plans (CHPs) and subhealth plans (SHPs).

• A CHP is a health plan that: (1) controls its own business activities, actions or policies; or (2) is controlled by an entity that is not a health plan and, if it has SHPs, exercises sufficient control over the SHPs to direct their business activities, actions or policies.
• A SHP is a health plan whose business activities, actions or policies are directed by a CHP.

A CHP must obtain a health plan identifier. A SHP is eligible, but not required, to obtain an identifier. To determine whether a SHP should get an HPID, the CHP or the SHP should consider whether the SHP needs to be identified in the standard transactions. A CHP may get an HPID for its SHP or may direct a SHP to get an HPID.

OTHER ENTITIES

The final rule adopted an optional data element that would serve as an identifier for entities that are not health plans or health care providers but that perform health plan functions and need to be identified in standard transactions. This identifier is called an “other entity identifier” (OEID).

An entity is eligible to get an OEID if the entity:

• Needs to be identified in standard transactions;
• Is not eligible to obtain an HPID;
• Is not eligible to obtain a National Provider Identifier (NPI); and
• Is not an individual.

Examples of entities that are eligible to get an OEID include health care clearinghouses, third party administrators (TPAs), and non-HIPAA covered entities, such as auto liability and workers compensation carriers.

According to HHS, the OEID will create greater standardization in health care transactions by providing all parties that need to be identified in the transactions with a standard identifier that will be listed in a publicly available searchable database.

DEADLINES

The deadline for health plans, except small health plans, to obtain their HPIDs is Nov. 5, 2014. Small health plans (those with annual gross receipts of $5 million or less) have an additional year to comply, until Nov. 5, 2015.

By Nov. 7, 2016, all covered entities must use the HPID in standard transactions involving health plans that have an identifier.

Other entities are not required to get or use OEIDs. The OEID is a voluntary identifier.

 APPLICATION PROCESS

Health plans and other entities submit applications for HPIDs and OEIDs through HHS’ Health Plan and Other Entity Enumeration System (HPOES). HPOES is housed within the Health Insurance Oversight System (HIOS) of the Centers for Medicare & Medicaid Services (CMS).

Users go to the CMS Enterprise Portal at https://portal.cms.gov/ to access HIOS. The application process involves the following steps:

Step 1: To determine if the organization already exists in HIOS, search by the organization’s federal employer identification number (EIN). If the organization does not already exist in HIOS, users must register their organization. All registration requests are reviewed prior to approval. The following information is needed to register a new company: company legal name; EIN; incorporated state; and domiciliary address.

Step 2: Users must determine their user role and identify the company they need access to. Users can only have one user role at a time. There are three different user roles:

• Guest: A user that is able to view general information (no company association needed)
• Submitter: A representative of a health plan or other entity that submits an application
• Authorizing Official: An individual who has the authority to legally bind the entity and holds ultimate responsibility, for example, the chief executive officer (CEO), chief compliance officer or chief financial officer (CFO). An Authorizing Official approves applications submitted by the company’s submitter users.

There are two different types of HPID applications, CHP and SHP. If completing a SHP application, users will be required to select a CHP company. There is also an OEID application for other entities.

Users will need to complete their application and provide the necessary information. The company’s Authorizing Official needs to be identified if one has not already been designated. SHP applications will display the CHP’s Authorizing Official information. All Authorizing Official information provided in the application is reviewed prior to the user being assigned the Authorizing Official role. Users will be able to review their application information prior to submission.

Once the application has been submitted, the company’s Authorizing Official will be notified that an application is pending approval. The Authorizing Official will need to review each application and will have the option to approve or reject it.

Once the application is approved by the Authorizing Official, the system will generate an HPID or OEID. An email notification will be sent to the submitter user with the HPID or OEID.

MORE INFORMATION

More detailed information on the HPID and OEID application process, including an HPID User Manual, is available on CMS’ health plan identifier webpage.

Source: Department of Health and Human Services