Employee Benefits Compliance, HIPAA

Self-funded Health Plans Must Apply for Health Plan ID by Nov. 5, 2014

Self-insured health plans must obtain a Health Plan Identifier (HPID) by November 5, 2014.  Small plans (defined as those with annual receipts (claims paid) of $5 million or less) have a one-year delay, to November 5, 2015.  The HPID is a unique 10-digit identifier.  There is no charge to obtain a HPID, and it can be obtained through the CMS Enterprise Portal.  As of November 7, 2016, health plans and other parties to HIPAA electronic “standard transactions” must use their unique standard identifiers.  The requirement to obtain and use a standard identifier applies not only to health plans, but also to medical providers, health insurers, third party administrators and other entities involved in electronic exchanges of data under the Health Insurance Portability and Accountability Act (HIPAA). (Earlier dates applied for the others listed above.)

What is an HPID and Why is it Required?

HIPAA requires medical providers, health insurers, group health plans, TPAs, and other parties involved in HIPAA “standard transactions” to use standard identifiers (same length and format) to identify themselves, and also to use standard formats and code sets for the electronic data being exchanged in a “standard transaction.”  HIPAA standard transactions include: medical and dental claims and encounters, payment and remittance advice, claims status request and response, eligibility and benefit inquiry and response benefit enrollment and disenrollment, referrals and authorizations, and premium payment.

The purpose of requiring standard identifiers, formats and code sets is to increase the efficiency and accuracy of the transactions.  Currently health plans are identified in these transactions using various identifiers that differ in length and format.  The HPID is a 10-digit identifier that will be unique for each health plan but will be in the same format.

Although TPAs almost always conduct HIPAA standard transactions on behalf of the self-insured plans they administer (and use their own unique standard identifiers in such transactions), the plans themselves are also required to obtain HPIDs.  The HPID will be used to help HHS implement various administrative simplification initiatives.  For example, CMS website says that the Certification of Compliance process (in a proposed rule published January 2, 2014 in the Federal Register) may use the HPID to track CHPs that have met the certification requirements.  Additionally, group health plans must disclose their HPID when requested.

The two HPID requirements are known as :

  • Enumeration – Group health plans must obtain an HPID, even if they hire other entities (e.g., TPAs) to conduct standard transactions.
  • Use of the HPID in HIPAA transactions – when GHPs are named in  standard transactions, they must use their HPID.

Who Must Obtain an HPID?

Self-funded group health plans must obtain HPIDs.  Insured plans are not required to do so,  because they will be identified by the health insurer’s unique identifier.  All self-funded “controlling health plans” (CHPs) must obtain HPIDs.  CHPs are health plans that control their own business activities, actions or policies; or are controlled by entities that are not health plans  (e.g., self-funded plans controlled by their plan sponsors).

Additionally, if a CHP has a subhealth plan (SHP), and exercises sufficient control over the SHP to direct its business activities, activities or policies, the CHP can either obtain one HPID for itself and the subhealth plans, or it can require each of the subhealth plans to  obtain their own HPID.  For example, if an employer has one self-funded medical plan for active employees, a separate self-funded plan for early retirees, and a separate self-funded dental plan, each plan would have to obtain a separate HPID, unless one plan is designated as the CHP and it applies for one HPID on behalf of itself and the other self-funded plans.

Plan sponsors must go on the CMS portal themselves and obtain an HPID.  Third-party administrators (TPAs) cannot obtain an HPID for self-funded health plans.

Links to Helpful CMS Web Pages

The CMS Health Plan Identifier webpage has lots of helpful information, including step-by-step instructions to apply for an HPID, instructional videos and powerpoints from prior CMS presentations.  The webpage is:   http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/Affordable-Care-Act/Health-Plan-Identifier.html

Here is a link to an informative CMS presentation: (http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/Affordable-Care-Act/Downloads/HPOESTrainingSlidesMarchSlideDeck.pdf )

The URL for the CMS Enterprise portal is:  https://portal.cms.gov/wps/portal/unauthportal/home/!ut/p/b1/04_SjzS3NDGzsDA0MNSP0I_KSyzLTE8syczPS8wB8aPM4t0NIMDI39DMyMDTy8XcwyvI0djA3wyoIBKowAAHcDQgpN_PIz83VT83KscCACq25ns!/dl4/d5/L2dBISEvZ0FBIS9nQSEh/

Additional Background Information

The HPID was initially created in 1996 under HIPAA.  The final rule adopting a 10-digit HPID for health plans was published September 5, 2012.  The final rule was developed by the Office of E-Health Standards and Services (OESS).  OESS is part of the Centers for Medicare & Medicaid Services (CMS).  The Administrative Simplification provision of the Affordable Care Act (ACA) also included requirements for group health plans to obtain HPIDs.

The National Provider Identifier, implemented in 2004, required medical providers to obtain unique, standardized identifers.  The National Plans and Provider Enumeration  webpage is: https://nppes.cms.hhs.gov/NPPES/Welcome.do

PDF of this article: Self Funded Health Plans Must Apply for Health Plan ID