TCI

(Transactions, Code Sets and Identifiers)

Transactions

Why have national standards for electronic health care transactions been adopted and why are they required?

Congress and the health care industry have agreed that standards for the electronic exchange of administrative and financial health care transactions are needed to improve the efficiency and effectiveness of the health care system. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of Health and Human Services to adopt such standards.

National standards for electronic health care transactions will encourage electronic commerce in the health care industry and ultimately simplify the processes involved. This will result in savings from the reduction in administrative burdens on health care providers and health plans. Today, health care providers and health plans that conduct business electronically must use many different formats for electronic transactions. For example, about 400 different formats exist today for health care claims. With a national standard for electronic claims and other transactions, health care providers will be able to submit the same transaction to any health plan in the United States and the health plan must accept it. Health plans will be able to send standard electronic transactions such as remittance advices and referral authorizations to health care providers. These national standards will make electronic data interchange a viable and preferable alternative to paper processing for providers and health plans alike.

What health care transactions are required to use the standards under this regulation?

As required by HIPAA, the Secretary of Health and Human Services is adopting standards for the following administrative and financial health care transactions:

Health claims and equivalent encounter information.
Enrollment and disenrollment in a health plan.
Eligibility for a health plan.
Health care payment and remittance advice.
Health plan premium payments.
Health claim status.
Referral certification and authorization.
Coordination of benefits.

Standards for the first report of injury and claims attachments (also required by HIPAA) will be adopted at a later date.

Who is required to use the standards?

All private sector health plans (including managed care organizations and ERISA plans, but exlcuding certain small self administered health plans) and government health plans (including Medicare, State Medicaid programs, the Military Health System for active duty and civilian personnel, the Veterans Health Administration, and Indian Health Service programs), all health care clearinghouses, and all health care providers that choose to submit or receive these transactions electronically are required to use these standards. These "covered entities" must use the standards when conducting any of the defined transactions covered under the HIPAA.

A health care clearinghouse may accept nonstandard transactions for the sole purpose of translating them into standard transactions for sending customers and may accept standard transactions and translate them into nonstandard transactions for receiving customers.

If a health plan does not perform a transaction electronically, must it implement the standard?

If the plan performs that business function (whether electronically, on paper, via phone, etc.), it must be able to support the electronic standard for that transaction. It may do this directly or through a clearinghouse.

When will the standards become effective?

All health plans, all health care clearinghouses, and any health care provider that chooses to transmit any of the transactions in electronic form must comply within 24 months after the effective date of the final rule (small health plans have 36 months). The effective date of the rule is 2 months after publication. Therefore, compliance with the final rule is required by October 2002 (October 2003 for small health plans). Entities can begin using these standards earlier than the compliance date.

Where did these standards come from? Did the Federal Government create them?

HIPAA required the Secretary to adopt standards, when possible, that have been developed by private sector standards development organizations (SDOs) accredited by the American National Standards Institute (ANSI). These are not government agencies. All of the transactions adopted by this rule are from such organizations. All are from the Accredited Standards Committee (ASC) X12N except the standards for retail pharmacy transactions, which are from the National Council for Prescription Drug Programs (NCPDP).

What standards were chosen?

ANSI ASC X12N standards, Version 4010, were chosen for all of the transactions except retail pharmacy transactions. The choice for the retail pharmacy transactions was the standard maintained by the NCPDP because it is already in widespread use. The NCPDP Telecommunications Standard Format Version 5.1 and equivalent NCPDP Batch Standard Version 1.0 have been adopted in this rule (health plans will be required to support one of these two NCPDP formats).

Do these standards apply to transactions sent over the Internet?

Internet transactions are being treated the same as other electronic transactions. However, we recognize that there are certain transmission modes in which the format portion of the standard is inappropriate. In these cases, the transaction must conform to the data content portion of the standard. In particular, a "direct data entry" process, where the data are directly keyed by a health care provider into a health plan’s computer using dumb terminals or computer browser screens, would not have to use the format portion of the standard, but the data content must conform. If the data are directly entered into a system that is outside the health plan’s system, to be transmitted later to the health plan, the transaction must be sent using the format and content of the standard.

Do I have to use standard transactions when conducting business inside my corporate boundaries?

The decision on when a standard must be used does not depend on whether the transaction is being sent inside or outside corporate boundaries. Instead, a simple two part test, in question form, can be used to determine whether the standards are required.

Question 1: Is the transaction initiated by a covered entity or its business associate? If no, the standard need not be used.

Question 2: Is the transaction one for which the Secretary had adopted a standard? If yes, the standard must be used. If no, the standard need not be used.

For purposes of question 1, a business associate acting on behalf of a covered entity can only perform those particular functions that the covered entity itself could perform in the transaction. The regulation requires health plans to accept standard transactions from any person.

For purposed of question 2, the definitions of the transactions themselves, as stipulated in Subpart K through Subpart R of the regulation, must be used to determine if the function is a transaction for which the Secretary has adopted a standard.

What is the effect on State law?

Section 1178 of the Social Security Act provides that standards for the transactions will supercede any State law that is contrary to them, but allows for an exception process. This process is currently under development and will be issued in the final rule for Privacy Standards.

Are any exceptions allowed?

In addition to the exceptions for conflicting State laws, an exception may be allowed for the testing of proposed modifications to the standards. An entity wishing to test a different standard may apply for an exception to test the new standard. Instructions for applications are published in the final rule. In this way, we hope to encourage the development of new technologies.

What does the law require of state Medicaid programs?

Section 1171(5)(E) of the Social Security Act, as enacted by HIPAA, identifies the State Medicaid programs as health plans, which therefore must be capable of receiving, processing, and sending standard transactions electronically. There is no requirement that internal information systems maintain data in accordance with the standards. However, Medicaid programs will need the capacity to process standard claim, encounter, enrollment, eligibility, remittance advice, and other transactions. In addition, as health plans, the State Medicaid programs will be required to comply with other HIPAA standards two years after adoption of the standards.

The standards should benefit Medicaid programs in multiple areas. Here are a few examples:

A national standard for encounter transactions will provide a much-needed method for collecting encounter data on Medicaid beneficiaries enrolled in managed care. Because of the standards, it will be possible to combine encounter data from managed care with similar claims data from fee-for-service, thus enhancing the ability to monitor utilization, costs, and quality of care in managed care and to compare managed care with fee-for-service.
The standard transactions will include methods for electronic exchange of enrollment information between the Medicaid program and private managed care plans enrolling Medicaid beneficiaries. This will reduce administrative costs of exchanging such information and enhance the reliability of such information.
The conversion to national standards provides an opportunity for Medicaid programs to shift to commercial software or clearinghouses and to stop the expensive maintenance of old, customized transaction systems.

How will the standards be enforced?

The law gives the Secretary the authority to impose monetary penalties for failure to comply with a standard. The Secretary is required by statute to impose penalties of not more than $100 per violation on any person or entity who fails to comply with a standard except that the total amount imposed on any one person in each calendar year may not exceed $25,000 for violations of one requirement. Enforcement procedures will be published in a future regulation.

How were the standards chosen?

First, the Department developed a set of guiding principles to serve as the basis for evaluating alternative standards for each transaction. These guiding principles, designed to be consistent with the intent of HIPAA, are published in the regulation. Second, an inventory of standards was developed by the ANSI Health Informatics Standards Board, a private sector organization. Third, teams composed of representatives from several government agencies evaluated the available standards against the guiding principles to determine which standards best met the principles. Extensive outreach and consultation, including public meetings, with all facets of the health care industry continued throughout this process.

As required by HIPAA, the Secretary also consulted with the National Uniform Claim Committee (NUCC), the National Uniform Billing Committee (NUBC), the American Dental Association (ADA), and the Workgroup for Electronic Data Interchange (WEDI). The Secretary also considered advice from the National Committee on Vital and Health Statistics (NCVHS) and representatives of the health care industry who testified before the NCVHS Subcommittee on Health Data Needs, Standards, and Security.

Data dictionaries are available for an additional fee.

Where can I obtain implementation guides for the standards?

The implementation guides for the ASC X12N standards may be obtained from the Washington Publishing Company, 806 W. Diamond Ave., Suite 400, Gaithersburg, MD, 20878; telephone: 301-949-9740; FAX: 301-949-9742. These guides are also available at no cost through the Washington Publishing Company on the Internet at http://www.wpc-edi.com/hipaa/.

The implementation guide for retail pharmacy standards is available from the National Council for Prescription Drug Programs, 4201 North 24th Street, Suite 365, Phoenix, AZ, 85016; telephone: 602-957-9105; FAX: 602-955-0749. It is also available from the NCPDP’s website at http://www.ncpdp.org.

How can the standards be changed?

The Secretary has designated six organizations that have agreed to serve as Designated Standards Maintenance Organizations (DSMOs). The DSMOs are:

Accredited Standards Committee X12
The Dental Content Committee
Health Level Seven
National Council for Prescription Drug Programs
National Uniform Billing Committee
National Uniform Claim Committee

These organizations will work together to accept and evaluate requests for changes to the standards and suggest changes to the standards for the Secretary’s consideration. Further information about the change request process can be found on the Internet at: http://www.hipaa-dsmo.org .

The Secretary may modify a standard or its implementation guide specification one year after the standard or implementation specification has been adopted, but not more frequently than once every 12 months. If the Secretary modifies a standard or implementation specification, the implementation date of the modified standard or implementation specification may be no earlier than 180 days following the adoption of the modification. The Department of Health and Human Services (HHS) will determine the actual date, taking into account the time needed to comply given the nature and extent of the modification. HHS may extend the time for compliance for small health plans. Standards modifications will be published as regulations in the Federal Register.

Does the law require physicians to buy computers?

No, there is no such requirement. However, more physicians may want to use computers for submitting and receiving transactions (such as health care claims and remittances/payments) electronically, once the standard way of doing things goes into effect.

The Administrative Simplification provisions of the HIPAA law were passed with the support of the health care industry. The industry believed standards would lower the cost and administrative burdens of health care, but they needed Government's help to get to one uniform way of doing things. In the past, individual providers (physicians and others) have had to submit transactions in whatever form each health plan required. Health plans could not agree on a standard without giving their competitors a market advantage, at least in the short-run. The law, which requires standards to be followed for electronic transmission of health care transactions, levels the playing field. It does not require providers to submit transactions electronically. It does require that all transactions submitted electronically comply with the standards.

Providers, even those without computers, may want to adopt these standard electronic transactions, so they can benefit directly from the reductions in cost and burden. This is possible because the law allows providers (and health plans too, for that matter) to contract with clearinghouses to conduct the standard electronic transactions for them.

How will the standards affect data stored in my system?

The transaction standards will apply only to electronic data interchange (EDI) -- when data are transmitted electronically between health care providers and health plans as part of a standard transaction. Data may be stored in any format as long as it can be translated into the standard transaction when required. Security standards, on the other hand, will apply to all health care information.

To comply with the transaction standards, health care providers and health plans may exchange the standard transactions directly, or they may contract with a clearinghouse to perform this function. Clearinghouses may receive non-standard transactions from a provider, but they must convert these into standard transactions for submission to the health plan. Similarly, if a health plan contracts with a clearinghouse, the health plan may submit non-standard transactions to the clearinghouse, but the clearinghouse must convert these into standard transactions for submission to the provider.

Can health plans require changes or additions to the standard claim?

Currently, some insurers accept the de facto standard claim (e.g., UB-92) but also require additional records (e.g., a proprietary cover sheet) for each claim submitted. Others have special requirements for data entered into the claim which make it non-standard.

Under the law, health plans are required to accept the standard claim submitted electronically. They may not require providers to make changes or additions to the standard claim. They must go through the private sector standards setting process to get their requirements added to the standard in order to effect desired changes. Health plans may not refuse the standard transaction or delay payment of a proper standard transaction.

An additional standard will be adopted for electronic health claims attachments, which health plans will be required also to accept. Until that standard is adopted (by February, 2001), health plans may continue to require health claim attachments to be submitted on paper. No other additions to standard claims will be acceptable.

Should health plans publish companion documents that augment the information in the standard implementation guides for electronic transactions?

Additional information may be provided within certain limits.

Electronic transactions must go through two levels of scrutiny:

Compliance with the HIPAA standard. The requirements for compliance must be completely described in the HIPAA implementation guides and may not be modified by the health plans or by the health care providers using the particular transaction.
Specific processing or adjudication by the particular system reading or writing the standard transaction. Specific processing systems will vary from health plan to health plan, and additional information regarding the processing or adjudication policies of a particular health plan may be helpful to providers.

Such additional information may not be used to modify the standard and may not include:

Instructions to modify the definition, condition, or use of a data element or segment in the HIPAA standard implementation guide.
Requests for data elements or segments that are not stipulated in the HIPAA standard implementation guide.
Requests for codes or data values that are not valid based on the HIPAA standard implementation guide. Such codes or values could be invalid because they are marked not used in the implementation guide or because they are simply not mentioned in the guide.
Change the meaning or intent of a HIPAA standard implementation guide.

Could companion documents from health plans define cases where the health plan wants particular pieces of data used or not used?

The health plan must read and write HIPAA standard transactions exactly as they are described in the standard implementation guides. The only exception would be if the guide explicitly gives discretion regarding a data element to a health plan. For claims and most other transactions, the receiver must accept and process any transaction that meets the national standard. This is necessary because multiple health plans may be scheduled to receive a given transaction (e.g., a single claim may be processed by multiple health plans).

For example: Medicare currently instructs providers to bill for certain services only under certain circumstances. Once HIPAA standard transactions are implemented, Medicare will have to forego that policy and process all claims that meet HIPAA specifications. This does not mean that Medicare, or any other health plan, has to change payment policy. Today, Medicare would refuse to accept and process a bill for a face lift for cosmetic purposes only. Once the HIPAA standards are implemented, Medicare will be required to accept and process the bill, but still will not pay for a face lift that is purely for cosmetic purposes.

May health plans stipulate the codes or data values they are willing to accept and process in order to simplify implementation?

The simplest implementation is the one that is identical to all others. If the standard adopted stipulates that HCPCS codes will be used to describe procedures, then the health plan must abide by the instructions for the use of HCPCS codes. A health plan could refuse a code that was not applied in accordance with the HIPAA national standard coding instructions, but could not refuse a code properly applied for reasons of policy unrelated to the standard.

For example, if the standard stipulates that the most specific code available must be used, then a health plan would be right to refuse a code that does not meet that criterion. The health plan would need to work with the committee(s) governing the particular coding scheme to have codes adopted that meet its needs.

May health plans stipulate the number of loop iterations or the file sizes they are willing to accept?

Any loop iterations, file sizes, etc. stipulated in the standards must be honored by all players. If any health care electronic data interchange participant cannot live with the numbers stipulated in the HIPAA implementation guides, then the participant needs to work with the implementation guide author(s) to get numbers that all players can live with

For example, there are up to 99 service lines in a professional claim. The provider need not write 99 service lines, but the health plan must have the capability to accept that number when presented. If that is not the right number for all players, it should be changed. But the number identified in the implementation guide must be adhered to.

Code Sets

What is a code set?

Under HIPAA, a "code set" is any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnosis codes, or medical procedure codes. Medical data code sets used in the health care industry include coding systems for diseases, impairments, other health related problems, and their manifestations; causes of injury, disease, impairment, or other health-related problems; actions taken to prevent, diagnose, treat, or manage diseases, injuries, and impairments; and any substances, equipment, supplies, or other items used to perform these actions. Code sets for medical data are required for data elements in the administrative and financial health care transaction standards adopted under HIPAA for diagnoses, procedures, and drugs.

What code sets have been adopted as HIPAA standards?

The Secretary has adopted the following code sets as the standard medical data code sets:

International Classification of Diseases, 9th Edition, Clinical Modification, (ICD-9-CM), Volumes 1 and 2 (including The Official ICD-9-CM Guidelines for Coding and Reporting), as updated and distributed by HHS, for the following conditions:

Diseases.
Injuries.
Impairments.
Other health related problems and their manifestations.
Causes of injury, disease, impairment, or other health-related problems.

International Classification of Diseases, 9th Edition, Clinical Modification, (ICD-9-CM), Volume 3 Procedures (including The Official ICD-9-CM Guidelines for Coding and Reporting), as updated and distributed by HHS, for the following procedures or other actions taken for diseases, injuries, and impairments on hospital inpatients reported by hospitals:

Prevention.
Diagnosis.
Treatment.
Management.

National Drug Codes (NDC), as updated and distributed by HHS, in collaboration with drug manufacturers, for the following: [Note that Secretary Thompson has indicated in a letter to the NCVHS that HHS will publish an NPRM in the near future proposing to retract the adoption of NDC for all transactions save those for retail pharmacies.]

Drugs.
Biologics.

Code on Dental Procedures and Nomenclature, as updated and distributed by the American Dental Association, for dental services.

The combination of Health Care Financing Administration Common Procedure Coding System (HCPCS), as updated and distributed by HHS; and Current Procedural Terminology, Fourth Edition (CPT-4), as updated and distributed by the American Medical Association, for physician services and other health related services. These services include, but are not limited to, the following:

Physician services.
Physical and occupational therapy services.
Radiological procedures.
Clinical laboratory tests.
Other medical diagnostic procedures.
Hearing and vision services.
Transportation services including ambulance.

The Health Care Financing Administration Common Procedure Coding System (HCPCS), as updated and distributed by HCFA, HHS, for all other substances, equipment, supplies, or other items used in health care services. These items include, but are not limited to, the following:

Medical supplies.
Orthotic and prosthetic devices.
Durable medical equipment.

Can HCPCS Level 3 codes established on a local basis still be used?

No. All local codes will be eliminated. Users that need codes must apply to the appropriate organizations (e.g. HCFA for HCPCS codes, the AMA for CPT-4 codes) for national codes.

Where can I get more information about the code sets?

ICD-9-CM: Official version is available on CD-ROM from the Government Printing Office (GPO) at 202-512-1800 or FAX: 202-512-2250. The CD-ROM contains the ICD-9-CM classification and coding guidelines. Versions of ICD-9-CM are also available from several private sector vendors.

CPT-4: Official version is available from the American Medical Association. Versions are also available from several private sector vendors.

HCPCS: Information about HCPCS is available from the HCFA web site at http://www.hcfa.gov/medicare/hcpcs.htm.

Code on Dental Procedures and Nomenclature: Official version is available from the American Dental Association at 800-947-4746.

NDC: Official versions of the files are available on the Internet at http://www.fda.gov/cder/ndc/index.htm. NDC codes are also published in the Physicians’ Desk Reference under the individual drug product listings and "How supplied." The supplements are available quarterly on diskette from the National Technical Information Service at 703-487-6430.

Identifiers

[Federal Register: May 7, 1998 (Volume 63, Number 88)]
[Proposed Rules]
[Page 25320-25357]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr07my98-26]

-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary

45 CFR Part 142

[HCFA-0045-P]
RIN 0938-AH99

National Standard Health Care Provider Identifier

AGENCY: Health Care Financing Administration (HCFA), HHS.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: This rule proposes a standard for a national health care
provider identifier and requirements concerning its use by health
plans, health care clearinghouses, and health care providers. The
health plans, health care clearinghouses, and health care providers
would use the identifier, among other uses, in connection with certain
electronic transactions.
The use of this identifier would improve the Medicare and Medicaid
programs, and other Federal health programs and private health
programs, and the effectiveness and efficiency of the health care
industry in general, by simplifying the administration of the system
and enabling the efficient electronic transmission of certain health
information. It would implement some of the requirements of the
Administrative Simplification subtitle of the Health Insurance
Portability and Accountability Act of 1996.

DATES: Comments will be considered if we receive them at the
appropriate address, as provided below, no later than 5 p.m. on July 6,
1998.

ADDRESSES: Mail written comments (1 original and 3 copies) to the
following address: Health Care Financing Administration, Department of
Health and Human Services, Attention: HCFA-0045-P, P.O. Box 26585,
Baltimore, MD 21207-0519.
If you prefer, you may deliver your written comments (1 original
and 3 copies) to one of the following addresses:

Room 309-G, Hubert H. Humphrey Building, 200 Independence Avenue, SW.,
Washington, DC 20201, or
Room C5-09-26, 7500 Security Boulevard, Baltimore, MD 21244-1850.

[[Page 25321]]

Comments may also be submitted electronically to the following e-
mail address: NPI@osaspe.dhhs.gov. E-mail comments should include the
full name, postal address, and affiliation (if applicable) of the
sender and must be submitted to the referenced address to be
considered. All comments should be incorporated in the e-mail message
because we may not be able to access attachments.
Because of staffing and resource limitations, we cannot accept
comments by facsimile (FAX) transmission. In commenting, please refer
to file code HCFA-0045-P and the specific section or sections of the
proposed rule. Both electronic and written comments received by the
time and date indicated above will be available for public inspection
as they are received, generally beginning approximately 3 weeks after
publication of a document, in Room 309-G of the Department's offices at
200 Independence Avenue, SW., Washington, DC, on Monday through Friday
of each week from 8:30 a.m. to 5 p.m. (phone: (202) 690-7890).
Electronic and legible written comments will also be posted, along with
this proposed rule, at the following web site: http://aspe.os.dhhs.gov/
admnsimp/.
Copies: To order copies of the Federal Register containing this
document, send your request to: New Orders, Superintendent of
Documents, P.O. Box 371954, Pittsburgh, PA 15250-7954. Specify the date
of the issue requested and enclose a check or money order payable to
the Superintendent of Documents, or enclose your Visa or Master Card
number and expiration date. Credit card orders can also be placed by
calling the order desk at (202) 512-1800 or by faxing to (202) 512-
2250. The cost for each copy is $8. As an alternative, you can view and
photocopy the Federal Register document at most libraries designated as
Federal Depository Libraries and at many other public and academic
libraries throughout the country that receive the Federal Register.
This Federal Register document is also available from the Federal
Register online database through GPO Access, a service of the U.S.
Government Printing Office. Free public access is available on a Wide
Area Information Server (WAIS) through the Internet and via
asynchronous dial-in. Internet users can access the database by using
the World Wide Web; the Superintendent of Documents home page address
is http://www.access.gpo.gov/su__docs/, by using local WAIS client
software, or by telnet to swais.access.gpo.gov, then login as guest (no
password required). Dial-in users should use communications software
and modem to call 202-512-1661; type swais, then login as guest (no
password required).

FOR FURTHER INFORMATION CONTACT: Patricia Peyton, (410) 786-1812.

SUPPLEMENTARY INFORMATION:

I. Background

[Please label written and e-mailed comments about this section with
the subject: Background.]

In order to administer their programs, the Department of Health and
Human Services, other Federal agencies, State Medicaid agencies, and
private health plans assign identification numbers to the providers of
health care services and supplies with which they transact business.
These various agencies and health plans, all of which we will refer to
as health plans in this proposed rule, routinely, and independently of
each other, assign identifiers to health care providers for program
management and operations purposes. The identifiers are frequently not
standardized within a single health plan or across plans. This lack of
uniformity results in a single health care provider having different
numbers for each program and often multiple billing numbers issued
within the same program, significantly complicating providers' claims
submission processes. In addition, nonstandard enumeration contributes
to the unintentional issuance of the same identification number to
different health care providers.
Most health plans have to be able to coordinate benefits with other
health plans to ensure appropriate payment. The lack of a single and
unique identifier for each health care provider within each health plan
and across health plans, based on the same core data, makes exchanging
data both expensive and difficult.
All of these factors indicate the complexities of exchanging
information on health care providers within and among organizations and
result in increasing numbers of claims-related problems and increasing
costs of data processing. As we become more dependent on data
automation and proceed in planning for health care in the future, the
need for a universal, standard health care provider identifier becomes
more and more evident.
In addition to overcoming communication and coordination
difficulties, use of a standard, unique provider identifier would
enhance our ability to eliminate fraud and abuse in health care
programs.
<bullet> Payments for excessive or fraudulent claims can be reduced
by standardizing enumeration, which would facilitate sharing
information across programs or across different parts of the same
program.
<bullet> A health care provider's identifier would not change with
moves or changes in specialty. This facilitates tracking of fraudulent
health care providers over time and across geographic areas.
<bullet> A health care provider would receive only one identifier
and would not be able to receive duplicate payments from a program by
submitting claims under multiple provider identifiers.
<bullet> A standard identifier would facilitate access to sanction
information.

A. National Provider Identifier Initiative

In July 1993, the Health Care Financing Administration (HCFA)
undertook a project to develop a provider identification system to meet
Medicare and Medicaid needs and ultimately a national identification
system for all health care providers to meet the needs of other users
and programs. Representatives from the private sector and Federal and
State agencies were invited to participate. Active participants
included:
<bullet> Department of Defense, Office of Civilian Health and
Medical Program of the Uniformed Services.
<bullet> Assistant Secretary for Planning and Evaluation, HHS.
<bullet> Department of Labor.
<bullet> Department of Veterans Affairs.
<bullet> Office of Personnel Management.
<bullet> Public Health Service, HHS.
<bullet> Drug Enforcement Administration
<bullet> State Medicaid agencies and health departments including
those of Alabama, California, Maryland, Minnesota and Virginia.
<bullet> Medicare carriers and fiscal intermediaries.
<bullet> Professional and medical associations, including the
National Council for Prescription Drug Programs.
One of the group's first tasks was to decide whether to use an
existing identifier or to develop a new one. They began by adopting
criteria recommended for a unique provider identifier by the Workgroup
for Electronic Data Interchange (WEDI), Technical Advisory Group in
October 1993, and recommended by the American National Standards
Institute (ANSI), Healthcare Informatics Standards Planning Panel, Task
Group on Provider Identifiers in February 1994. The workgroup then
examined existing identifiers and concluded that no existing identifier
met all the criteria that had been recommended by the WEDI and ANSI
workgroups.
Because of the limitations of existing identifiers, the workgroup
designed a

[[Page 25322]]

new identifier that would be in the public domain and that would
incorporate the recommendations of the WEDI and ANSI workgroups. This
identifier, which we call the national provider identifier, or NPI, is
an 8-position alphanumeric identifier.

B. The Results of the NPI Initiative

As a result of the project on the NPI, and before legislation
required the use of the standard identifier for all health care
providers (see section I.C. Legislation, below), HCFA and other
participants accepted the workgroup's recommendation, and HCFA decided
that this new identifier would be implemented in the Medicare program.
HCFA began work on developing a national provider system (NPS) that
would contain provider data and be equipped with the technology
necessary to maintain and manage the data. Plans for the NPS included
assigning the NPI and storing the data necessary to identify each
health care provider uniquely. The NPI was designed to have no embedded
intelligence. (That is, information about the health care provider,
such as the type of health care provider or State where the health care
provider is located, would not be conveyed by the NPI. This information
was to have been recorded by the NPS in each health care provider's
record but would not be part of the identifier.)
The NPS was designed so that it could also be used by other Federal
and State agencies and private health plans to enumerate their health
care providers that do not participate in Medicare.

C. Legislation

The Congress included provisions to address the need for a standard
identifier and other administrative simplification issues in the Health
Insurance Portability and Accountability Act of 1996 (HIPAA), Public
Law 104-191, which was enacted on August 21, 1996. Through subtitle F
of title II of that law, the Congress added to title XI of the Social
Security Act a new part C, entitled ``Administrative Simplification.''
(Public Law 104-191 affects several titles in the United States Code.
Hereafter, we refer to the Social Security Act as the Act; we refer to
the other laws cited in this document by their names.) The purpose of
this part is to improve the Medicare and Medicaid programs in
particular and the efficiency and effectiveness of the health care
system in general by encouraging the development of a health
information system through the establishment of standards and
requirements to facilitate the electronic transmission of certain
health information.
Part C of title XI consists of sections 1171 through 1179 of the
Act. These sections define various terms and impose several
requirements on HHS, health plans, health care clearinghouses, and
certain health care providers concerning electronic transmission of
health information.
The first section, section 1171 of the Act, establishes definitions
for purposes of part C of title XI for the following terms: code set,
health care clearinghouse, health care provider, health information,
health plan, individually identifiable health information, standard,
and standard setting organization.
Section 1172 of the Act makes any standard adopted under part C
applicable to (1) all health plans, (2) all health care clearinghouses,
and (3) any health care providers that transmit any health information
in electronic form in connection with the transactions referred to in
section 1173(a)(1) of the Act.
This section also contains requirements concerning standard
setting.
<bullet> The Secretary may adopt a standard developed, adopted, or
modified by a standard setting organization (that is, an organization
accredited by the American National Standards Institute (ANSI)) that
has consulted with the National Uniform Billing Committee (NUBC), the
National Uniform Claim Committee (NUCC), WEDI, and the American Dental
Association (ADA).
<bullet> The Secretary may also adopt a standard other than one
established by a standard setting organization, if the different
standard will reduce costs for health care providers and health plans,
the different standard is promulgated through negotiated rulemaking
procedures, and the Secretary consults with each of the above-named
groups.
<bullet> If no standard has been adopted by any standard setting
organization, the Secretary is to rely on the recommendations of the
National Committee on Vital and Health Statistics (NCVHS) and consult
with each of the above-named groups.
In complying with the requirements of part C of title XI, the
Secretary must rely on the recommendations of the NCVHS, consult with
appropriate State, Federal, and private agencies or organizations, and
publish the recommendations of the NCVHS in the Federal Register.
Paragraph (a) of section 1173 of the Act requires that the
Secretary adopt standards for financial and administrative
transactions, and data elements for those transactions, to enable
health information to be exchanged electronically. Standards are
required for the following transactions: health claims, health
encounter information, health claims attachments, health plan
enrollments and disenrollments, health plan eligibility, health care
payment and remittance advice, health plan premium payments, first
report of injury, health claim status, and referral certification and
authorization. In addition, the Secretary is required to adopt
standards for any other financial and administrative transactions that
are determined to be appropriate by the Secretary.
Paragraph (b) of section 1173 of the Act requires the Secretary to
adopt standards for unique health identifiers for all individuals,
employers, health plans, and health care providers and requires further
that the adopted standards specify for what purposes unique health
identifiers may be used.
Paragraphs (c) through (f) of section 1173 of the Act require the
Secretary to establish standards for code sets for each data element
for each health care transaction listed above, security standards for
health care information systems, standards for electronic signatures
(established together with the Secretary of Commerce), and standards
for the transmission of data elements needed for the coordination of
benefits and sequential processing of claims. Compliance with
electronic signature standards will be deemed to satisfy both State and
Federal requirements for written signatures with respect to the
transactions listed in paragraph (a) of section 1173 of the Act.
In section 1174 of the Act, the Secretary is required to adopt
standards for all of the above transactions, except claims attachments,
within 18 months of enactment. The standards for claims attachments
must be adopted within 30 months of enactment. Generally, after a
standard is established it cannot be changed during the first year
except for changes that are necessary to permit compliance with the
standard. Modifications to any of these standards may be made after the
first year, but not more frequently than once every 12 months. The
Secretary must also ensure that procedures exist for the routine
maintenance, testing, enhancement, and expansion of code sets and that
there are crosswalks from prior versions.
Section 1175 of the Act prohibits health plans from refusing to
process or delaying the processing of a transaction that is presented
in standard format. The Act's requirements are not limited to health
plans; however, each person to whom a standard or implementation

[[Page 25323]]

specification applies is required to comply with the standard within 24
months (or 36 months for small health plans) of its adoption. A health
plan or other entity may, of course, comply voluntarily before the
effective date. Entities may comply by using a health care
clearinghouse to transmit or receive the standard transactions.
Compliance with modifications and implementation specifications to
standards must be accomplished by a date designated by the Secretary.
This date may not be earlier than 180 days after the notice of change.
Section 1176 of the Act establishes a civil monetary penalty for
violation of the provisions in part C of title XI of the Act, subject
to several limitations. The Secretary is required by statute to impose
penalties of not more than $100 per violation on any person who fails
to comply with a standard, except that the total amount imposed on any
one person in each calendar year may not exceed $25,000 for violations
of one requirement. The procedural provisions in section 1128A of the
Act, ``Civil Monetary Penalties,'' are applicable.
Section 1177 of the Act establishes penalties for a knowing misuse
of unique health identifiers and individually identifiable health
information: (1) A fine of not more than $50,000 and/or imprisonment of
not more than 1 year; (2) if misuse is ``under false pretenses,'' a
fine of not more than $100,000 and/or imprisonment of not more than 5
years; and (3) if misuse is with intent to sell, transfer, or use
individually identifiable health information for commercial advantage,
personal gain, or malicious harm, a fine of not more than $250,000 and/
or imprisonment of not more than 10 years.
Under section 1178 of the Act, the provisions of part C of title XI
of the Act, as well as any standards established under them, supersede
any State law that is contrary to them. However, the Secretary may, for
statutorily specified reasons, waive this provision.
Finally, section 1179 of the Act makes the above provisions
inapplicable to financial institutions or anyone acting on behalf of a
financial institution when ``authorizing, processing, clearing,
settling, billing, transferring, reconciling, or collecting payments
for a financial institution.''
(Concerning this last provision, the conference report, in its
discussion on section 1178, states:

``The conferees do not intend to exclude the activities of
financial institutions or their contractors from compliance with the
standards adopted under this part if such activities would be
subject to this part. However, conferees intend that this part does
not apply to use or disclosure of information when an individual
utilizes a payment system to make a payment for, or related to,
health plan premiums or health care. For example, the exchange of
information between participants in a credit card system in
connection with processing a credit card payment for health care
would not be covered by this part. Similarly sending a checking
account statement to an account holder who uses a credit or debit
card to pay for health care services, would not be covered by this
part. However, this part does apply if a company clears health care
claims, the health care claims activities remain subject to the
requirements of this part.'') (H.R. Rep. No. 736, 104th Cong., 2nd
Sess. 268-269 (1996))

D. Process for Developing National Standards

The Secretary has formulated a 5-part strategy for developing and
implementing the standards mandated under Part C of title XI of the
Act:
1. To ensure necessary interagency coordination and required
interaction with other Federal departments and the private sector,
establish interdepartmental implementation teams to identify and assess
potential standards for adoption. The subject matter of the teams
includes claims/encounters, identifiers, enrollment/eligibility,
systems security, and medical coding/classification. Another team
addresses cross-cutting issues and coordinates the subject matter
teams. The teams consult with external groups such as the NCVHS'
Workgroup on Data Standards, WEDI, ANSI's Health Informatics Standards
Board, the NUCC, the NUBC, and the ADA. The teams are charged with
developing regulations and other necessary documents and making
recommendations for the various standards to the HHS' Data Council
through its Committee on Health Data Standards. (The HHS Data Council
is the focal point for consideration of data policy issues. It reports
directly to the Secretary and advises the Secretary on data standards
and privacy issues.)
2. Develop recommendations for standards to be adopted.
3. Publish proposed rules in the Federal Register describing the
standards. Each proposed rule provides the public with a 60-day comment
period.
4. Analyze public comments and publish the final rules in the
Federal Register.
5. Distribute standards and coordinate preparation and distribution
of implementation guides.
This strategy affords many opportunities for involvement of
interested and affected parties in standards development and adoption:
<bullet> Participate with standards development organizations.
<bullet> Provide written input to the NCVHS.
<bullet> Provide written input to the Secretary of HHS.
<bullet> Provide testimony at NCVHS' public meetings.
<bullet> Comment on the proposed rules for each of the proposed
standards.
<bullet> Invite HHS staff to meetings with public and private
sector organizations or meet directly with senior HHS staff involved in
the implementation process.
The implementation teams charged with reviewing standards for
designation as required national standards under the statute have
defined, with significant input from the health care industry, a set of
principles for guiding choices for the standards to be adopted by the
Secretary. These principles are based on direct specifications in HIPAA
and the purpose of the law, principles that are consistent with the
regulatory philosophy set forth in Executive Order 12866 and the
Paperwork Reduction Act of 1995. To be designated as a HIPAA standard,
each standard should:
1. Improve the efficiency and effectiveness of the health care
system by leading to cost reductions for or improvements in benefits
from electronic health care transactions.
2. Meet the needs of the health data standards user community,
particularly health care providers, health plans, and health care
clearinghouses.
3. Be consistent and uniform with the other HIPAA standards--their
data element definitions and codes and their privacy and security
requirements--and, secondarily, with other private and public sector
health data standards.
4. Have low additional development and implementation costs
relative to the benefits of using the standard.
5. Be supported by an ANSI-accredited standards developing
organization or other private or public organization that will ensure
continuity and efficient updating of the standard over time.
6. Have timely development, testing, implementation, and updating
procedures to achieve administrative simplification benefits faster.
7. Be technologically independent of the computer platforms and
transmission protocols used in electronic transactions, except when
they are explicitly part of the standard.
8. Be precise and unambiguous, but as simple as possible.
9. Keep data collection and paperwork burdens on users as low as is
feasible.

[[Page 25324]]

10. Incorporate flexibility to adapt more easily to changes in the
health care infrastructure (such as new services, organizations, and
provider types) and information technology.
A master data dictionary providing for common data definitions
across the standards selected for implementation under HIPAA will be
developed and maintained. We intend for the data element definitions to
be precise, unambiguous, and consistently applied. The transaction-
specific reports and general reports from the master data dictionary
will be readily available to the public. At a minimum, the information
presented will include data element names, definitions, and appropriate
references to the transactions where they are used.
This proposed rule would establish the standard health care
provider identifier and is the first proposed standard under HIPAA. The
remaining standards will be grouped, to the extent possible, by subject
matter and audience in future regulations. We anticipate publishing
several more separate documents to promulgate the remaining standards
required under HIPAA.

II. Provisions of the Proposed Regulations

[Please label written and e-mailed comments about this section with
the subject: Provisions.]

In this proposed rule, we propose a standard health care provider
identifier and requirements concerning its implementation. This rule
would establish requirements that health plans, health care providers,
and health care clearinghouses would have to meet to comply with the
statutory requirement to use a unique identifier in electronic
transactions.
We propose to add a new part to title 45 of the Code of Federal
Regulations for health plans, health care providers, and health care
clearinghouses in general. The new part would be part 142 of title 45
and would be titled ``Administrative Requirements.'' Subpart D would
contain provisions specific to the NPI.

A. Applicability

Section 262 of HIPAA applies to all health plans, all health care
clearinghouses, and any health care providers that transmit any health
information in electronic form in connection with transactions referred
to in section 1173(a)(1) of the Act. Our proposed rules (at 45 CFR
142.102) would apply to the health plans and health care clearinghouses
as well, but we would clarify the statutory language in our regulations
for health care providers: we would have the regulations apply to any
health care provider only when electronically transmitting any of the
transactions to which section 1173(a)(1) of the Act refers.
Electronic transmissions would include transmissions using all
media, even when the transmission is physically moved from one location
to another using magnetic tape, disk, or CD media. Transmissions over
the Internet (wide-open), Extranet (using Internet technology to link a
business with information only accessible to collaborating parties),
leased lines, dial-up lines, and private networks are all included.
Telephone voice response and ``faxback'' systems would not be included.
The ``HTML'' interaction between a server and a browser by which the
elements of a transaction are solicited from a user would not be
included, but once assembled into a transaction by the server,
transmission of the full transaction to another corporate entity, such
as a health plan, would be required to comply.
Our regulations would apply to health care clearinghouses when
transmitting transactions to, and receiving transactions from, a health
care provider or health plan that transmits and receives standard
transactions (as defined under ``transaction'') and at all times when
transmitting to or receiving electronic transactions from another
health care clearinghouse. The law would apply to each health care
provider when transmitting or receiving any electronic transaction.
The law applies to health plans for all transactions.
Section 142.104 would contain the following provisions (from
section 1175 of the Act):
If a person desires to conduct a transaction (as defined in
Sec. 142.103) with a health plan as a standard transaction, the
following apply:
(1) The health plan may not refuse to conduct the transaction as a
standard transaction.
(2) The health plan may not delay the transaction or otherwise
adversely affect, or attempt to adversely affect, the person or the
transaction on the ground that the transaction is a standard
transaction.
(3) The information transmitted and received in connection with the
transaction must be in the form of standard data elements of health
information.
As a further requirement, we would require that a health plan that
conducts transactions through an agent assure that the agent meets all
the requirements of part 142 that apply to the health plan.
Section 142.105 would state that a person or other entity may meet
the requirements of Sec. 142.104 by either--
(1) Transmitting and receiving standard data elements, or
(2) Submitting nonstandard data elements to a health care
clearinghouse for processing into standard data elements and
transmission by the health care clearinghouse and receiving standard
data elements through the clearinghouse.
Health care clearinghouses would be able to accept nonstandard
transactions for the sole purpose of translating them into standard
transactions for sending customers and would be able to accept standard
transactions and translate them into nonstandard formats for receiving
customers. We would state in Sec. 142.105 that the transmission of
nonstandard transactions, under contract, between a health plan or a
health care provider and a health care clearinghouse would not violate
the law.
Transmissions within a corporate entity would not be required to
comply with the standards. A hospital that is wholly owned by a managed
care company would not have to use the standards to pass encounter
information back to the home office, but it would have to use the
standard claims transaction to submit a claim to another health plan.
Another example might be transactions within Federal agencies and their
contractors and between State agencies within the same State. For
example, Medicare enters into contracts with insurance companies and
common working file sites that process Medicare claims using government
furnished software. There is constant communication, on a private
network, between HCFA Central Office and the Medicare carriers,
intermediaries and common working file sites. This communication may
continue in nonstandard mode. However, these contractors must comply
with the standards when exchanging any of the transactions covered by
HIPAA with an entity outside these ``corporate'' boundaries.

B. Definitions

Section 1171 of the Act defines several terms and our proposed
rules would, for the most part, simply restate the law. The terms that
we are defining in this proposed rule follow:
1. Code set.
We would define ``code set'' as section 1171(1) of the Act does:
``code set'' means any set of codes used for encoding data elements,
such as tables of terms, medical concepts, medical diagnostic codes, or
medical procedure codes.

[[Page 25325]]

2. Health care clearinghouse.
We would define ``health care clearinghouse'' as section 1171(2) of
the Act does, but we are adding a further, clarifying sentence. The
statute defines a ``health care clearinghouse'' as a public or private
entity that processes or facilitates the processing of nonstandard data
elements of health information into standard data elements. We would
further explain that such an entity is one that currently receives
health care transactions from health care providers and other entities,
translates the data from a given format into one acceptable to the
intended recipient and forwards the processed transaction to
appropriate health plans and other clearinghouses, as necessary, for
further action.
There are currently a number of private clearinghouses that perform
these functions for health care providers. For purposes of this rule,
we would consider billing services, repricing companies, community
health management information systems or community health information
systems, value-added networks, and switches performing these functions
to be health care clearinghouses.
3. Health care provider.
As defined by section 1171(3) of the Act, a ``health care
provider'' is a provider of services as defined in section 1861(u) of
the Act, a provider of medical or other health services as defined in
section 1861(s) of the Act, and any other person who furnishes health
care services or supplies. Our regulations would define ``health care
provider'' as the statute does and clarify that the definition of a
health care provider is limited to those entities that furnish, or bill
and are paid for, health care services in the normal course of
business.
The statutory definition of a health care provider is broad.
Section 1861(u) contains the Medicare definition of a provider, which
encompasses institutional providers such as hospitals, skilled nursing
facilities, home health agencies, and comprehensive outpatient
rehabilitation facilities. Section 1861(s) defines other Medicare
facilities and practitioners, including assorted clinics and centers,
physicians, clinical laboratories, various licensed/certified health
care practitioners, and suppliers of durable medical equipment. The
last portion of the definition encompasses any appropriately licensed
or certified health care practitioners or organizations, including
pharmacies and nursing homes and many types of therapists, technicians,
and aides. It also includes any other individual or organization that
furnishes health care services or supplies. We believe that an
individual or organization that bills and is paid for health care
services or supplies is also a health care provider for purposes of the
statute.
Section 1173(b)(1) of the Act requires the Secretary to adopt
standards for unique identifiers for all health care providers. The
definition of a ``health care provider'' at section 1171(3) includes
all Medicare providers and ``any other person furnishing health care
services and supplies.'' These two provisions require that provider
identifiers may not be limited to only those health care providers that
bill electronically or those that bill in their own right. Instead
provider identifiers will eventually be available to all those that
provide health services. Penalties for failure to use the correct
identifiers, however, are limited to those that fail to use the
identifiers or other standards in the nine designated electronic
transactions. As we discuss under a later section in this preamble,
III. Implementation of the NPI, we do not expect to be able to assign
identifiers immediately to all health care providers that do not
participate in electronic transactions.
Our proposed definition of a health care provider would not include
health industry workers who support the provision of health care but
who do not provide health services, such as admissions and billing
personnel, housekeeping staff, and orderlies.
We describe two alternatives for defining general categories of
health care providers for enumeration purposes. In the first, we would
categorize health care providers as individuals, organizations, or
groups. In the second, we would categorize health care providers as
individuals or organizations, which would include groups. The data to
be collected for each category of health care provider are described in
the preamble in section IV.
B. Data Elements. We welcome your comments on whether group providers
need to be distinguished from organization providers.
Individuals are treated differently than organizations and groups
because the data available to search for duplicates (for example, date
and place of birth) are different. Organizations and groups may need to
be treated differently from each other because it is possible that a
group is not specifically licensed or certified to provide health care,
whereas an organization usually is. It may, therefore, be important to
be able to link the individual members to the group. It would not be
possible to distinguish one category from another by looking at the
NPI. The NPS would contain the kinds of data necessary to adequately
categorize each health care provider.
The categories are described as follows:
Individual--A human being who is licensed, certified or otherwise
authorized to perform medical services or provide medical care,
equipment and/or supplies in the normal course of business. Examples of
individuals are physicians, nurses, dentists, pharmacists, and physical
therapists.
Organization--An entity, other than an individual, that is
licensed, certified or otherwise authorized to provide medical
services, care, equipment or supplies in the normal course of business.
The licensure, certification, or other recognition is granted to the
organization entity. Individual owners, managers, or employees of the
organization may also be certified, licensed, or otherwise recognized
as individual health care providers in their own right. Each separate
physical location of an organization, each member of an organization
chain, and each subpart of an organization that needs to be identified
would receive its own NPI. NPIs of organization providers would not be
linked within the NPS to NPIs of other health care providers. Examples
of organizations are hospitals, laboratories, ambulance companies,
health maintenance organizations, and pharmacies.
In the first alternative for categorizing health care providers, as
described above, we would distinguish a group from an organization. We
would define a group as follows:
Group--An entity composed of one or more individuals (as defined
above), generally created to provide coverage of patients' needs in
terms of office hours, professional backup and support, or range of
services resulting in specific billing or payment arrangements. It is
possible that the group itself is not licensed or certified, but the
individual(s) who compose the group are licensed, certified or
otherwise authorized to provide health care services. The NPIs of the
group member(s) would be linked within the NPS to the NPI of the group.
An individual can be a member of multiple groups. Examples of groups
are (1) two physicians practicing as a group where they bill and
receive payment for their services as a group and (2) an incorporated
individual billing and receiving payment as a corporation.
The ownership of a group or organization can change if it is sold,
consolidated, or merged, or if control changes due to stock
acquisition. In many cases, the nature of the provider

[[Page 25326]]

itself (for example, its location, staff or types of services provided)
is not affected. In general, the NPI of the provider should not change
in these situations unless the change of ownership affects the nature
of the provider. (Example: If a hospital is acquired and then converted
to a rehabilitation center, it would need to obtain a new NPI.) There
may also be circumstances where a new NPI should be issued. (Example: a
physicians' group practice operating as a partnership dissolves that
partnership and another partnership of physicians acquires and operates
the practice.) We solicit comments on rules to be applied.
We discuss the enumeration of health care providers in more detail,
in III. Implementation of the NPI, later in this preamble.
4. Health information.
``Health information,'' as defined in section 1171 of the Act,
means any information, whether oral or recorded in any form or medium,
that--
<bullet> Is created or received by a health care provider, health
plan, public health authority, employer, life insurer, school or
university, or health care clearinghouse; and
<bullet> Relates to the past, present, or future physical or mental
health or condition of an individual; the provision of health care to
an individual; or the past, present, or future payment for the
provision of health care to an individual.
We propose the same definition for our regulations.
5. Health plan.
We propose that a ``health plan'' be defined essentially as section
1171 of the Act defines it. Section 1171 of the Act cross refers to
definitions in section 2791 of the Public Health Service Act (as added
by Public Law 104-191, 42 U.S.C. 300gg-91); we would incorporate those
definitions as currently stated into our proposed definitions for the
convenience of the public. We note that many of these terms are defined
in other statutes, such as the Employee Retirement Income Security Act
of 1974 (ERISA), Public Law 93-406, 29 U.S.C. 1002(7) and the Public
Health Service Act. Our definitions are based on the roles of plans in
conducting administrative transactions, and any differences should not
be construed to affect other statutes.
For purposes of implementing the provisions of administrative
simplification, a ``health plan'' would be an individual or group
health plan that provides, or pays the cost of, medical care. This
definition includes, but is not limited to, the 13 types of plans
listed in the statute. On the other hand, plans such as property and
casualty insurance plans and workers compensation plans, which may pay
health care costs in the course of administering nonhealth care
benefits, are not considered to be health plans in the proposed
definition of health plan. Of course, these plans may voluntarily adopt
these standards for their own business needs. At some future time, the
Congress may choose to expressly include some or all of these plans in
the list of health plans that must comply with the standards.
Health plans often carry out their business functions through
agents, such as plan administrators (including third party
administrators), entities that are under ``administrative services
only'' (ASO) contracts, claims processors, and fiscal agents. These
agents may or may not be health plans in their own right; for example,
a health plan may act as another health plan's agent as another line of
business. As stated earlier, a health plan that conducts HIPAA
transactions through an agent is required to assure that the agent
meets all HIPAA requirements that apply to the plan itself.
``Health plan'' includes the following, singly or in combination:
a. ``Group health plan'' (as currently defined by section 2791(a)
of the Public Health Service Act). A group health plan is a plan that
has 50 or more participants (as the term ``participant'' is currently
defined by section 3(7) of ERISA) or is administered by an entity other
than the employer that established and maintains the plan. This
definition includes both insured and self-insured plans. We define
``participant'' separately below.
Section 2791(a)(1) of the Public Health Service Act defines ``group
health plan'' as an employee welfare benefit plan (as currently defined
in section 3(1) of ERISA) to the extent that the plan provides medical
care, including items and services paid for as medical care, to
employees or their dependents directly or through insurance, or
otherwise.
It should be noted that group health plans that have fewer than 50
participants and that are administered by the employer would be
excluded from this definition and would not be subject to the
administrative simplification provisions of HIPAA.
b. ``Health insurance issuer'' (as currently defined by section
2791(b) of the Public Health Service Act).
Section 2791(b)(2) of the Public Health Service Act currently
defines a ``health insurance issuer'' as an insurance company,
insurance service, or insurance organization that is licensed to engage
in the business of insurance in a State and is subject to State law
that regulates insurance.
c. ``Health maintenance organization'' (as currently defined by
section 2791(b) of the Public Health Service Act).
Section 2791(b) of the Public Health Service Act currently defines
a ``health maintenance organization'' as a Federally qualified health
maintenance organization, an organization recognized as such under
State law, or a similar organization regulated for solvency under State
law in the same manner and to the same extent as such a health
maintenance organization. These organizations may include preferred
provider organizations, provider sponsored organizations, independent
practice associations, competitive medical plans, exclusive provider
organizations, and foundations for medical care.
d. Part A or Part B of the Medicare program (title XVIII of the
Act).
e. The Medicaid program (title XIX of the Act).
f. A ``Medicare supplemental policy'' as defined under section
1882(g)(1) of the Act.
Section 1882(g)(1) of the Act defines a ``Medicare supplemental
policy'' as a health insurance policy that a private entity offers a
Medicare beneficiary to provide payment for expenses incurred for
services and items that are not reimbursed by Medicare because of
deductible, coinsurance, or other limitations under Medicare. The
statutory definition of a Medicare supplemental policy excludes a
number of plans that are generally considered to be Medicare
supplemental plans, such as health plans for employees and former
employees and for members and former members of trade associations and
unions. A number of these health plans may be included under the
definitions of ``group health plan'' or ``health insurance issuer'', as
defined in a. and b. above.
g. A ``long-term care policy,'' including a nursing home fixed-
indemnity policy. A ``long-term care policy'' is considered to be a
health plan regardless of how comprehensive it is. We recognize the
long-term care insurance segment of the industry is largely unautomated
and we welcome comments regarding the impact of HIPAA on the long-term
care segment.
h. An employee welfare benefit plan or any other arrangement that
is established or maintained for the purpose of offering or providing
health benefits to the employees of two or more employers. This
includes plans and other arrangements that are referred to as multiple
employer welfare

[[Page 25327]]

arrangements (``MEWAs'') as defined in section 3(40) of ERISA.
i. The health care program for active military personnel under
title 10 of the United States Code.
j. The veterans health care program under chapter 17 of title 38 of
the United States Code.
This health plan primarily furnishes medical care through hospitals
and clinics administered by the Department of Veterans Affairs for
veterans with a service-connected disability that is compensable.
Veterans with non-service-connected disabilities (and no other health
benefit plan) may receive health care under this health plan to the
extent resources and facilities are available.
k. The Civilian Health and Medical Program of the Uniformed
Services (CHAMPUS), as defined in 10 U.S.C. 1072(4).
CHAMPUS primarily covers services furnished by civilian medical
providers to dependents of active duty members of the uniformed
services and retirees and their dependents under age 65.
l. The Indian Health Service program under the Indian Health Care
Improvement Act (25 U.S.C. 1601 et seq.).
This program furnishes services, generally through its own health
care providers, primarily to persons who are eligible to receive
services because they are of American Indian or Alaskan Native descent.
m. The Federal Employees Health Benefits Program under 5 U.S.C.
chapter 89.
This program consists of health insurance plans offered to active
and retired Federal employees and their dependents. Depending on the
health plan, the services may be furnished on a fee-for-service basis
or through a health maintenance organization.
(Note: Although section 1171(5)(M) of the Act refers to the
``Federal Employees Health Benefit Plan,'' this and any other rules
adopting administrative simplification standards will use the correct
name, the Federal Employees Health Benefits Program. One health plan
does not cover all Federal employees; there are over 350 health plans
that provide health benefits coverage to Federal employees, retirees,
and their eligible family members. Therefore, we will use the correct
name, the Federal Employees Health Benefits Program, to make clear that
the administrative simplification standards apply to all health plans
that participate in the Program.)
n. Any other individual or group health plan, or combination
thereof, that provides or pays for the cost of medical care.
We would include a fourteenth category of health plan in addition
to those specifically named in HIPAA, as there are health plans that do
not readily fit into the other categories but whose major purpose is
providing health benefits. The Secretary would determine which of these
plans are health plans for purposes of title II of HIPAA. This category
would include the Medicare Plus Choice plans that will become available
as a result of section 1855 of the Act as amended by section 4001 of
the Balanced Budget Act of 1997 (Public Law 105-33) to the extent that
these health plans do not fall under any other category.
6. Medical care.
``Medical care,'' which is used in the definition of health plan,
would be defined as current section 2791 of the Public Health Service
Act defines it: the diagnosis, cure, mitigation, treatment, or
prevention of disease, or amounts paid for the purpose of affecting any
body structure or function of the body; amounts paid for transportation
primarily for and essential to these items; and amounts paid for
insurance covering the items and the transportation specified in this
definition.
7. Participant.
We would define the term ``participant'' as section 3(7) of ERISA
currently defines it: a ``participant'' is any employee or former
employee of an employer, or any member or former member of an employee
organization, who is or may become eligible to receive a benefit of any
type from an employee benefit plan that covers employees of such an
employer or members of such organizations, or whose beneficiaries may
be eligible to receive any such benefits. An ``employee'' would include
an individual who is treated as an employee under section 401(c)(1) of
the Internal Revenue Code of 1986 (26 U.S.C. 401(c)(1)).
8. Small health plan.
We would define a ``small health plan'' as a group health plan with
fewer than 50 participants.
The HIPAA does not define a ``small health plan'' but instead
leaves the definition to be determined by the Secretary. The Conference
Report suggests that the appropriate definition of a ``small health
plan'' is found in current section 2791(a) of the Public Health Service
Act, which is a group health plan with fewer than 50 participants. We
would also define small individual health plans as those with fewer
than 50 participants.
9. Standard.
Section 1171 of the Act defines ``standard,'' when used with
reference to a data element of health information or a transaction
referred to in section 1173(a)(1) of the Act, as any such data element
or transaction that meets each of the standards and implementation
specifications adopted or established by the Secretary with respect to
the data element or transaction under sections 1172 through 1174 of the
Act.
Under our definition, a standard would be a set of rules for a set
of codes, data elements, transactions, or identifiers promulgated
either by an organization accredited by the American National Standards
Institute or HHS for the electronic transmission of health information.
10. Transaction.
``Transaction'' would mean the exchange of information between two
parties to carry out financial and administrative activities related to
health care. A transaction would be any of the transactions listed in
section 1173(a)(2) of the Act and any determined appropriate by the
Secretary in accordance with section 1173(a)(1)(B) of the Act. We
present them below in the order in which we propose to list them in the
regulations text to this document and in the regulations document for
proposed standards for these transactions that we will publish later.
A ``transaction'' would mean any of the following:
a. Health claims or equivalent encounter information.
This transaction may be used to submit health care claim billing
information, encounter information, or both, from health care providers
to health plans, either directly or via intermediary billers and claims
clearinghouses.
b. Health care payment and remittance advice.
This transaction may be used by a health plan to make a payment to
a financial institution for a health care provider (sending payment
only), to send an explanation of benefits or a remittance advice
directly to a health care provider (sending data only), or to make
payment and send an explanation of benefits remittance advice to a
health care provider via a financial institution (sending both payment
and data).
c. Coordination of benefits.
This transaction can be used to transmit health care claims and
billing payment information between health plans with different payment
responsibilities where coordination of benefits is required or between
health plans and regulatory agencies to monitor the rendering, billing,
and/or

[[Page 25328]]

payment of health care services within a specific health care/insurance
industry segment.
In addition to the nine electronic transactions specified in
section 1173(a)(2) of the Act, section 1173(f) directs the Secretary to
adopt standards for transferring standard data elements among health
plans for coordination of benefits and sequential processing of claims.
This particular provision does not state that these should be standards
for electronic transfer of standard data elements among health plans.
However, we believe that the Congress, when writing this provision,
intended for these standards to apply to the electronic form of
transactions for coordination of benefits and sequential processing of
claims. The Congress expressed its intent on these matters generally in
section 1173(a)(1)(B), where the Secretary is directed to adopt ``other
financial and administrative transactions . . . consistent with the
goals of improving the operation of the health care system and reducing
administrative costs''. Adoption of a standard for electronic
transmission of standard data elements among health plans for
coordination of benefits and sequential processing of claims would
serve these goals expressed by the Congress.
d. Health claim status.
This transaction may be used by health care providers and
recipients of health care products or services (or their authorized
agents) to request the status of a health care claim or encounter from
a health plan.
e. Enrollment and disenrollment in a health plan.
This transaction may be used to establish communication between the
sponsor of a health benefit and the health plan. It provides enrollment
data, such as subscriber and dependents, employer information, and
primary care health care provider information. The sponsor is the
backer of the coverage, benefit, or product. A sponsor can be an
employer, union, government agency, association, or insurance company.
The health plan refers to an entity that pays claims, administers the
insurance product or benefit, or both.
f. Eligibility for a health plan.
This transaction may be used to inquire about the eligibility,
coverage, or benefits associated with a benefit plan, employer, plan
sponsor, subscriber, or a dependent under the subscriber's policy. It
also can be used to communicate information about or changes to
eligibility, coverage, or benefits from information sources (such as
insurers, sponsors, and health plans) to information receivers (such as
physicians, hospitals, third party administrators, and government
agencies).
g. Health plan premium payments.
This transaction may be used by, for example, employers, employees,
unions, and associations to make and keep track of payments of health
plan premiums to their health insurers. This transaction may also be
used by a health care provider, acting as liaison for the beneficiary,
to make payment to a health insurer for coinsurance, copayments, and
deductibles.
h. Referral certification and authorization.
This transaction may be used to transmit health care service
referral information between primary care health care providers, health
care providers furnishing services, and health plans. It can also be
used to obtain authorization for certain health care services from a
health plan.
i. First report of injury.
This transaction may be used to report information pertaining to an
injury, illness, or incident to entities interested in the information
for statistical, legal, claims, and risk management processing
requirements.
j. Health claims attachments.
This transaction may be used to transmit health care service
information, such as subscriber, patient, demographic, diagnosis, or
treatment data for the purpose of a request for review, certification,
notification, or reporting the outcome of a health care services
review.
k. Other transactions as the Secretary may prescribe by regulation.
Under section 1173(a)(1)(B) of the Act, the Secretary shall adopt
standards, and data elements for those standards, for other financial
and administrative transactions deemed appropriate by the Secretary.
These transactions would be consistent with the goals of improving the
operation of the health care system and reducing administrative costs.

C. Effective Dates--General

In general, any given standard would be effective 24 months after
the effective date (36 months for small health plans) of the final rule
for that standard. Because there are other standards to be established
than those in this proposed rule, we specify the date for a given
standard under the subpart for that standard.
If HHS adopts a modification to an implementation specification or
a standard, the implementation date of the modification would be no
earlier than the 180th day following the adoption of the modification.
HHS would determine the actual date, taking into account the time
needed to comply due to the nature and extent of the modification. HHS
would be able to extend the time for compliance for small health plans.
This provision would be at Sec. 142.106.
The law does not address scheduling of implementation of the
standards; it gives only a date by which all concerned must comply. As
a result, any of the health plans, health care clearinghouses, and
health care providers may implement a given standard earlier than the
date specified in the subpart created for that standard. We realize
that this may create some problems temporarily, as early implementers
would have to be able to continue using old standards until the new
ones must, by law, be in place.
At the WEDI Healthcare Leadership Summit held on August 15, 1997,
it was recommended that health care providers not be required to use
any of the standards during the first year after the adoption of the
standard. However, willing trading partners could implement any or all
of the standards by mutual agreement at any time during the 2-year
implementation phase (3-year implementation phase for small health
plans). In addition, it was recommended that a health plan give its
health care providers at least 6 months notice before requiring them to
use a given standard.
We welcome comments specifically on early implementation as to the
extent to which it would cause problems and how any problems might be
alleviated.

D. NPI Standard

[Please label written and e-mailed comments about this section with
the subject: NPI STANDARD.]

Section 142.402, Provider identifier standard, would contain the
national health care provider identifier standard. There is no
recognized standard for health care provider identification as defined
in the law. (That is, there is no standard that has been developed,
adopted, or modified by a standard setting organization after
consultation with the NUBC, NUCC, WEDI, and the ADA.) Therefore, we
would designate a new standard.
We are proposing as the standard the national provider identifier
(NPI), which would be maintained by HCFA. As discussed under the
Background section earlier in this preamble, the NPI is an 8-position
alphanumeric identifier. It includes as the 8th position a numeric
check digit to assist in identifying erroneous or invalid NPIs. The
check digit is a recognized International Standards Organization [ISO]
standard. The check digit algorithm must be computed from an all-
numeric base

[[Page 25329]]

number. Therefore, any alpha characters that may be part of the NPI are
translated to specific numerics before the calculation of the check
digit. The NPI format would allow for the creation of approximately 20
billion unique identifiers.
The 8-position alphanumeric format was chosen over a longer
numeric-only format in order to keep the identifier as short as
possible while providing for an identifier pool that would serve the
industry's needs for a long time. However, we recognize that some
health care providers and health plans might have difficulty in the
short term in accommodating alphabetic characters. Therefore, we
propose to issue numeric-only identifiers first and to introduce
alphabetic characters starting with the first position of the NPI. This
would afford additional time for health care providers and health plans
to accommodate the alphabetic characters.
1. Selection criteria.
Each individual implementation team weighted the criteria described
in section I.D., Process for Developing National Standards, in terms of
the standard it was addressing. As we assessed the various options for
a provider identifier against the criteria, it became apparent that
many of the criteria would be satisfied by all of the provider
identifier candidates. Consequently, we concentrated on the four
criteria (1, 2, 3, and 10) that were not satisfied by all of the
options. These criteria are described below in the specific context of
the provider identifier.
#1. Improve the efficiency and effectiveness of the health care
system.
In order to be integrated into electronic transactions efficiently,
standard provider identifiers must be easily accessible. Health plans
must be able to obtain identifiers and other key data easily in order
to use the identifier in electronic transactions. Existing health care
provider files have to be converted to the new standard. In addition,
health care providers will need to know other health care providers'
identifiers (for example, a hospital needs the identifiers of all
physicians who perform services in the facility). To meet this
criterion, we believe the identifier should not be proprietary; that
is, it should be possible to communicate identifiers freely as needed.
Moreover, the issuer must be able to reliably issue each health care
provider only one identifier and to issue each identifier only once.
#2. Meet the needs of the health data standards user community.
The identifier must be comprehensive. It must accommodate all
health care provider types or must be capable of being expanded to do
so. Based on our definition of ``health care provider'', this includes
individual health care providers who are employed by other health care
providers and alternative practitioners who may not be currently
recognized by health plans. The identifier must have the capacity to
enumerate health care providers for many years without reuse of
previously-assigned identifiers. To meet this criterion, we believe
that, over time, the identifier must be capable of uniquely identifying
at least 100 million entities.
#3. Be consistent and uniform with other HIPAA and other private
and public sector health data standards in providing for privacy and
confidentiality.
Confidentiality of certain health care provider data must be
maintained. Certain data elements (for example, social security number
and date of birth) needed to enumerate an individual health care
provider reliably should not be made available to the public.
#10. Incorporate flexibility to adapt more easily to changes.
To meet this criterion, the identifier must be intelligence-free
(the identifier itself should not contain any information about the
health care provider). Intelligence in the identifier would require
issuing a new identifier if there is a change in that information. For
example, an identifier containing a State code would no longer be
accurate if the health care provider moves to another State.
2. Candidate identifiers.
We assessed a number of candidate identifiers to see if they met
the four specific criteria discussed above. We first assessed the
identifiers listed in the inventory of standards prepared for the
Secretary by the Health Informatics Standards Board. Those standards
are the unique physician identification number (UPIN), which is issued
by HCFA; the health industry number (HIN), which is issued by the
Health Industry Business Communications Council; the National
Association of Boards of Pharmacy (NABP) number, which is issued by the
National Council for Prescription Drug Programs in cooperation with the
NABP; and the national provider identifier (NPI), which is being
developed by HCFA.
Unique physician identification numbers are currently issued to
physicians, limited license practitioners, group practices, and certain
noninstitutional providers (for example, ambulance companies). These
numbers are issued to health care providers through Medicare carriers,
and generally only Medicare providers have them. The unique physician
identification number is used to identify ordering, performing,
referring, and attending health care providers in Medicare claims
processing. The computer system that generates the numbers is
maintained by HCFA and is able to detect duplicate health care
providers. The unique physician identification number is in the public
domain and could be made widely accessible to health care providers and
health plans. These numbers do contain intelligence (the first position
designates a provider type, e.g., physician) and are only six positions
long, which would not be able to accommodate a sufficient number of
future health care providers. The unique physician identification
number does not meet criteria 2 and 10.
The health industry number is used for contract administration in
the health industry supply chain, as a prescriber identifier for claims
processing, and for market analysis. It consists of a base 7-position
alpha-numeric identifier and a 2-position alpha-numeric suffix
identifying the location of the prescriber. The suffix contains
intelligence. Health industry numbers can enumerate individual
prescribers as well as institutional providers. They are issued via a
proprietary system maintained by the Health Industry Business
Communications Council, which permits subscriptions to the database by
data re-sellers and others. In addition, it does not collect sufficient
data for thorough duplicate checking of individuals. The health
industry number does not meet criteria 1, 3, and 10.
The National Association of Boards of Pharmacy number is a 7-digit
numeric identifier assigned to licensed pharmacies. It is used to
identify pharmacies to various payers. Its first two digits denote the
State, the next four positions are assigned sequentially, and the last
position is a check digit. We cannot assess data accessibility or
privacy and confidentiality at this time because of the very limited
applicability of the number. A 7-digit numeric identifier would not
yield a sufficient quantity of identifiers, and there is intelligence
in the number. This number does not meet criteria 2 and 10.
The NPI is intended to be a universal identifier, which can be used
to enumerate all types of health care providers, and the supporting
data structure incorporates a comprehensive list of provider types
developed by an ANSI Accredited Standards Committee X12N workgroup. It
is an intelligence-free 8-position alpha-numeric identifier, with the
eighth position being a check digit, allowing for approximately 20

[[Page 25330]]

billion possible identifiers. The NPI would not be proprietary and
would be widely available to the industry. The system that would
enumerate health care providers would be maintained by HCFA, and data
would therefore be safeguarded under the Privacy Act (5 U.S.C 552a).
The system would also incorporate extensive search and duplicate
checking routines into the enumeration process. The NPI meets all four
of these criteria.
In addition, we examined the social security number issued by the
Social Security Administration, the DEA number issued by the Drug
Enforcement Administration, the employer identification number issued
by the Internal Revenue Service, and the national supplier
clearinghouse number issued by the Medicare program and used to
identify suppliers of durable medical equipment and other suppliers.
Neither the social security number nor the DEA number meets the
accessibility test. The use of the social security number by Federal
agencies is protected by the Privacy Act, and the DEA number must
remain confidential in order to fulfill its intended function of
monitoring controlled substances. The employer identification number
does not meet the comprehensiveness test, because some individual
health care providers do not qualify for one. The length of the
national supplier clearinghouse number is 10 positions; to expand it
would make it too long. Also, it is not intelligence-free, since the
first portion of the identifier links health care providers together
into business entities. The last four positions are reserved for
subentities, leaving only the first six positions to enumerate unique
health care provider entities.
Based on this analysis, we recommend the NPI be designated as the
standard identifier for health care providers. It is the only candidate
identifier that meets all four of the criteria above. In addition, the
NPI would be supported by HCFA to assure continuity. As discussed in
section VII. of this preamble, on collection of information
requirements, the data collection and paperwork burdens on users would
be minimal, and the NPI can be used in other standard transactions
under the HIPAA. In addition, as discussed in sections III.B.,
Enumerators, and IX., Impact Analysis, implementation costs per health
care provider and per health plan would be relatively low, and we would
develop implementation procedures. The NPI would be platform and
protocol independent, and the structure of the identifier has been
precisely stated. The NPI is not fully operational, but it is
undergoing testing at this time, and comprehensive testing will be
completed before the identifier is implemented.
3. Consultations.
In the development of the NPI, we consulted with many
organizations, including those that the legislation requires (section
1172(c)(3)(B) of the Act). Subsequently, the NPI has been endorsed by
several government and private organizations:
a. The NCVHS endorsed the NPI in a Federal Register notice on July
24, 1997 (62 FR 39844).
b. The NUBC endorsed the NPI in August 1996.
c. The ADA indicated its support, in concept, of the development of
a unique, singular, national provider identifier for all health care
providers in December 1996.
d. The NUCC supported the establishment of the NPI in January 1997,
subject to the following issues being fully addressed:
<bullet> The business needs and rationale for each identifier be
clearly established for health care, in both the private and government
sectors, as part of the identifier definition process.
<bullet> The scope and nature of, and the rationale for, the
entities subject to enumeration be clearly defined.
<bullet> All issues arising out of the health care industry's
review of the proposed identifier, including any ambiguities in the law
or proposed rule, be acknowledged and addressed.
<bullet> Distribution of identifier products/maintenance to health
care providers, payers and employers be low cost and efficient. There
should be no cost to have a number assigned to an individual health
care provider or business.
e. WEDI indicated support for ``the general concept of the NPI as
satisfying the national provider identifier requirement of HIPAA'' in a
May 1997 letter to the Secretary. WEDI further stated that the NPI is
equal to or better than alternative identifiers, but noted that it
cannot provide an unqualified opinion until operational and technical
details are disclosed in this regulation.
f. The State of Minnesota endorsed the NPI in Minnesota Statutes
Section 62J.54, dated February 1996.
g. The Massachusetts Health Data Consortium's Affiliated Health
Information Networks of New England endorsed the NPI as the standard
provider locator for electronic data interchange in March 1996.
h. The USA Registration Committee approved the NPI as an
International Standards Organization card issuer identifier in August
1996, for use on magnetic cards.
i. The National Council for Prescription Drug Programs indicated
support for the NPI effort in an October 1996 letter to the Secretary.

E. Requirements

[Please label written and e-mailed comments about this section with
the subject: Requirements.]

1. Health plans.
In Sec. 142.404, Requirements: Health plans, we would require
health plans to accept and transmit, directly or via a health care
clearinghouse, the NPI on all standard transactions wherever required.
Federal agencies and States may place additional requirements on their
health plans.
2. Health care clearinghouses.
We would require in Sec. 142.406, Requirements: Health care
clearinghouses, that each health care clearinghouse use the NPI
wherever an electronic transaction requires it.
3. Health care providers.
In Sec. 142.408, Requirements: Health care providers, we would
require each health care provider that needs an NPI for HIPAA
transactions to obtain, by application if necessary, an NPI and to use
the NPI wherever required on all standard transactions that it directly
transmits or accepts. The process by which health care providers will
apply for and obtain NPIs has not yet been established. This proposed
rule (in section III., Implementation of the NPI) presents
implementation options by which health care providers will apply for
and obtain NPIs. We are seeking comments on the options, and welcome
other options for consideration. In one of the options we are
presenting, we anticipate that the initial enumeration of health care
providers that are already enrolled in Medicare, other Federal programs
named as health plans, and Medicaid would be done by those health
plans. Those health care providers would not have to apply for NPIs but
would instead have their NPIs issued automatically. Non-Federal and
non-Medicaid providers would need to apply for NPIs to a Federally-
directed registry for initial enumeration. The information that will be
needed in order to issue an NPI to a health care provider is discussed
in this preamble in section IV. Data. Depending on the implementation
option selected, Federal and Medicaid health care providers may not
need to provide this information because it would already be available
to the entities that would be enumerating them. In one of the options,
health care providers would be assigned their NPIs in the course of
enrolling in the Federal health plan or in Medicaid. Both options may
require, to some degree, the

[[Page 25331]]

development of an application to be used in applying for an NPI.
We would require each health care provider that has an NPI to
forward updates to the data in the database to an NPI enumerator within
60 days of the date the change occurs. We are soliciting comments on
whether these updates should be applicable to all the data elements
proposed to be included in the national provider file (NPF) or only to
those data elements that are critical for enumeration. For example, we
would like to know whether the addition of a credential should be
required to be reported within the 60-day period, or whether such
updates should be limited to name or address changes or other data
elements that are required to enumerate a health care provider.

F. Effective Dates of the NPI

Health plans would be required to comply with our requirements as
follows:
1. Each health plan that is not a small health plan would have to
comply with the requirements of Secs. 142.104 and 142.404 no later than
24 months after the effective date of the final rule.
2. Each small health plan would have to comply with the
requirements of Secs. 142.104 and 142.404 no later than 36 months after
the effective date of the final rule.
3. If HHS adopts a modification to a standard or implementation
specification, the implementation date of the modification would be no
earlier than the 180th day following the adoption of the modification.
HHS would determine the actual date, taking into account the time
needed to comply due to the nature and extent of the modification. HHS
would be able to extend the time for compliance for small health plans.
Health care clearinghouses and affected health care providers would
have to begin using the NPI no later than 24 months after the effective
date of the final rule.
Failure to comply with standards may result in monetary penalties.
The Secretary is required by statute to impose penalties of not more
than $100 per violation on any person who fails to comply with a
standard, except that the total amount imposed on any one person in
each calendar year may not exceed $25,000 for violations of one
requirement. We will propose enforcement procedures in a future Federal
Register document once the industry has more experience with using the
standards.

III. Implementation of the NPI

[Please label written and e-mailed comments about this section with
the subject: Implementation.]

A. The National Provider System

We would implement the NPI through a central electronic enumerating
system, the national provider system (NPS). This system would be a
comprehensive, uniform system for identifying and uniquely enumerating
health care providers at the national level, not unlike the process now
used to issue social security numbers. HCFA would exercise overall
responsibility for oversight and management of the system. Health care
providers would not interact directly with the NPS.
The process of identifying and uniquely enumerating health care
providers is separate from the process health plans follow in enrolling
health care providers in their health programs. Even with the advent of
assignment of NPIs by the NPS, health plans would still have to follow
their own procedures for receiving and verifying information from
health care providers that apply to them for enrollment in their health
programs. Unique enumeration is less expensive than plan enrollment
because it does not require as much information to be collected,
edited, and verified. We welcome comments on the cost of provider
enrollment in a health plan.
NPIs would be issued by one or more organizations to which we refer
in this preamble as ``enumerators.'' The functions we foresee being
carried out by enumerators are presented in section B. Enumerators in
this preamble. The NPS would edit the data, checking for consistency,
formatting addresses, and validating the social security number. It
would then search the database to determine whether the health care
provider already has an NPI. If so, that NPI would be displayed. If
not, an NPI would be assigned. If the health care provider is similar
(but not identical) to an already-enumerated health care provider, the
information would be passed back to the enumerator for further
analysis. Enumerators would also communicate NPIs back to the health
care providers and maintain the NPS database. The number of enumerators
would be limited in the interest of data quality and consistency.
Because the Medicare program maintains files on more health care
providers than any other health care program in the country, we
envision using data from those files to initially populate the NPF that
is being built by the NPS and would be accessed by the enumerator(s).
The data we are considering for inclusion in this file are described in
section IV. Data in this preamble.

B. Enumerators

The enumerator(s) would carry out the following functions: assist
health care providers and answer questions; accept the application for
an NPI; validate as many of the data elements as possible at the point
of application to assure the submitted data are accurate and the
application is authentic; enter the data into the NPS to obtain an NPI
for the health care provider; research cases where there is a possible
match to a health care provider already enumerated; notify the health
care provider of the assigned NPI; and enter updated data into the NPS
when notified by the health care provider. Some of these functions
would not be necessary if the enumerator(s) is an entity that enrolls
health care providers in its own health plan and would be enumerating
health care providers at the time they are enrolling in the entity's
health plan. For example, if a Federal health plan is an enumerator,
some of the functions listed above would not have to be performed
separately from what the health plan would do in its regular business.
The major issue related to the operation of this process is
determining who the enumerator(s) will be.
1. Possible enumerators.
We had several choices in deciding who should enumerate health care
providers. There are advantages and disadvantages to each of these
choices:
<bullet> A registry:
A central registry operated under Federal direction would enumerate
all health care providers. The Federally-directed registry could be a
single physical entity or could be a number of agents controlled by a
single entity and operating under common procedures and oversight.
For: The process would be consistent; centralized operation would
assure consistent data quality; the concept of a registry is easy to
understand (single source for identifiers).
Against: The cost of creating a new entity rather than enumerating
as part of existing functions (for example, plan enrollment) would be
greater than having existing entities enumerate; there would be
redundant data required for enumeration and enrollment in a health
plan.
<bullet> Private organization(s):
A private organization(s) that meets certain selection criteria and
performance standards, which would post a surety bond related to the
number

[[Page 25332]]

of health care providers enumerated could enumerate health care
providers.
For: The organization(s) would operate in a consistent manner under
uniform requirements and standards; failure to maintain prescribed
requirements and standards could result in penalties which could
include suspension or debarment from being an enumerator.
Against: A large number of private enumerators would compromise the
quality of work and be difficult to manage; the administrative work
required to set up arrangements for a private enumerator(s) may be
significant; the cost of creating a new entity rather than enumerating
as part of existing functions (for example, plan enrollment) would be
greater than having existing entities enumerate; there might be
redundant data required for enumeration and enrollment in a health
plan; the legality of privatization would need to be researched.
<bullet> Federal health plans and Medicaid State agencies:
Federal programs named as health plans and Medicaid State agencies
would enumerate all health care providers. (As stated earlier under the
definition of ``health plan'', the Federal Employees Health Benefits
Program is comprised of numerous health plans, rather than just one,
and does not deal directly with health care providers that are not also
health plans. Thus, the program would not enumerate health care
providers but would still require the NPI to be used.)
For: These health plans already assign numbers to their health care
providers; a large percentage of health care providers do business with
Federal health plans and Medicaid State agencies; there would be no
appreciable costs for these health plans to enumerate as part of their
enrollment process; a small number of enumerators would assure
consistent data quality.
Against: Not all health care providers do business with any of
these health plans; there would be the question of which health plan
would enumerate the health care provider that participates in more than
one; we estimate that approximately 5 percent of the State Medicaid
agencies may decline to take on this additional task.
<bullet> Designated State agency:
The Governor of each State would designate an agency to be
responsible for enumerating health care providers within the State. The
agency might be the State Medicaid agency, State licensing board,
health department, or some other organization. Each State would have
the flexibility to develop its most workable approach.
For: This choice would cover all health care providers; there would
be a single source of enumeration in each State; States could devise
the least expensive mechanisms (for example, assign NPI during
licensing); license renewal cycles would assure periodic checks on data
accuracy.
Against: This choice would place an unfunded workload on States;
States may decline to designate an agency; there may be insufficient
funding to support the costs the States would incur; State licensing
agencies may not collect enough information during licensing to ensure
uniqueness across States; States may not be uniform in their
definitions of ``providers.''
<bullet> Professional organizations or training programs:
We would enlist professional organizations to enumerate their
members and/or enable professional schools to enumerate their students.
For: Individuals could be enumerated at the beginning of their
careers; most health care providers either attend a professional school
or belong to an organization.
Against: Not all health care providers are affiliated with an
organization or school; this choice would result in many enumerators
and thus potentially lower the data quality; schools would not be in a
position to update data once the health care provider has graduated;
the choice would place an unfunded workload on schools and/or
organizations.
<bullet> Health plans:
Health plans in general would have access to the NPS to enumerate
any of their health care providers.
For: Most health care providers do business with one or more health
plans; there would be a relatively low cost for health plans to
enumerate as part of enrollment; this choice would eliminate the need
for redundant data.
Against: Not all health care providers are affiliated with a health
plan; this choice would be confusing for the health care provider in
determining which health plan would enumerate when the health care
provider is enrolled in multiple health plans; there would be a very
large number of enumerators and thus potentially serious data quality
problems; the choice would place unfunded workload on health plans.
<bullet> Combinations:
We also considered using combinations of these choices to maximize
advantages and minimize disadvantages.
2. Options:
If private organizations, as enumerators, could charge health care
providers a fee for obtaining NPIs, this enumeration option would be
attractive and more preferable than the other choices or combinations,
as it would offer a way to fund the enumeration function. In
researching the legality of this approach, however, we were advised
that we do not have the authority to (1) charge health care providers a
fee for obtaining NPIs, or (2) license private organizations that could
charge health care providers for NPIs. For these reasons, we chose not
to recommend private organizations as enumerators.
The two most viable options are described below. We solicit input
on these options, as well as on alternate solutions.
Option 1: Registry enumeration of all health care providers.
All health care providers would apply directly to a Federally-
directed registry for an identifier. The registry, while under Federal
direction, would probably be operated by an agent or contractor. This
option is favored by some health plans, which believe that a single
entity should be given the task of enumerating health care providers
and maintaining the database for the sake of consistency. It would also
be the simplest option for health care providers, since enumeration
activities would be carried out for all health care providers by a
single entity. The major drawback to this option is the high cost of
establishing a registry large enough to process enumeration and update
requests for the 1.2 million current and 30,000 new (annually) health
care providers that conduct HIPAA transactions. The costs of this
option are discussed in section J.2.d., Enumerators, in the impact
analysis in this Federal Register document. The statute did not provide
a funding mechanism for the enumeration/update process. Federal funds,
if available, could support the registry. We seek comments on funding
mechanisms for the registry.
This option does not offer a clear possibility for funding some of
the costs associated with the operation and maintenance of the NPS as
it becomes national in scope (that is, as the NPS enumerates health
care providers that are not Medicare providers). We solicit comments on
appropriate methods for funding the NPS under this option.
Option 2: A combination of Federal programs named as health plans,
Medicaid State agencies, and a Federally-directed registry.
Federal health plans and Medicaid State agencies would enumerate
their own health care providers. Each health care provider
participating in more than one health plan could choose the health

[[Page 25333]]

plan by which it wishes to be enumerated. All other health care
providers would be enumerated by a Federally-directed registry. These
latter health care providers would apply directly to the registry for
an identifier.
The number of enumerators, and the number of health care providers
per enumerator, would be small enough that each enumerator would be
able to carefully validate data received from and about each of its
health care providers. Moreover, enumerators (aside from the registry)
would be dealing with their own health care providers, an advantage
both in terms of cost equity and data quality. This option recognizes
the fact that Federal plans and Medicaid State agencies already assign
identifiers to their health care providers for their own programmatic
purposes. It would standardize those existing processes and, in some
cases, may increase the amount of data collected or validation
performed. We have concluded that the cost of concurrently enumerating
and enrolling a Medicare or Medicaid provider is essentially the same
as the cost of enrollment alone because of the high degree of
redundancy between the processes. While there would probably be
additional costs initially, they would be offset by savings in other
areas (e.g., there would be a simplified, more efficient coordination
of benefits; a health care provider would only have to be enumerated
once; there would be no need to maintain more than one provider number
for each health care provider; and there would be no need to maintain
more than one enumeration system).
The Federal Government is responsible for 75 percent of Medicaid
State agency costs to enumerate and update health care providers.
Because we believe that, on average, the costs incurred by Medicaid
State agencies in enumerating and updating their own health care
providers to be relatively low and offset by savings, there are no
tangible costs involved.
Allowing these health plans to continue to enumerate their health
care providers would reduce the registry workload and its operating
costs. We estimate that approximately 85 percent of billing health care
providers transact business with a Medicaid State agency or a Federal
health plan. We estimate that 5 percent of Medicaid State agencies may
decline to enumerate their health care providers. If so, that work
would have to be absorbed by the registry. This expense could be offset
by the discontinuation of the UPIN registry, which is currently
maintained with Federal funds. The costs of this option are discussed
in section J.2.d., Enumerators, of the impact analysis.
We welcome comments on the number of health care providers that
would deal directly with a registry under this option and on
alternative ways to enumerate them.
This option does not offer a clear possibility for funding some of
the costs associated with the operation and maintenance of the NPS as
it becomes national in scope (that is, as the NPS enumerates health
care providers that are not Medicare providers). We solicit comments on
appropriate methods for funding the NPS under this option.
We believe that option 2 is the most advantageous and the least
costly. Option 1 is the simplest for health care providers to
understand but has a significant Federal budgetary impact. Option 2
takes advantage of existing expertise and processes to enumerate the
majority of health care providers. This reduces the cost of the
registry in option 2 to a point where it would be largely offset by
savings from eliminating redundant enumeration processes.
3. Fees and costs.
Because the statute did not provide a funding mechanism for the
enumeration process, Federal funds, if available, would be required to
finance this function. We seek comment on any burden that various
financing options might impose on the industry.
We welcome comments on possible ways to reduce the costs of
enumeration.
While the NPS has been developed to date by HCFA with Federal
funds, issues remain as to sources of future funding as the NPS becomes
national in use. We welcome your comments on sources for this funding.
4. Enumeration phases.
We intend to implement the NPI in phases because the number of
potential health care providers to be enumerated is too large to
enumerate at one time, regardless of the number of enumerators. We
describe in a., b., and c. below how the process would work if option 2
were selected and in d. below how implementation of option 1 would
differ.
a. Health care providers that participate in Medicare (including
physicians and other suppliers that furnish items and services covered
by Medicare) would be enumerated first because, as the managing entity,
HCFA has data readily available for all Medicare providers. Health care
providers that are already enrolled in Medicare at the time of
implementation would be enumerated based on existing Medicare provider
databases that have already been reviewed and validated. These health
care providers would not have to request an NPI--they would
automatically receive one. After this initial enumeration, new and non-
Medicare health care providers not yet enumerated that wish to
participate in Medicare would receive an NPI as a part of the
enrollment process.
b. Medicaid and non-Medicare Federal health plans that need to
enumerate their health care providers would follow a similar process,
based on a mutually agreed-upon timetable. Those health plans' existing
prevalidated databases could be used to avoid requiring large numbers
of health care providers to apply for NPIs. If a health care provider
were already enumerated by Medicare, that NPI would be communicated to
the second program. After the initial enumeration, new health care
providers that wish to participate in Medicaid or a Federal health plan
other than Medicare would receive an NPI as a part of that enrollment
process. Health care providers that transact business with more than
one such health plan could be enumerated by any one of those health
plans. This phase would be completed within 2 years after the effective
date of the final rule.
c. A health care provider that does not transact any business with
Federal health plans or Medicaid but that does conduct electronically
any of the transactions stipulated in HIPAA (for example, submits
claims electronically to a private health plan) would be enumerated via
a Federally-directed registry. This enumeration would be done
concurrently with the enumeration described in b., above. Health care
providers would apply to the registry for an NPI.
After the first two phases of enumeration (that is, enumeration of
health care providers enrolled or enrolling in Federal health plans or
Medicaid or health care providers that do not conduct business with any
of those plans but that conduct any of the HIPAA transactions
electronically), the health care providers remaining would be those
that do not conduct electronically any of the transactions specified in
HIPAA. We refer to these health care providers as ``non-HIPAA-
transaction health care providers.'' The non-HIPAA-transaction health
care providers would not be enumerated in the first two phases of
enumeration. We do not intend to enumerate these health care providers
until all health care providers requiring NPIs by statute are
enumerated and funds are available. In some cases, these health care
providers may wish to be enumerated even though

[[Page 25334]]

they do not conduct electronic transactions. Health plans may prefer to
use the NPI for all health care providers, whether or not they submit
transactions electronically, for the sake of processing efficiency. In
addition, some health care providers may wish to be enumerated even
though they conduct no designated transactions and are not affiliated
with any health plan. Additional research is required on the time table
and method by which non-HIPAA-transaction health care providers would
be enumerated.
d. If option 1 were selected, the Federally-directed registry would
enumerate all health care providers. With a single enumeration point
(although it could consist of several agents controlled by a single
entity, as stated earlier), we would envision enumeration taking place
in the following phases: Medicare providers; Medicaid providers and
other non-Medicare Federal providers; health care providers that do not
transact any business with the aforementioned plans but that process
electronically any of the transactions stipulated in HIPAA; and all
other health care providers (i.e., non-HIPAA-transaction health care
providers).

C. Approved Uses of the NPI

The law requires that we specify the appropriate uses of the NPI.
Two years after adoption of this standard (3 years for small health
plans) the NPI must be used in the health care system in connection
with the health-related financial and administrative transactions
identified in section 1173(a). The NPI may also be used as a cross
reference in health care provider fraud and abuse files and other
program integrity files (for example, the HHS Office of the Inspector
General sanction file). The NPI may be used to identify health care
providers for debt collection under the provisions of the Debt
Collection Information Act of 1996 and the Balanced Budget Act of 1997,
and for any other lawful activity requiring individual identification
of health care providers. It may not be used in any activity otherwise
prohibited by law.
Other examples of approved uses would include:
<bullet> Health care providers may use their own NPIs to identify
themselves in health care transactions or related correspondence.
<bullet> Health care providers may use other health care providers'
NPIs as necessary to complete health care transactions and on related
correspondence.
<bullet> Health care providers may use their own NPIs on
prescriptions (however, the NPI could not replace the DEA number or
State license number where either of those numbers is required on
prescriptions).
<bullet> Health plans may use NPIs in their internal provider files
to process transactions and may use them on transactions and in
communications with health care providers.
<bullet> Health plans may communicate NPIs to other health plans
for coordination of benefits.
<bullet> Health care clearinghouses may use NPIs in their internal
files to create and process standard transactions and in communications
with health care providers and health plans.
<bullet> NPIs may be used to identify treating health care
providers in patient medical records.

D. Summary of Effects on Various Entities

We summarize here how the implementation of the NPI would affect
health care providers, health plans, and health care clearinghouses, if
option 2 were selected. Differences that would result from selection of
option 1 are noted parenthetically.
1. Health care providers.
a. Health care providers interacting with Medicare, another Federal
plan, or a Medicaid State agency would receive their NPIs from the NPS
via one of those programs and would be required to use their NPIs on
all the specified electronic transactions. Each plan would establish
its own schedule for adopting the NPI, within the time period specified
by the law. Whether a given plan would automatically issue the NPIs or
require the health care providers to apply for them would be up to the
plan. (For example, the Medicare program would issue NPIs automatically
to its currently enrolled Medicare providers and suppliers; data on its
future health care providers and suppliers would be collected on the
Medicare enrollment application.) The Federal or State plan may impose
requirements other than those stated in the regulations.
The health care providers would be required to update any data
collected from them by submitting changes to the plan within 60 days of
the change. Health care providers that transact business with multiple
plans could report changes to any one of them. (Selection of option 1
would mean that the health care provider would obtain the NPI from, and
report changes to, the Federally-directed registry.)
b. Health care providers that conduct electronic transactions but
do not do so with Federal health plans or Medicaid would receive their
NPIs from the NPS via the Federally-directed registry and would be
required to use their NPIs on all the specified electronic
transactions. Each health plan would establish its own schedule for
adopting the NPI, within the time period specified by the law. The
health care providers would be required to update any data originally
collected from them by submitting changes within 60 days of the date of
the change to the Federally-directed registry.
c. Health care providers that are not covered by the above
categories would not be required to obtain an NPI. (These health care
providers are the non-HIPAA-transaction health care providers as
described in section 4.c. of section B. Enumerators earlier in this
preamble.) They may be enumerated if they wish, depending on
availability of funds, but they would not be issued NPIs until those
health care providers that currently conduct electronic transactions
have received their NPIs. As stated earlier, the timetable and method
by which the non-HIPAA-transaction health care providers would be
enumerated must be determined. After the non-HIPAA-transaction health
care providers are enumerated, they would be required to update any
data originally collected from them by submitting changes within 60
days of the date of the change. Those providers would report their
changes to the registry or to a Federal plan or Medicaid State agency
with which they transact business at the time of the change.
2. Health plans.
a. Medicare, other Federal health plans, and Medicaid would be
responsible for obtaining NPIs from the NPS and issuing them to their
health care providers. They would be responsible for updating the data
base with data supplied by their health care providers. (Selection of
option 1 would mean that Medicare, other Federal health plans, and
Medicaid would not enumerate health care providers or update their
data.)
These government health plans would establish their own schedule
for adopting the NPI, within the time period specified by the law. They
would be able to impose requirements on their health care providers in
addition to, but not inconsistent with, those in our regulations.
b. Each remaining health plan would be required to use the NPI to
identify health care providers in electronic transactions as provided
by the statute. Each health plan would establish its own schedule for
adopting the NPI, within the time period specified by the law. They
would be able to impose requirements on their health care providers in
addition to, but not inconsistent with, those in our regulations.

[[Page 25335]]

3. Health care clearinghouses.
Health care clearinghouses would be required to use a health care
provider's NPI on electronic standard transactions requiring an NPI
that are submitted on the health care provider's behalf.

IV. Data

[Please label written and e-mailed comments about this section with
the subject: DATA.]

A. Data Elements

The NPS would collect and store in the NPF a variety of information
about a health care provider, as shown in the table below. We believe
the majority of this information is used to uniquely identify a health
care provider; other information is used for administrative purposes. A
few of the data elements are collected at the request of potential
users that have been working with HCFA in designing the database prior
to the passage of HIPAA. All of these data elements represent only a
fraction of the information that would comprise a provider enrollment
file. The data elements in the table, plus cease/effective/termination
dates, switches (yes/no), indicators, and history, are being considered
as those that would form the NPF. We have included comments, as
appropriate. The table does not display systems maintenance or similar
fields, or health care provider cease/effective/termination dates.

National Provider File Data Elements
------------------------------------------------------------------------
Data elements Comments Purpose
------------------------------------------------------------------------
National Provider Identifier 8-position alpha- I
(NPI). numeric NPI assigned
by the NPS.
Provider's current name......... For Individuals only. I
Includes first,
middle, and last names.
Provider's other name........... For Individuals only. I
Includes first,
middle, and last
names. Other names
might include maiden
and professional names.
Provider's legal business name.. For Groups and I
Organizations only.
Provider's name suffix.......... For Individuals only. I
Includes Jr., Sr., II,
III, IV, and V.
Provider's credential For Individuals only. I
designation. Examples are MD, DDS,
CSW, CNA, AA, NP, RNA,
PSY.
Provider's Social Security For Individuals only... I
Number (SSN).
Provider's Employer Employer Identification I
Identification Number (EIN). Number.
Provider's birth date........... For Individuals only... I
Provider's birth State code..... For Individuals only... I
Provider's birth county name.... For Individuals only... I
Provider's birth country name... For Individuals only... I
Provider's sex.................. For Individuals only... I
Provider's race................. For Individuals only... U
Provider's date of death........ For Individuals only... I
Provider's mailing address...... Includes 2 lines of A
street address, plus
city, State, county,
country, 5- or 9-
position ZIP code.
Provider's mailing address ....................... A
telephone number.
Provider's mailing address fax ....................... A
number.
Provider's mailing address e- ....................... A
mail address.
Resident/Intern code............ For certain Individuals U
only.
Provider enumerate date......... Date provider was A
enumerated (assigned
an NPI). Assigned by
the NPS.
Provider update date............ Last date provider data A
was updated. Assigned
by the NPS.
Establishing enumerator/agent Identification number A
number. of the establishing
enumerator.
Provider practice location 2-position alpha- I
identifier (location code). numeric code (location
code) assigned by the
NPS.
Provider practice location name. Title (e.g., ``doing I
business as'' name) of
practice location.
Provider practice location Includes 2 lines of I
address. street address, plus
city, State, county,
country, 5- or 9-
position ZIP code.
Provider's practice location ....................... A
telephone number.
Provider's practice location fax ....................... A
number.
Provider's practice location e- ....................... A
mail address.
Provider classification......... From Accredited I
Standards Committee
X12N taxonomy.
Includes type(s),
classification(s),
area(s) of
specialization.
Provider certification code..... For certain Individuals U
only.
Provider certification For certain Individuals U
(certificate) number. only.
Provider license number......... For certain Individuals I
only.
Provider license State.......... For certain Individuals I
only.
School code..................... For certain Individuals I
only.
School name..................... For certain Individuals I
only.
School city, State, country..... For certain Individuals U
only.
School graduation year.......... For certain Individuals I
only.
Other provider number type...... Type of provider I
identification number
also/formerly used by
provider: UPIN, NSC,
OSCAR, DEA, Medicaid
State, PIN, Payer ID.
Other provider number........... Other provider I
identification number
also/formerly used by
provider.
Group member name............... For Groups only. Name I
of Individual member
of group. Includes
first, middle, and
last names.
Group member name suffix........ For Groups only. This I
is the Individual
member's name suffix.
Includes Jr., Sr., II,
III, IV, and V.

[[Page 25336]]

Organization type control code.. For certain U
Organizations only.
Includes Government--
Federal (Military),
Government--Federal
(Veterans),
Government--Federal
(Other), Government--
State/County,
Government--Local,
Government--Combined
Control, Non-
Government--Non-
profit, Non-
Government--For
Profit, and Non-
Government--Not for
Profit.
------------------------------------------------------------------------
Key:
I--Used for the unique identification of a provider.
A--Used for administrative purposes.
U--Included at the request of potential users (optional).

We need to consider the benefits of retaining all of the data
elements shown in the table versus lowering the cost of maintaining the
database by keeping only the minimum number of data elements needed for
unique provider identification. We solicit input on the composition of
the minimum set of data elements needed to uniquely identify each type
of provider. In order to consider the inclusion or exclusion of data
elements, we need to assess their purpose and use.
The data elements with a purpose of ``I'' are needed to identify a
health care provider, either in the search process (which is
electronic) or in the investigation of health care providers designated
as possible matches by the search process. These data elements are
critical because unique identification is the keystone of the NPS.
The data elements with a purpose of ``A'' are not essential to the
identification processes mentioned above, but nonetheless are valuable.
Certain ``A'' data elements can be used to contact a health care
provider for clarification of information or resolution of issues
encountered in the enumeration process and for sending written
communications; other ``A'' data elements (e.g., Provider Enumerate
Date, Provider Update Date, Establishing Enumerator/Agent Number) are
used to organize and manage the data.
Data elements with a purpose of ``U'' are collected at the request
of potential users of the information in the system. While not used by
the system's search process to uniquely identify a health care
provider, Race is nevertheless valuable in the investigation of health
care providers designated as possible matches as a result of that
process. In addition, Race is important to the utility of the NPS as a
statistical sampling frame. We solicit comments on the statistical
validity of Race data. Race is collected ``as reported''; that is, it
is not validated. It is not maintained, only stored. The cost of
keeping this data element is virtually nil. Other data elements
(Resident/Intern Code, Provider Certification Code and Number, and
Organization Type Control Code) with a purpose of ``U'', while not used
for enumeration of a health care provider, have been requested to be
included by some members of the health care industry for reports and
statistics. These data elements are optional and do not require
validation; many remain constant by their nature; and the cost to store
them is negligible.
The data elements that we judge will be expensive to either
validate or maintain (or both) are the license information, provider
practice location addresses, and membership in groups. We solicit
comments on whether these data elements are necessary for the unique
enumeration of health care providers and whether validation or
maintenance is required for that purpose.
Licenses may be critical in determining uniqueness of a health care
provider (particularly in resolving identities involving compound
surnames) and are, therefore, considered to be essential by some.
License information is expensive to validate initially, but not
expensive to maintain because it does not change frequently.
The practice location addresses can be used to aid in investigating
possible provider matches, in converting existing provider numbers to
NPIs, and in research involving fraud or epidemiology. Location codes,
which are discussed in detail in section B. Practice Addresses and
Group/Organization Options below, could be assigned by the NPS to point
to and identify practice locations of individuals and groups. Some
potential users felt that practice addresses changed too frequently to
be maintained efficiently at the national level. The average Medicare
physician has two to three addresses at which he/she practices. Group
providers may have many more practice locations. We estimate that 5
percent of health care providers require updates annually, and that
addresses are one of the most frequently changing attributes. As a
result, maintaining more than one practice address for an individual
provider on a national scale could be burdensome and time consuming.
Many potential users believe that practice addresses could more
adequately be maintained at local, health-plan specific levels.
Some potential users felt that membership in groups was useful in
identifying health care providers. Many others, however, felt that
these data are highly volatile and costly to maintain. These users felt
it was unlikely that membership in groups could be satisfactorily
maintained at the national level.
We welcome your comments on the data elements proposed for the NPF
and input as to the potential usefulness and tradeoffs for these
elements such as those discussed above.
We specifically invite comments and suggestions on how the
enumeration process might be improved to prevent issuance of multiple
NPIs to a health care provider.

B. Practice Addresses and Group/Organization Options

We have had extensive consultations with health care providers,
health plans, and members of health data standards organizations on the
requirements for provider practice addresses and on the group and
organization data in the NPS. (It is important to note that the NPS is
designed to capture a health care provider's mailing address. The
mailing address is a data element separate from the practice address,
and, as such, is not the subject of the discussion below.) Following
are the major questions relating to these issues:
<bullet> Should the NPS capture practice addresses of health care
providers?
For: Practice addresses could aid in non-electronic matching of
health care providers and in conversion of existing provider number
systems to NPIs. They could be useful for research specific to practice
location; for example, involving fraud or epidemiology.
Against: Practice addresses would be of limited use in the
electronic identification and matching of health care providers. The
large number of practice locations of some group

[[Page 25337]]

providers, the frequent relocation of provider offices, and the
temporary situations under which a health care provider may practice at
a particular location would make maintenance of practice addresses
burdensome and expensive.
<bullet> Should the NPS assign a location code to each practice
address in a health care provider's record? The location code would be
a 2-position alphanumeric data element. It would be a data element in
the NPS but would not be part of the NPI. It would point to a certain
practice address in the health care provider's record and would be
usable only in conjunction with that health care provider's NPI. It
would not stand alone as a unique identifier for the address.
For: The location code could be used to designate a specific
practice address for the health care provider, eliminating the need to
perform an address match each time the address is retrieved. The
location code might be usable, in conjunction with a health care
provider's NPI, as a designation for service location in electronic
health transactions.
Against: Location codes should not be created and assigned
nationally unless required to support standard electronic health
transactions; this requirement has not been demonstrated. The format of
the location code would allow for a lifetime maximum of 900 location
codes per health care provider; this number may not be adequate for
groups with many locations. The location code would not uniquely
identify an address; different health care providers practicing at the
same address would have different location codes for that address,
causing confusion for business offices that maintain data for large
numbers of health care providers.
<bullet> Should the NPS link the NPI of a group provider to the
NPIs of the individual providers who are members of the group?
For: Linkage of the group NPI to individual members' NPIs would
provide a connection from the group provider, which is possibly not
licensed or certified, to the individual members who are licensed,
certified or otherwise authorized to provide health care services.
Against: The large number of members of some groups and the
frequent moves of individuals among groups would make national
maintenance of group membership burdensome and expensive. Organizations
that need to know group membership prefer to maintain this information
locally, so that they can ensure its accuracy for their purposes.
<bullet> Should the NPS collect the same data for organization and
group providers? There would be no distinction between organization and
group providers. Each health care provider would be categorized in the
NPS either as an individual or as an organization. Each separate
physical location or subpart of an organization that needed to be
identified would receive its own NPI. The NPS would not link the NPI of
an organization provider to the NPI of any other health care provider,
although all organizations with the same employer identification number
(EIN) or same name would be retrievable via a query on that EIN or
name.
For: The categorization of health care providers as individuals or
organizations would provide flexibility for enumeration of integrated
provider organizations. Eliminating the separate category of group
providers would eliminate an artificial distinction between groups and
organizations. It would eliminate the possibility that the same entity
would be enumerated as both a group and an organization. It would
eliminate any need for location codes for groups. It would allow
enumeration at the lowest level that needs to be identified, offering
flexibility for enumerators, health plans or other users of NPS data to
link organization NPIs as they require in their own systems.
Against: A single business entity could have multiple NPIs,
corresponding to its physical locations or subparts.
Possible Approaches:
We present two alternatives to illustrate how answers to the
questions posed above would affect enumeration and health care provider
data in the NPS. Since the results would depend upon whether the health
care provider is an individual, organization, or group, we refer the
reader to section II.B.3., Definitions, of this preamble.
Alternative 1:
The NPS would capture practice addresses. It would assign a
location code for each practice address of an individual or group
provider. Organization and group providers would be distinguished and
would have different associated data in the NPS. Organization providers
could have only one location per NPI and could not have individuals
listed as members. Group providers could have multiple locations with
location codes per NPI and would have individuals listed as members.
For individual providers, the NPS would capture each practice
address and assign a corresponding location code. The NPS would link
the NPIs of individuals who are listed as members of a group with the
NPI of their group.
For organization providers, the NPS would capture the single active
practice address. It would not assign a corresponding location code.
For group providers, the NPS would capture each practice address
and assign a corresponding location code. The NPS would link the NPI of
a group with the NPIs of all individuals who are listed as members of
the group. A group location would have a different location code in the
members' individual records and the group record.
Alternative 2:
The NPS would capture only one practice address for an individual
or organization provider. It would not assign location codes. The NPS
would not link the NPI of a group provider to the NPIs of individuals
who are members of the group. Organization and group providers would
not be distinguished from each other in the NPS. Each health care
provider would be categorized as either an individual or an
organization.
For individual providers, the NPS would capture a single practice
address. It would not assign a corresponding location code.
For organization providers, each separate physical location or
subpart that needed to be identified would receive its own NPI. The NPS
would capture the single active practice address of the organization.
It would not assign a corresponding location code.
Recent consultations with health care providers, health plans, and
members of health data standards organizations have indicated a growing
consensus for Alternative 2 discussed above. Representatives of these
organizations feel that Alternative 2 will provide the data needed to
identify the health care provider at the national level, while reducing
burdensome data maintenance associated with provider practice location
addresses and group membership. We welcome comments on these and other
alternatives for collection of practice location addresses and
assignment of location codes, and on the group and organization
provider data within the NPS.

V. Data Dissemination

[Please label written and e-mailed comments about this section with
the subject: Dissemination.]

We are making information from the NPS available so that the
administrative simplification provisions of the law can be implemented
smoothly and efficiently. In addition to the health care provider's
name and NPI, it is important to make available other information

[[Page 25338]]

about the health care provider so that people with existing health care
provider files can associate their health care providers with the
appropriate NPIs. The data elements we are proposing to disseminate are
the ones that our research has shown will be most beneficial in this
matching process. The information needs to be disseminated to the
widest possible audience because the NPIs would be used in a vast
number of applications throughout the health care industry.
We propose to charge fees for the dissemination of such items as
data files and directories, but the fees would not exceed the costs of
the dissemination.
We would establish two levels of users of the data in the NPS for
purposes of disseminating information. Some of the data that would be
collected in order to assign NPIs would be confidential and not be
disclosed to those without a legitimate right of access to the
confidential data.
Level I--Enumerators
Access to the NPS would be limited to approved enumerators for the
system that would be specifically listed in 45 CFR part 142. We would
publish ``routine uses'' for the data concerning individuals in a
Privacy Act systems of records notice. The notice is being developed
and will be available during the comment period for this proposed rule.
Enumerators would have access to all data elements for all health
care providers in order to accurately resolve potential duplicate
situations (that is, the health care provider may already have been
enumerated). Enumerators would be required to protect the privacy of
the data in accordance with the Privacy Act.
Enumerators would have access to the on-line NPS and would also
receive periodic batch update files from HCFA.
Level II--The Public
The public (which includes individuals, health care providers,
software vendors, health plans that are not enumerators, and health
care clearinghouses) would have access to selected data elements.
The table below lists the data comprising the NPF, as described in
section IV. A. Data Elements, and indicates the dissemination level
(Level I or Level II).

Dissemination of Information From the National Provider File
------------------------------------------------------------------------
Dissemination
Data elements level Comments
------------------------------------------------------------------------
National Provider Identifier I and II.......... 8-position alpha-
(NPI). numeric NPI assigned
by the NPS.
Provider's current name...... I and II.......... For Individuals only.
Includes first,
middle, and last
names.
Provider's other name........ I and II.......... For Individuals only.
Includes first,
middle, and last
names. Other names
might include maiden
and professional
names.
Provider's legal business I and II.......... For Groups and
name. Organizations only.
Provider's name suffix....... I and II.......... For Individuals only.
Includes Jr., Sr.,
II, III, IV, and V.
Provider's credential I and II.......... For Individuals only.
designation. Examples are MD,
DDS, CSW, CNA, AA,
NP, RNA, PSY.
Provider's Social Security I only............ For Individuals only.
Number (SSN).
Provider's Employer I only............ Employer
Identification Number (EIN). Identification
Number.
Provider's birth date........ I only............ For Individuals only.
Provider's birth State code.. I only............ For Individuals only.
Provider's birth county name. I only............ For Individuals only.
Provider's birth country name I only............ For Individuals only.
Provider's sex............... I only............ For Individuals only.
Provider's race.............. I only............ For Individuals only.
Provider's date of death..... I only............ For Individuals only.
Provider's mailing address... I and II.......... Includes 2 lines of
street address, plus
city, State, county,
country, 5- or 9-
position ZIP code.
Provider's mailing address I only. .....................
telephone number.
Provider's mailing address I only. .....................
fax number.
Provider's mailing address e- I only. .....................
mail address.
Resident/Intern code......... I and II.......... For certain
Individuals only.
Provider enumerate date...... I and II.......... Date provider was
enumerated (assigned
an NPI). Assigned by
the NPS.
Provider update date......... I and II.......... Last date provider
data was updated.
Assigned by the NPS.
Establishing enumerator/agent I only............ Identification number
number. of the establishing
enumerator.
Provider practice location I and II.......... 2-position alpha-
identifier (location code). numeric code
(location code)
assigned by the NPS.
Provider practice location I and II.......... Title (e.g., ``doing
name. business as'' name)
of practice
location.
Provider practice location I and II.......... Includes 2 lines of
address. street address, plus
city, State, county,
country, 5- or 9-
position ZIP code.
Provider's practice location I only. .....................
telephone number.
Provider's practice location I only. .....................
fax number.
Provider's practice location I only. .....................
e-mail address.
Provider classification...... I and II.......... From Accredited
Standards Committee
X12N taxonomy.
Includes type(s),
classification(s),
area(s) of
specialization.
Provider certification code.. I only............ For certain
Individuals only.
Provider certification I only............ For certain
(certificate) number. Individuals only.
Provider license number...... I only............ For certain
Individuals only.
Provider license State....... I only............ For certain
Individuals only.
School code.................. I only............ For certain
Individuals only.
School name.................. I only............ For certain
Individuals only.
School city, State, country.. I only............ For certain
Individuals only.
School graduation year....... I only............ For certain
Individuals only.

[[Page 25339]]

Other provider number type... I and II.......... Type of provider
identification
number also/formerly
used by provider:
UPIN, NSC, OSCAR,
DEA, Medicaid State,
PIN, Payer ID.
Other provider number........ I and II.......... Other provider
identification
number also/formerly
used by provider.
Group member name............ I and II.......... For Groups only. Name
of Individual member
of group. Includes
first, middle, and
last names.
Group member name suffix..... I and II.......... For Groups only. This
is the Individual
member's name
suffix. Includes
Jr., Sr., II, III,
IV, and V.
Organization type control I and II.......... For certain
code. Organizations only.
Includes Government--
Federal (Military),
Government--Federal
(Veterans),
Government--Federal
(Other), Government--
State/County,
Government--Local,
Government--Combined
Control, Non-
Government--Non-
profit, Non-
Government--For
Profit, and Non-
Government--Not for
Profit.
------------------------------------------------------------------------

Clearly, the access to the public data would have to be electronic
in order to support the more frequent users. We are asking for comments
on exactly what should be available in hardcopy, what types of
electronic formats are necessary (for example, diskette, CD ROM, tape,
cartridge, and via Internet), and frequency of update. We anticipate
making these data as widely available as feasible. We note that the
UPIN Directory (currently available to the public) would be
discontinued and replaced with a similar document or electronic file
once the NPS is in place.
We initially envisioned limiting access to the second level to
health plans and other entities involved in electronic transactions and
adding a third level of access, which would make a more abbreviated
data set available to the general public. This was in keeping with the
past policy of not disclosing physicians' practice addresses. Recent
court decisions and our broader goal of beneficiary education caused us
to choose a broader data dissemination strategy. We welcome comments on
this point.

VI. New and Revised Standards

[Please label written and e-mailed comments about this section with
the subject: Revisions.]

To encourage innovation and promote development, we intend to
develop a process that would allow an organization to request a
revision or replacement to any adopted standard or standards.
An organization could request a revision or replacement to an
adopted standard by requesting a waiver from the Secretary of Health
and Human Services to test a revised or new standard. The organization
must, at a minimum, demonstrate that the revised or new standard offers
an improvement over the adopted standard. If the organization presents
sufficient documentation that supports testing of a revised or new
standard, we want to be able to grant the organization a temporary
waiver to test while remaining in compliance with the law. The waiver
would be applicable to standards that could change over time; for
example, transaction standards. We do not intend to establish a process
that would allow an organization to avoid using any adopted standard.
We would welcome comments on the following: (1) How we should
establish this process, (2) the length of time a proposed standard
should be tested before we decide whether to adopt it, (3) whether we
should solicit public comments before implementing a change in a
standard, and (4) other issues and recommendations we should consider
in developing this process.
Following is one possible process:
<bullet> Any organization that wishes to revise or replace an
adopted standard must submit its waiver request to an HHS evaluation
committee (not currently established or defined). The organization must
do the following for each standard it wishes to revise or replace:
+ Provide a detailed explanation, no more than 10 pages in length,
of how the revision or replacement would be a clear improvement over
the current standard in terms of the principles listed in section I.D.,
Process for developing national standards, of this preamble.
+ Provide specifications and technical capabilities on the revised
or new standard, including any additional system requirements.
+ An explanation, no more than 5 pages in length, of how the
organization intends to test the standard.
<bullet> The committee's evaluation would, at a minimum, be based
on the following:
+ A cost-benefit analysis.
+ An assessment of whether the proposed revision or replacement
demonstrates a clear improvement to an existing standard.
+ The extent and length of time of the waiver.
<bullet> The evaluation committee would inform the organization
requesting the waiver within 30 working days of the committee's
decision on the waiver request. If the committee decides to grant a
waiver, the notification may include the following:
+ Committee comments such as the following:

--The length of time for which the waiver applies if it differs from
the waiver request.
--The sites the committee believes are appropriate for testing if they
differ from the waiver request.
--Any pertinent information regarding the conditions of an approved
waiver.

<bullet> Any organization that receives a waiver would be required
to submit a report containing the results of the study, no later than 3
months after the study is completed.
<bullet> The committee would evaluate the report and determine
whether the benefits of the proposed revision or new standard
significantly outweigh the disadvantages of implementing it and make a
recommendation to the Secretary.

VII. Collection of Information Requirements

Under the Paperwork Reduction Act of 1995, we are required to
provide 60-day notice in the Federal Register and solicit public
comment before a collection of information requirement is submitted to
the Office of Management and Budget (OMB) for review and approval. In
order to fairly evaluate whether an information collection should be
approved by OMB, section 3506(c)(2)(A) of the Paperwork Reduction Act
of 1995 requires that we solicit comment on the following issues:

[[Page 25340]]

<bullet> The need for the information collection and its usefulness
in carrying out the proper functions of our agency.
<bullet> The accuracy of our estimate of the information collection
burden.
<bullet> The quality, utility, and clarity of the information to be
collected.
<bullet> Recommendations to minimize the information collection
burden on the affected public, including automated collection
techniques.

Section 142.408(a), (c) Requirements: Health Care Providers

In summary, each health care provider would be required to obtain,
by application if necessary, a national provider identifier and
communicate any changes to the data elements in its file in the
national provider system to an enumerator of national provider
identifiers within 60 days of the change.
Discussion:
We are especially interested in receiving comments on the possible
methods of managing the provider enumeration process. Given the
multitude of possible methods associated with managing the enumeration
process, we are unable to provide an accurate burden estimate at this
time. Below is the repeated provider identifier enumeration discussion,
from section II., Provisions of Proposed Regulations, E. Requirements,
3. Health care providers, of this preamble.
The process by which health care providers will apply for and
obtain NPIs has not yet been established. This proposed rule (in
section III., Implementation of the NPI) presents implementation
options by which health care providers would apply for and obtain NPIs.
We are seeking comments on the options and welcome other options for
consideration.
In one of the options we are presenting, we anticipate that the
initial enumeration of health care providers that are already enrolled
in Medicare, other Federal programs named as health plans, and Medicaid
would be done by those health plans. Those health care providers would
not have to apply for NPIs but would instead have their NPIs issued
automatically. Non-Federal and non-Medicaid providers would need to
apply for NPIs to a Federally-directed registry for initial
enumeration. The information that would be needed in order to issue an
NPI to a health care provider is discussed in this preamble in section
IV., Data. Depending on the implementation option selected, Federal and
Medicaid health care providers may not need to provide this information
because it would already be available to the entities that would be
enumerating them. In one of the options, health care providers would be
assigned their NPIs in the course of enrolling in the Federal health
plan or in Medicaid. Both options may require, to some degree, the
development of an application to be used in applying for an NPI.
We would require each health care provider that has an NPI to
forward updates to the data in the database to an NPI enumerator within
60 days of the date the change occurs. We are soliciting comments on
whether these updates should be applicable to all the data elements
proposed to be included in the NPF or only to those data elements that
are critical for enumeration. For example, we would like to know
whether the addition of a credential should be required to be reported
within the 60-day period or whether such updates should be limited to
name or address changes or other data elements that are required to
enumerate a health care provider.
Given the multitude of possible methods of implementing the
enumeration process we are soliciting public comment on each of the
following issues, before we submit a copy of this document to the
Office of Management and Budget (OMB) for its review of these
information collection requirements.

Sections 142.404 and 142.408(b) Requirements: Health Plans and
Requirements: Health Care Providers

In summary, each health plan would be required to accept and
transmit, either directly or via a health care clearinghouse, the NPI
of any health care provider required in any standard transaction. Also,
each health care provider must use NPIs wherever required on all
standard transactions it accepts or transmits directly.
Discussion:
The emerging and increasing use of health care EDI standards and
transactions raises the issue of the applicability of the PRA. The
question arises whether a regulation that adopts an EDI standard used
to exchange certain information constitutes an information collection
subject to the PRA. However, for the purpose of soliciting useful
public comment we provide the following burden estimates.
In particular, the initial burden on the estimated 4 million health
plans and 1.2 million health care providers to modify their current
computer systems software would be 2 hours/$60 per entity, for a total
burden of 10.4 million hours/$312 million. While this burden estimate
may appear low, on average, we believe it to be accurate. This is based
on the assumption that these and the other burden calculations
associated with HIPAA administrative simplification systems
modifications may overlap. This average also takes into consideration
that (1) this standard may not be used by several of the entities
included in the estimate, (2) this standard may already be in use by
several of the entities included in the estimate, (3) modifications may
be performed in an aggregate manner during the course of routine
business and/or, (4) modifications may be made by contractors, such as
practice management vendors, in a single effort for a multitude of
affected entities.
We invite public comment on the issues discussed above. If you
comment on these information collection and recordkeeping requirements,
please e-mail comments to JBurke1@hcfa.gov (Attn:HCFA-0045) or mail
copies directly to the following:

Health Care Financing Administration, Office of Information Services,
Information Technology Investment Management Group, Division of HCFA
Enterprise Standards, Room C2-26-17, 7500 Security Boulevard,
Baltimore, MD 21244-1850. Attn: John Burke HCFA-0045.
and,
Office of Information and Regulatory Affairs, Office of Management and
Budget, Room 10235, New Executive Office Building, Washington, DC
20503, Attn: Allison Herron Eydt, HCFA Desk Officer.

VIII. Response to Comments

Because of the large number of items of correspondence we normally
receive on Federal Register documents published for comment, we are not
able to acknowledge or respond to them individually. We will consider
all comments we receive by the date and time specified in the DATES
section of this preamble, and, if we proceed with a subsequent
document, we will respond to the comments in the preamble to that
document.

IX. Impact Analysis

A. Executive Summary

The costs of implementing the standards specified in the statute
are primarily one-time or short-term costs related to conversion. These
costs include system conversion/upgrade costs, start-up costs of
automation, training costs, and costs associated with implementation
problems. These costs will be incurred during the first three years of
implementation. The benefits of EDI include reduction in manual data
entry, elimination of postal service delays, elimination of the costs

[[Page 25341]]

associated with the use of paper forms, and the enhanced ability of
participants in the market to interact with each other.
In our analysis, we have used the most conservative figures
available and have taken into account the effects of the existing trend
toward electronic health care transactions. Based on this analysis, we
have determined that the benefits attributable to the implementation of
administrative simplification will accrue almost immediately but will
not exceed costs for health care providers and health plans until after
the third year of implementation. After the third year, the benefits
will continue to accrue into fourth year and beyond. The total net
savings for the period 1998-2002 will be $1.5 billion (a net savings of
$1.7 billion for health plans, and a net cost of $.2 billion for health
care providers). The single year net savings for the year 2002 will be
$3.1 billion ($1.6 billion for plans and $1.5 billion for providers).

B. Introduction

We assessed several strategies for determining the impact of the
various standards that the Secretary will designate under the statute.
We could attempt to analyze the costs and savings of each individual
standard independently or we could analyze the costs and savings of all
the standards in the aggregate. We chose to base our analysis on the
aggregate impact of all the standards. Assessing the cost of
implementing each standard independently would yield inflated costs.
The statute gives health care providers and health plans 24 months (36
months for small health plans) to implement each standard after it is
designated. This will give the industry flexibility in determining the
most cost-effective way of implementing the standards. A health plan
may decide to implement more than one standard at a time or to combine
implementation of a standard with other system changes dictated by its
own business needs. As a result, overall estimates will be more
accurate than individual estimates.
Assessing the benefits of implementing each standard independently
would also be inaccurate. While each individual standard is beneficial,
the standards as a whole have a synergistic effect on savings. For
example, the combination of the standard health plan identifier and
standard claim format would improve the coordination of benefits
process to a much greater extent than either standard individually.
Clearly, the costs and benefits described in this impact analysis are
dependent upon all of the rules being published at roughly the same
time.
It is difficult to assess the costs and benefits of such a sweeping
change with no historical experience. Moreover, we do not yet know
enough about the issues and options related to the standards that are
still being developed to be able to discuss them here. Our analysis, as
a result, will be primarily qualitative and somewhat general. In order
to address that shortcoming, we have added a section discussing
specific issues related to the provider identifier standard. In each
subsequent regulation, we will, if appropriate, include a section
discussing the specifics of the standard or standards being designated
in the regulation. In addition, we will update this analysis to reflect
any additional cost/benefit information that we receive from the public
during the comment period for the proposed rule. We solicit comments on
this approach and on our assumptions and conclusions.

C. Overall Cost/Benefit Analysis

In order to assess the impact of the HIPAA administrative
simplification provisions, it is important to understand current
industry practices. A 1993 study by Lewin-VHI (1, p. 4) estimated that
administrative costs comprised 17 percent of total health expenditures.
Paperwork inefficiencies are a component of those costs, as are the
inefficiencies caused by the more than 400 different data transmission
formats currently in use. Industry groups such as ANSI ASC X12N have
developed standards for EDI transactions, which are used by some health
plans and health care providers. However, migration to these recognized
standards has been hampered by the inability to develop a concerted
approach, and even ``standard'' formats such as the Uniform Bill (UB-
92), the standard Medicare hospital claim form (which is used by most
hospitals, skilled nursing facilities, and home health agencies for
inpatient and outpatient claims) are customized by plans and health
care providers.
Several reports have made estimates of the costs and/or benefits of
implementing electronic data interchange (EDI) standards. In assessing
the impact of the HIPAA administrative simplification provisions, the
Congressional Budget Office reported that:

``The direct cost of the mandates in Title II of the bill would
be negligible. Health plans (and those providers who choose to
submit claims electronically) would be required to modify their
computer software to incorporate new standards as they are adopted
or modified. . . . Uniform standards would generate offsetting
savings for plans and providers by simplifying the claims process
and coordination of benefits.'' (page 4 of the Estimate of Costs of
Private Sector Mandates)

The most extensive industry analysis of the effects of EDI
standards was developed by WEDI in 1993, which built upon a similar
1992 report. The WEDI report used an extensive amount of information
and analysis to develop its estimates, including data from a number of
EDI pilot projects. The report included a number of electronic
transactions that are not covered by HIPAA, such as materials
management. The report projected implementation costs ranging between
$5.3 billion and $17.3 billion (3, p. 9-4) and annual savings for the
transactions covered by HIPAA ranging from $8.9 billion and $20.5
billion (3, pp. 9-5 and 9-6). Lewin estimated that the data standards
proposed in the Healthcare Simplification and Uniformity Act of 1993
would save from 2.0 to 3.9 percent of administrative costs annually
($2.6 to $5.2 billion based on 1991 costs) (1, p. 12). A 1995 study
commissioned by the New Jersey Legislature estimated yearly savings of
$760 million in New Jersey alone, related to EDI claims processing,
reducing claims rejection, performing eligibility checks, decreasing
accounts receivable, and other potential EDI applications (4, p. 316)
We have drawn heavily on the WEDI report for many of our estimates.
However, our conclusions differ, especially in the area of savings, for
a number of reasons. The WEDI report was intended to assess the savings
from a totally EDI environment, which HIPAA does not mandate. Health
care providers may still choose to conduct HIPAA transactions on paper.
In addition, a significant amount of movement toward EDI has been made
(especially in the claims area) since 1993, and it is reasonable to
assume that EDI would have continued to grow at some rate even without
HIPAA. In order to assess the true impact of the legislation and these
regulations, we cannot claim that all subsequent benefits are
attributable to HIPAA.

D. Implementation Costs

The costs of implementing the standards specified in the statute
are primarily one-time or short-term costs related to conversion. They
can be characterized as follows:
1. System Conversion/Upgrade--Health care providers and health
plans will incur costs to convert existing software to utilize the
standards. Health plans and large health care providers generally have
their own information systems, which they maintain with in-

[[Page 25342]]

house or contract support. Small health care providers are more likely
to use off-the-shelf software developed and maintained by a vendor.
Examples of software changes include the ability to generate and accept
transactions using the standard (for example, claims, remittance
advices) and converting or crosswalking current provider files and
medical code sets to chosen standards. However, health care providers
have considerable flexibility in determining how and when to accomplish
these changes. One alternative to a complete system redesign would be
to purchase a translator that reformats existing system outputs into
standard transaction formats. A health plan or health care provider
could also decide to implement two or more related standards at once or
to implement one or more standards during a software upgrade. We expect
that each health care provider's and health plan's situation will
differ and that each will select a cost-effective implementation
scheme. Many health care providers use billing agents or claims
clearinghouses to facilitate EDI. (Although we discuss billing agents
and claims clearinghouses as separate entities in this impact analysis,
billing agents are considered to be the same as clearinghouses for
purposes of administrative simplification.) Those entities would also
have to reprogram to accommodate standards. We would expect these costs
to be passed on to health care providers in the form of fee increases
or to be absorbed as a cost of doing business.
2. Start-up Cost of Automation--The legislation does not require
health care providers to conduct transactions electronically. Those who
do not currently have electronic capabilities would have to purchase
and implement hardware and software and train staff to use it in order
to benefit from EDI. However, this is likely to be less costly once
standards are in place, because there will be more vendors supporting
the standard.
3. Training--Health care provider and health plan personnel will
require training on use of the various standard identifiers, formats,
and code sets. For the most part this will be directed toward
administrative personnel, but training in new code sets would be
required for clinical staff as well.
4. Implementation problems--The implementation of any industry-wide
standards will inevitably introduce additional complexity as health
plans and health care providers struggle to re-establish communication
and process transactions using the new formats, identifiers, and code
sets. This is likely to result in a temporary increase in rejected
transactions, manual exception processing, payment delays, and requests
for additional information.
While the majority of costs are one-time costs related to
implementation, there are also on-going costs associated with
administrative simplification. Health care providers and health plans
may incur on-going costs to subscribe to or purchase documentation and
implementation guides related to code sets and standard formats as well
as health plan and provider identifier directories or data files. These
entities may already be incurring some of these costs, and the costs
under HIPAA would be incremental. We will be pursuing low-cost
distribution options to keep these costs as low as possible.
In addition, EDI could affect cash flow throughout the health
insurance industry. Electronic claims reach the health plan faster and
can be processed faster. This has the potential to improve health care
providers' cash flow situations while decreasing health plans' earnings
on cash reserves.
The only known impact on individuals and employers (other than
those that function as health plans) is the need to obtain an
identifier.

E. Benefits of Increased Use of EDI for Health Care Transactions

Some of the benefits attributable to increased EDI can be readily
quantified, while others are more intangible. For example, it is easy
to compute the savings in postage from EDI claims, but attributing a
dollar value to processing efficiencies is difficult. In fact, the
latter may not result in lower costs to health care providers or health
plans but may be categorized as cost avoidance, rather than savings.
For example, a health care provider may find that its billing office
staff can be reduced from four clerks to three after standards are
implemented. The health care provider could decide to reduce the staff
size, to reduce the billing office staff and hire additional clinical
personnel, or to retain the staff and assign new duties to them. Only
the first option results in a ``savings'' (i.e., fewer total dollars
spent) for the health care provider or the health care industry.
However, all three options allow health care providers to reduce
administrative costs associated with billing. We are considering these
to be benefits for purposes of this analysis because it is consistent
with the way the industry views them.
The benefits of EDI to industry in general are well documented in
the literature. One of the most significant benefits of EDI is the
reduction in manual data entry. The paper processing of business
transactions requires manual data entry at the point in which the data
are received and entered into a system. For example, the data on a
paper health care transaction from a health care provider to a health
plan have to be manually entered into the health plan's business
system. If the patient has more than one health plan, the second health
plan would also have to manually enter the data into its system if it
cannot receive the information electronically. The potential for
repeated keying of information transmitted via paper results in
increased labor as well as significant opportunities for keying errors.
EDI allows for direct data transmission between computer systems, which
reduces the need to rekey data.
Another problem with paper-based transactions is that these
documents are mostly mailed. Normal delivery times of mailings can vary
anywhere from one to several days for normal first class mail. To ship
paper documents more quickly can be expensive. While bulk mailings can
reduce some costs, paper mailings remain costly. Using postal services
can also lead to some uncertainty as to whether the transaction was
received, unless more expensive certified mail options are pursued. A
benefit of EDI is that the capability exists for the sender of the
transaction to receive an electronic acknowledgment once the data is
opened by the recipient. Also, because EDI involves direct computer to
computer data transmission, the associated delays with postal services
are eliminated. With EDI, communication service providers such as value
added networks function as electronic post offices and provide 24-hour
service. Value added networks deliver data instantaneously to the
receiver's electronic mailbox.
In addition to mailing time delays, there are other significant
costs in using paper forms. These include the costs of maintaining an
inventory of forms, typing data onto forms, addressing envelopes, and
the cost of postage. The use of paper also requires significant staff
resources to receive and store the paper during normal processing. The
paper must be organized to permit easy retrieval if necessary.

F. The Role of Standards in Increasing the Efficiency of EDI

There has been a steady increase in use of EDI in the health care
market since 1993, and we predict that there would be some continued
growth, even without national standards. However, we believe the upward
trend in EDI health care transactions will be enhanced by having
national standards

[[Page 25343]]

in place. Because national standards are not in place today, there
continues to be a proliferation of proprietary formats in the health
care industry. Proprietary formats are those that are unique to an
individual business. Due to proprietary formats, business partners that
wish to exchange information via EDI must agree on which formats to
use. Since most health care providers do business with a number of
plans, they must produce EDI transactions in many different formats.
For small health care providers, this is a significant disincentive for
converting to EDI.
National standards would allow for common formats and translations
of electronic information that would be understandable to both the
sender and receiver. If national standards were in place, there would
be no need to determine what format a trading partner was using.
Standards also reduce software development and maintenance costs that
are required for converting proprietary formats. The basic costs of
maintaining unique formats are the human resources spent converting
data or in personally contacting entities to gather the data because of
incompatible formats. These costs are reflected in increased office
overhead, and a reliance on paper and third party vendors as well as
communication delays and general administrative hassle. Health care
transaction standards will improve the efficiency of the EDI market and
will help further persuade reluctant industry partners to choose EDI
over traditional mail services.
The statute directs the Secretary to establish standards and sets
out the timetable for doing so. The Secretary must designate a standard
for each of the specified transactions and identifiers but does have
the discretion to designate alternate standards (for example, both a
flat file and X12N format for a particular transaction). We have chosen
to designate a single standard for each identifier and transaction. On
the surface, allowing alternate standards would seem to be a more
flexible approach, permitting health care providers and health plans to
choose which standard best fits their business needs. In reality,
health plans and health care providers generally conduct EDI with
multiple partners. Since the choice of a standard transaction format is
a bilateral decision between the sender and receiver, most health plans
and health care providers would need to support all of the designated
standards for the transaction in order to meet the needs of all of
their trading partners. Single standards will maximize net benefits and
minimize ongoing confusion.
Health care providers and health plans have a great deal of
flexibility in how and when they will implement standards. The statute
specifies dates by which health plans will have adopted standards, but
within that time period health plans can determine when and in which
order they will implement standards. Health care providers have the
flexibility to determine when it is cost-effective for them to convert
to EDI. Health plans and health care providers have a wide range of
vendors and technologies from which to choose in implementing standards
and can choose to utilize a health care clearinghouse to produce
standard transactions. Implementation options for transactions will be
the subject of more detailed analysis in a subsequent regulation.

G. Cost/Benefit Tables

The tables below illustrate the costs for health plans and health
care providers to implement the standards and the savings that will
occur over time as a result of the HIPAA administrative simplification
provisions. All estimates are stated in 1998 dollars--no adjustment has
been made for present value.
The tables are extracted from a report prepared by our actuaries,
who analyzed the impact of the HIPAA administrative simplification
provisions. Using standard actuarial principles, they utilized data
from a wide range of industry sources as a base for their estimates but
revised them as needed to precisely reflect the impact of the
legislation. For example, the number of health care providers and
percentage of EDI transactions were adjusted to reflect expected 1998
levels. Where data were not available (for example, the percentage of
EDI billing for hospices), estimates were developed based on
assumptions. Where data from multiple sources were in conflict, the
various sources were considered in developing an independent estimate.
These processes are complex and are described in detail in the
actuaries' report, both in narrative form and in footnotes to tables.
The report is too voluminous to publish here, and it is not feasible to
describe the processes used to arrive at each and every number. We are
presenting here the data that are most critical to assessing the impact
of HIPAA administrative simplification provisions and a general
description of the processes used to develop those data. The full
actuarial report is available for inspection at the HCFA document room
and at the following web site: http://aspe.os.dhhs.gov/admnsimp/.
The costs are based on estimates for the cost of a moderately
complex set of software upgrades. The range of costs that health plans
and health care providers will incur is quite large and is based on
such factors as the size and complexity of the existing systems,
ability to implement using existing low-cost translator software, and
reliance on health care clearinghouses to create standard transactions.
The cost of a moderately complex upgrade represents a reasonable
midpoint in this range. In addition, we assume that health plans and
health care providers with existing EDI systems will incur
implementation costs related to manual operations to make those
processes compatible with the EDI systems. For example, manual
processes may be converted to recognize standard identifiers or to
produce paper remittance advices that contain the same data elements as
the EDI standard transaction. We have estimated those costs to equal 50
percent of the upgrade cost. Health care providers that do not have
existing EDI systems will also incur some costs due to HIPAA, even if
they choose not to implement EDI for all of the HIPAA transactions. For
example, a health care provider may have to change accounting practices
in order to process the revised paper remittance advice discussed
above. Health plans must accept HIPAA transactions via EDI, but not all
health plans will be called upon to accept all HIPAA transactions. For
example, some health plans process only dental claims, while others
process claims for institutional and noninstitutional services. We have
assumed the average cost for non-EDI health care providers and health
plans to be half that of already-automated health care providers and
health plans.
Savings are based on the estimated increase in EDI attributable to
the HIPAA administrative simplification provisions, multiplied by a per
transaction savings for each type of transaction. Our estimates are
much lower than those included in the WEDI report, primarily because we
only recognize savings that would not have occurred without the
legislation. While some industry estimates of gross savings (not net of
costs) have been as high as $32.8 billion over five years, we believed
it was important to utilize the most conservative assumptions possible.
It is important to view these estimates as an attempt to furnish a
realistic context rather than as precise budgetary predictions. Our
estimates also do not include any benefits attributable to qualitative
aspects of Administrative simplification, because of the lack of
reliable data. (For example, we do not

[[Page 25344]]

attempt to put a dollar value on improved public health practices that
will result from implementation of standard identifiers.) We strongly
encourage comments on how to quantitatively and qualitatively measure
the efficiencies realized as a result of the HIPAA administrative
simplification standards.
More detailed information regarding data sources and assumptions is
provided in the explanations for the specific tables.
Table 1 below shows estimated costs and savings for health plans.
The number of entities is based on the WEDI report, Department of Labor
data, and various trade publications trended forward to 1998. The cost
per health plan for software upgrades is based on the WEDI report,
which estimated a range of costs required to implement a fully capable
EDI environment. The high-end estimates ranged from two to ten times
higher than the low-end estimates. We have used the lower end of the
estimates in most cases because, as explained above, HIPAA does not
require as extensive changes as envisioned by WEDI. The estimated
percentages of health plans that accept electronic billing are based on
reports in the 1997 edition of Faulkner & Gray's Health Data Directory
(5). The total cost for each type of health plan is the sum of the cost
for EDI and non-EDI plans. Cost for EDI plans is computed as follows:

Total Entities x EDI % x Average Upgrade Cost x 1.5

(Note: As described above, the cost of changing manual processes is
estimated to be half the cost of system changes.)

Cost for non-EDI plans is computed as follows:

Total entities x (1 x EDI %) x Average Upgrade Cost x .5

(Note: As described above, cost to non-EDI health care providers is
assumed to be half the cost of systems changes.)

The $3.9 billion in savings is derived from Table 4, and represents
savings to health plans for the first five years of implementation. The
assumptions related to these savings are contained in the explanation
to Table 4. The savings have been apportioned to each type of health
plan based on the ratio of that health plan type's cost to the cost to
all health plans. For example, a plan type that incurs ten percent of
the costs would be assigned ten percent of the savings. We acknowledge
that this is an imprecise method for allocating savings. We have not
been able to identify a reliable method for allocating savings to
specific types of health plans but nonetheless believed that it was
important to present costs and savings together in order to provide a
sense of how the HIPAA administrative simplification provisions would
affect various entities.

Table 1.--Health Plan Implementation Costs and Savings
[in Millions--1998-2002]
----------------------------------------------------------------------------------------------------------------
Number of Percent Total cost (in Savings (in
Type of plan plans Average cost EDI millions) millions)
----------------------------------------------------------------------------------------------------------------
Large commercials.................... 250 $1,000,000 .90 $350 $620
Smaller commercials.................. 400 500,000 .50 200 354
Blue Cross/Blue Shield............... 75 1,000,000 .90 106 188
Third-party administered............. 750 500,000 .50 375 665
HMO/PPO.............................. 1,500 250,000 .50 375 665
Self-administered.................... 16,000 50,000 .25 600 1,063
Other employer plans................. 3,900,000 100 .00 195 345
Total............................ .............. .............. ......... $2,201 $3,900
----------------------------------------------------------------------------------------------------------------

Table 2 illustrates the costs and savings attributable to various
types of health care providers.
The number of entities (practices, not individual health care
providers) is based on the 1992 Census of Services, the 1996
Statistical Abstract of the United States, and the American Medical
Association survey of group practices trended forward to 1998.
Estimated percentages of EDI billing are based on the 1997 edition of
Faulkner & Gray's Health Data Directory or are actuarial estimates.
The cost of software upgrades for personal computers (PCS) is based
on reports on the cost of software upgrades to translate and
communicate standardized claims forms. The low end is used for smaller
practices and the high end for larger practices with PCS. The estimate
for mainframe upgrade packages is twice the upper end for PCS. The cost
per upgrade for facilities is ours after considering estimates by WEDI
and estimates of the cost of new software packages in the literature.
The estimates fall within the range of the WEDI estimates, but that
range is quite large. For example, WEDI estimates the cost for a large
hospital upgrade would be from $50,000 to $500,000. For an explanation
of the method for computing Total Cost, see the explanation for Table
1.
The $3.4 billion in savings is derived from Table 4 and represents
savings to health care providers for the first five years of
implementation. We have included them here to provide a sense of how
the HIPAA administrative simplification provisions would affect various
entities. As in Table 1, the savings have been apportioned to each type
of health care provider based on the ratio of that health care provider
type's cost to the cost to all health care providers.

Table 2.--Health Care Provider Implementation Costs and Savings
[In millions--1998-2002]
----------------------------------------------------------------------------------------------------------------
Number of Percent Total cost (in Savings (in
Type of provider providers Average cost EDI millions) millions)
----------------------------------------------------------------------------------------------------------------
Hospitals <100 beds.................. 2,850 $100,000 .86 $388 $369
Hospitals 100+ beds.................. 3,150 250,000 .86 1,071 1,019
Nursing facility <100 beds........... 27,351 10,000 .50 274 260
Nursing facility 100+ beds........... 8,369 20,000 .50 167 159

[[Page 25345]]

Home health agency................... 10,608 10,000 .75 133 126
Hospice.............................. 1,191 10,000 .10 7 7
Dialysis facility.................... 1,211 10,000 .75 15 14
Specialty outpatient................. 7,175 10,000 .75 90 85
Pharmacy............................. 70,100 4,000 .85 379 360
Medical labs......................... 9,000 4,000 .85 49 46
Dental labs.......................... 8,000 1,500 .50 12 11
DME.................................. 116,800 1,500 .50 175 167
Physicians solo and groups <3........ 337,000 1,500 .20 354 337
Physicians groups 3+ with mainframe.. 17,000 8,000 .75 170 162
Physicians groups 3+ with PCS........ 15,000 4,000 .40 54 51
Physicians groups 3+ no automation... 2,000 0 .00 0 0
Osteopaths........................... 35,600 1,500 .10 32 30
Dentists............................. 147,000 1,500 .14 141 134
Podiatrists.......................... 8,400 1,500 .05 7 6
Chiropractors........................ 29,000 1,500 .05 24 23
Optometrists......................... 18,200 1,500 .05 14 14
Other professionals.................. 23,600 1,500 .05 20 19
--------------------------------------------------------------------------
Total............................ .............. .............. ......... 3,574 3,400
----------------------------------------------------------------------------------------------------------------

Table 3 shows the estimates we used to determine the portion of EDI
increase attributable to the HIPAA administrative simplification
provisions. The proportion of claims that would be processed
electronically even without HIPAA is assumed to grow at the same rate
from 1998 through 2002 as it did from 1992 to 1996, except that the
rate for hospitals, which is already high, is assumed to grow at one
percent annually instead of the two percent that was observed from
1992-1996. The proportion of ``other'' provider claims is high because
it includes pharmacies that generate large volumes of claims and have a
high rate of electronic billing.
The increase attributable to HIPAA is highly uncertain and is
critical to the savings estimate. Our actuary arrived at these
estimates based on an analysis of the current EDI environment. Because
the rate of growth in electronic billing is already high, there is not
much room for added growth. On the other hand, much of the increase
that has already occurred is attributable to Medicare and Medicaid;
private insurers and third party administrators still have fairly low
rates of electronic billing and may benefit significantly from
standardization.

Table 3.--Percent Growth in EDI Claims Attributable to HIPAA as Provisions
[Cumulative]
----------------------------------------------------------------------------------------------------------------
1998 1999 2000 2001 2002
Type of Provider (percent) (percent) (percent) (percent) (percent)
----------------------------------------------------------------------------------------------------------------
Physician:
Percent before HIPAA....................... 45 50 55 60 65
Percent after HIPAA........................ 45 52 59 66 73
----------------------------------------------------------------
Difference................................. ........... 2 4 6 8
----------------------------------------------------------------
Hospital:
Percent before HIPAA....................... 86 87 88 89 90
Percent after HIPAA........................ 86 88 89 91 92
----------------------------------------------------------------
Difference................................. ........... 1 1 2 2
----------------------------------------------------------------
Other:
Percent before HIPAA....................... 75 76 77 78 79
Percent after HIPAA........................ 75 78 81 84 87
Difference................................. ........... 2 4 6 8
----------------------------------------------------------------------------------------------------------------

Table 4 shows the annual costs, savings, and net savings over a
five-year implementation period. We assume that the costs will be
incurred within the first three years, since the statute requires
health plans other than small health plans to implement within 24
months and small health plans to implement within 36 months. As each
health plan implements a standard, health care providers that conduct
electronic transactions with that health plan would also implement the
standard. We assume that no savings would accrue in the first year,
because not enough health plans and health care providers would have
implemented the standards. Savings would increase as more health plans
and health care providers implement, exceeding costs in the fourth
year. At that point, the majority of health plans and health care
providers will have implemented the

[[Page 25346]]

standards, and costs will decrease and benefits will increase as a
result.
The savings per claim processed electronically instead of manually
is based on the lower end of the range estimated by WEDI. We have used
$1 per claim for health plans and physicians, and $.75 per claim for
hospitals and other health care providers. These estimates are based on
surveys of health care providers and health plans. Savings per EDI
claim are computed by multiplying the per claim savings times the
number of EDI claims attributed to HIPAA. The total number of EDI
claims is used in computing the savings to health plans, while the
savings for specific health care provider groups is computed using only
the number of EDI claims generated by that group (for example, savings
to physicians is computed using only physician EDI claims).
WEDI also estimated savings resulting from other HIPAA
transactions. The savings per transaction was higher than the savings
from electronic billing, but the number of transactions was much
smaller. Our estimates for transactions other than claims were derived
by assuming a number of transactions and a savings per transaction
relative to those assumed for the savings for electronic billing (see
table 4a). In general our assumptions are close to those used by WEDI.
One major difference is that we derived the number of enrollment/
disenrollment transactions from Department of Labor statistics. We used
their estimate of the number of events requiring a certificate to be
issued, which includes such actions as starting or leaving a firm,
children ``aging out'' of coverage and death of policyholder. That
estimate is about 45 million events. We used WEDI's estimate that the
savings per transaction is about half that of billing transactions.
We also assumed that savings could be expected from simplifications
in manual claims. The basic assumption is that the savings are ten
percent (per transaction) of those that are projected for conversion to
electronic billing. However, it is also assumed that the standards only
gradually allow health care providers and health plans to abandon old
forms and identifiers because of the many relationships that have been
established with other entities that will require a period of overlap.

Table 4.--Five-Year Net Savings
[in billions of dollars]
----------------------------------------------------------------------------------------------------------------
Costs and savings 1998 1999 2000 2001 2002 Total
----------------------------------------------------------------------------------------------------------------
Costs:
Provider.............................. 1.3 1.3 1.1 0.0 0.0 3.6
Plan.................................. 0.8 0.8 0.7 0.0 0.0 2.2
---------------------------------------------------------------------
Total............................. 2.0 2.0 1.7 0.0 0.0 5.8
=====================================================================
Savings From Claims Processing:
Provider.............................. 0.0 0.1 0.3 0.4 0.6 1.4
Plan.................................. 0.0 0.1 0.2 0.4 0.5 1.2
---------------------------------------------------------------------
Total............................. 0.0 0.2 0.5 0.8 1.1 2.6
=====================================================================
Savings from Other Transactions:
Provider.............................. 0.0 0.2 0.4 0.7 1.1 2.4
Plan.................................. 0.0 0.2 0.4 0.6 0.8 2.0
---------------------------------------------------------------------
Total............................. 0.0 0.3 0.8 1.2 1.8 4.1
=====================================================================
Savings From Manual Transactions:
Provider.............................. 0.0 0.0 0.1 0.1 0.1 0.3
Plan.................................. 0.0 0.0 0.1 0.1 0.1 0.3
---------------------------------------------------------------------
Total............................. 0.0 0.1 0.1 0.2 0.2 0.6
=====================================================================
Total Savings:
Provider.............................. (1.3) (1.0) (0.5) 1.0 1.5 (0.2)
Plan.................................. (0.8) (0.5) 0.0 1.2 1.6 1.7
---------------------------------------------------------------------
Total............................. (2.0) (1.4) (0.3) 2.2 3.1 1.5
----------------------------------------------------------------------------------------------------------------

Note: Figures do not total due to rounding.

Table 4a shows the savings per nonclaim transaction as a multiple
of claims savings per transaction and the ratio of transactions to
number of claims. These values were used to determine the savings for
nonclaims transactions.

Table 4a.--Relative Savings and Volume of Other Transactions
------------------------------------------------------------------------
Transaction Savings Volume
------------------------------------------------------------------------
Claim............................................ 1.0 1.0
Claims inquiry................................... 4.0 0.5
Remittance advice................................ 1.5 0.10
Coordination of benefits......................... 0.5 0.10
Eligibility inquiry.............................. 0.5 0.05
Enrollment/disenrollment......................... 0.5 0.01
Referral......................................... 0.1 0.10
------------------------------------------------------------------------

H. Qualitative Impacts of Administrative Simplification

Administration simplification produces more than hard-dollar
savings. There are also qualitative benefits that

[[Page 25347]]

are less tangible, but nevertheless important. These changes become
possible when data can be more easily integrated across entities. WEDI
suggests in its 1993 report that there will be a ``ripple-effect'' of
implementing an EDI infrastructure on the whole health care delivery
system in that there would be a reduction in duplicate medical
procedures and processes as a patient is handled by a continuum of
health care providers during an episode of care. WEDI also suggests
that there will be a reduction in the exposure to health care fraud as
security controls on electronic transactions will prevent unauthorized
access to financial data.
We also believe that having standards in place would reduce
administrative burden and improve job satisfaction. For example, fewer
administrative staff would be required to translate procedural codes,
since a common set of codes would be used. All codes used in these
transactions will be standardized, eliminating different values for
data elements (for example, place of service).
Administrative simplification would promote the accuracy,
reliability and usefulness of the information shared. For example,
today there are any number of claims formats and identifiers in use. We
estimate that there are over 400 variations of electronic formats for
claims transactions alone. As we noted earlier, these variations make
it difficult for parties to exchange information electronically. At a
minimum, it requires data to be translated from the sender's own format
to the different formats specified by each intended receiver. Also,
since industry has taken different approaches to uniquely identifying
patients, health care providers and health plans (based on their
individual business needs and preferences), it has become difficult to
develop methods to compare services across health care providers and
health plans. This mixed approach to enumeration has made it extremely
difficult for health care researchers to do comparative analysis across
settings and over time, and complicates identification of individuals
for public health and epidemiologic purposes.
Administrative simplification greatly enhances the sharing of data
both within entities and across entities. It facilitates the
coordination of benefit information by having in place a standardized
set of data that is known to all parties, along with standardized name
and address information that tells where to route transactions. Today,
health care providers are reluctant to file claims to multiple health
plans on the behalf of the patient because information about a
patient's eligibility in a health plan is difficult to verify.
Additionally, identifying information about health plans is not
standardized or centralized for easy access. Most claims filed by
patients today are submitted in hardcopy. We anticipate that more
health care providers will file claims and coordinate benefits on the
patient's behalf once standard identifiers are adopted and this
information is made available electronically.

I. Regulatory Flexibility Analysis

The Regulatory Flexibility Act (RFA) of 1980, Public Law 96-354,
requires us to prepare a regulatory flexibility analysis if the
Secretary certifies that a proposed regulation would have a significant
economic impact on a substantial number of small entities. In the
health care sector, a small entity is one with less than $5 million in
annual revenues. Nonprofit organizations are considered small entities;
however, individuals and States are not included in the definition of a
small entity. We have attempted to estimate the number of small
entities and provide a general discussion of the effects of the
statute. We request comments and additional information about our
estimates and discussion.
All nonprofit Blue Cross-Blue Shield Plans are considered small
entities. Two percent of the approximately 3.9 million employer health
plans are considered small businesses. All doctors of osteopathy,
dentists, podiatrists, chiropractors, and solo and group physicians'
offices with fewer than three physicians are considered small entities.
Forty percent of group practices with 3 or more physicians and 90
percent of optometrist practices are considered small entities.
Seventy-five percent of all pharmacies, medical laboratories, dental
laboratories and durable medical equipment suppliers are assumed to be
small entities.
We found the best source for information about the health data
information industry to be Faulkner & Gray's Health Data Dictionary.
This publication is the most comprehensive we found of its kind. The
information in this directory is gathered by Faulkner & Gray editors
and researchers who called all of the more than 3,000 organizations
that are listed in the book to elicit information about their
operations. It is important to note that some businesses are listed as
more than one type of business entity. That is because in reporting the
information, companies could list themselves as up to three different
types of entities. For example, some businesses listed themselves as
both practice management vendors as well as claims software vendors
because their practice management software was ``EDI enabled.''
All the statistics referencing Faulkner & Gray's come from the 1996
edition of its Health Data Dictionary. It lists 100 third party claims
processors, which includes health care clearinghouses (5-33). Faulkner
& Gray define third party claims processors as entities under contract
that take electronic and paper health care claims data from health care
providers and billing companies that prepare bills on a health care
provider's behalf. The third party claims processor acts as a conduit
to health plans; it batches claims and routes transactions to the
appropriate health plan in a form that expedites payment.
Of the 100 third party processors/clearinghouses listed in this
publication, seven processed more that 20 million electronic
transactions per month. Another 14 handled 2 million or more
transactions per month and another 29 handled over a million electronic
transactions per month. The remaining 50 entities listed processed less
than a million electronic transactions per month. We believe that
almost all of these entities have annual revenues of under $5 million
and would therefore be considered small entities by our definition.
Another entity that is involved in the electronic transmission of
health care transactions is the value added network. Value added
networks are involved in the electronic transmission of data over
telecommunication lines. We include value added networks in the
definition of a health care clearinghouse. Faulkner & Gray list 23
value added networks that handle health care transactions (5, p. 544).
After further discussion, the editors clarified that only 8 of the 23
would be considered ``pure'' value added networks. We believe that all
of these companies have annual revenues of over $5 million.
A billing company is another entity involved in the electronic
routing of health care transactions. It works primarily with physicians
either in office or hospital-based settings. Billing companies, in
effect, take over the office administrative functions for a physician;
they take information such as copies of medical notes and records and
prepare claim forms that are then forwarded to an insurer for payment.
Billing companies may also handle the receipt of payments, including
posting payment to the patient's record on behalf of the health care
provider. They can be located within or outside of the physician's
practice setting.
The International Billing Association is a trade association
representing

[[Page 25348]]

billing companies. The International Billing Association estimated that
there are approximately 4500 billing companies currently in business in
the United States. The International Billing Association's estimates
are based on the name and address of actual billing companies that it
compiled in developing its mailing list. We believe all of the 4500
billing companies known to be in business have revenues under $5
million annually.
Software system vendors provide computer software applications
support to health care clearinghouses, billing companies, and health
care providers. They particularly work with health care providers'
practice management and health information systems. These businesses
provide integrated software applications for such services as accounts
receivable management, electronic claims submission (patient billing),
record keeping, patient charting, practice analysis and patient
scheduling. Some software vendors are also involved in providing
applications for translating paper and nonstandard computer documents
into standardized formats that are acceptable to health plans.
Faulkner & Gray list 104 physician practice management vendors and
suppliers (5, p. 520), 105 hospital information systems vendors and
suppliers (5, p. 444), 134 software vendors and suppliers for claims-
related transactions (5, p. 486), and 28 translation vendors (5, p.
534). We were unable to determine the number of these entities with
revenues over $5 million, but we assume most of these businesses would
be considered small entities under our definition.
As discussed earlier in this analysis, the cost of implementing the
standards specified in the statute are primarily one-time or short-term
costs related to conversion. They were characterized as follows:
software conversion, cost of automation, training, implementation
problems, and cost of documentation and implementation guides. Rather
than repeat that information here, we refer you to the beginning of
this impact analysis.
1. Health care Providers and Health Plans
As a result of standard data format and content, health care
providers and health plans that wish to do business electronically
could do so knowing that whatever capital outlays they make are
worthwhile, with some certainty of return on investment. This is
because entities that exchange electronic health care transactions
would be required to receive and send transactions in the same standard
formats using the same health care provider and health plan
identifiers. We believe this will be an incentive to small physicians'
offices to convert from paper to EDI. In a 1996 Office of the Inspector
General study entitled ``Encouraging Physicians to Use Paperless
Claims,'' the Office of the Inspector General and HCFA agreed that over
$36 million in annual Medicare claims processing savings could be
achieved if all health care providers submitting 50 or more Medicare
claims per month submitted them electronically. Establishment of EDI
standards will make it financially beneficial for many small health
care providers to convert to electronic claim submissions, because all
health plans would accept the same formats.
Additionally, we believe that those health care providers that
currently use health care clearinghouses and billing agencies will see
costs stabilize and potentially some cost reduction. This would result
from the increased efficiency that health care clearinghouses and
billing companies will realize from being able to more easily link with
health care industry business partners.
2. Third Party Vendors
Third party vendors include third party processors/clearinghouses
(including value added networks), billing companies, and software
system vendors. While the market for third party vendors will change as
a result of standardization, these changes will be positive to the
industry and its customers over the long term. However, the short term/
one time costs discussed above will apply to the third party vendor
community.
a. Clearinghouses and Billing Companies
As noted above, health care clearinghouses are entities that take
health care transactions, convert them into standardized formats
acceptable to the receiver, and forward them on to the insurer. Billing
companies take on the administrative functions of a physician's office.
The market for clearinghouse and billing company services will
definitely be affected by the HIPAA administrative simplification
provisions; however there appears to be some debate on how the market
for these services will be affected.
It is likely that competition among health care clearinghouses and
billing companies will increase over time. This is because standards
would reduce some of the technical limitations that currently inhibit
health care providers from conducting their own EDI. For example, by
eliminating the requirement to maintain several different claims
standards for different trading partners, health care providers will be
able to more easily link themselves directly to health plans. This
could negatively affect the market for health care clearinghouses and
system vendors that do translation services; however, standards should
increase the efficiency in which health care clearinghouses operate by
allowing them to more easily link to multiple health plans. The
increased efficiency in operations resulting from standards could, in
effect, lower their overhead costs as well as attract new health care
clearinghouse customers to offset any loss in market share that they
might experience.
Another potential area of change is that brought about through
standardized code sets. Standards would lower costs and break down
logistical barriers that discouraged some health care providers from
doing their own coding and billing. As a result, some health care
providers may choose an in-house transaction system rather than using a
billing company as a means of exercising more control over information.
Conversely, health care clearinghouses may acquire some short-term
increase in business from those health care providers that are
automated but do not use the selected standards. These health care
providers would hire health care clearinghouses to take data from the
nonstandard formats they are using and convert them into the
appropriate standards. Generally, we would also expect health care
clearinghouses to identify opportunities to add value to transaction
processing and to find new business opportunities, either in marketing
promotional materials or in training health care providers on the new
transaction sets. Standards would increase the efficiency of health
care clearinghouses, which could in turn drive costs for these services
down. Health care clearinghouses may be able to operate more
efficiently or at a lower cost based on their ability to gain market
share. Some small billing companies may be consumed by health care
clearinghouses that may begin offering billing services to augment
their health care clearinghouse activities. However, most health care
providers that use billing companies would probably continue to do so
because of the comprehensive and personalized services these companies
offer.
Value added networks do not manipulate data but rather transmit
data in its native form over telecommunication lines. We anticipate

[[Page 25349]]

that the demand for value added network services would increase as
additional health care providers and health plans move to electronic
data exchange. Standards would eliminate the need for data to be
reformatted, which would allow health care providers to purchase value
added network services individually rather than as a component of the
full range of clearinghouse services.
b. Software Vendors
As noted above, software vendors provide computer software
applications support to health care clearinghouses and health care
providers. They particularly work with health care providers' practice
management and health information systems. We believe these entities
would be affected positively, at least in the short term. The
implementation of administrative simplification would enhance their
business opportunities as they would be involved in developing
computerized software solutions that would allow for health care
providers and other entities that exchange health care data to
integrate the new transaction set into their existing systems. They may
also be involved in developing software solutions to manage the
crosswalk of existing health care provider and health plan identifiers
to the national provider identifier and health plan identifier
(PAYERID) until such time as all entities have implemented the
identifiers.

J. Unfunded Mandates

We have identified costs to the private sector to implement these
standards. Although these costs are unfunded, we expect that they will
be offset by subsequent savings as detailed in this impact analysis.
Most costs will occur in the first 3 years following the adoption
of the HIPAA standards, with savings to health care providers and
health plans exceeding costs in the fourth year. Five-year costs of
implementing the HIPAA standards are estimated at $ 5.8 billion for
health care providers and health plans combined. Savings to these
entities over the same period in electronic claims processing, other
electronic transactions (e.g., enrollments and disenrollments), and
manual transactions are estimated at $ 7.3 billion, for a net savings
of $ 1.5 billion in 5 years.
The costs to State and local governments and tribal organizations
are also unfunded, but we do not have sufficient information to provide
estimates of the impact of these standards on those entities. Several
State Medicaid agencies have estimated that it would cost $1 million
per state to implement all the HIPAA standards. However, the
Congressional Budget Office analysis stated that ``States are already
in the forefront in administering the Medicaid program electronically;
the only costs--which should not be significant--would involve bringing
the software and computer systems for the Medicaid programs into
compliance with the new standards.'' The report went on to point out
that Medicaid State agencies have the option to compensate by reducing
other expenditures and that other State and local government agencies
are likely to incur less in the way of costs since most of them will
have fewer enrollees. Moreover, the Federal government pays a portion
of the cost of converting State Medicaid Management Information Systems
(MMIS) as Federal Financial Participation--75 percent for system
maintenance changes and 90 percent for new software (if approved). Many
States are in the process of changing systems as they convert many of
the current functions in the move to enroll Medicaid beneficiaries in
managed care.

K. Specific Impact of Provider Identifier

This is the portion of the impact analysis that relates
specifically to the standard that is the subject of this regulation--
the health care provider identifier. This section describes specific
impacts that relate to the provider identifiers. However, as we
indicated in the introduction to this impact analysis, we do not intend
to associate costs and savings to specific standards. In addition, this
section assesses the relative cost impact of the various identifier
options and implementation options set out in the regulation.
Although we cannot determine the specific economic impact of the
standard being proposed in this rule (and individually each standard
may not have a significant impact), the overall impact analysis makes
clear that, collectively, all the standards will have a significant
impact of over $100 million on the economy. Also, while each standard
may not have a significant impact on a substantial number of small
entities, the combined effects of all the proposed standards may have a
significant effect on a substantial number of small entities.
Therefore, the following impact analysis should be read in conjunction
with the overall impact analysis.
In accordance with the provisions of Executive Order 12866, this
proposed rule was reviewed by the Office of Management and Budget.
1. Affected entities.
a. Health care providers.
Health care providers that conduct electronic transactions with
health plans would have to begin to use the NPI in those transactions.
Health care providers that are indirectly involved in electronic
transactions (for example, by submitting a paper claim that the health
plan transmits electronically to a secondary payer) may also use the
NPI. Any negative impact on these health care providers generally would
be related to the initial implementation period. They would incur
implementation costs for converting systems, especially those that
generate electronic claims, from current provider identifiers to the
NPI. Some health care providers would incur those costs directly and
others would incur them in the form of fee increases from billing
agents and health care clearinghouses.
Health care providers not only would have to include their own NPI
on claims, but they would also have to obtain and use NPIs of other
health care providers (for example, for referring and ordering). This
would be a more significant implementation workload for larger
institutional health care providers, such as hospitals, that would have
to obtain the NPIs for each physician practicing in the hospital.
However, these health care providers are accustomed to maintaining
these types of data. There would also be a potential for disruption of
claims processes and timely payments during a particular health plan's
transition to the NPI. Some health care providers that do not do
business with government programs may be resistant to obtaining an NPI
and providing data about themselves that would be stored in a national
database.
Health care providers would also have to obtain an NPI and report
changes in pertinent data. Under one of the enumeration options
presented in this preamble, current Medicare providers will receive
their NPIs automatically, and other health care providers may be
enumerated in this manner to the extent that appropriate valid data
files are available. New health care providers would have to apply for
an NPI. This does not impose a new burden on health care providers. The
vast majority of health plans issue identifiers to the health care
providers with whom they transact business in order to facilitate the
electronic processing of claims and other transactions. The information
that health care providers must supply in order to receive an NPI is
significantly less than the information most health plans require to
enroll a health care provider. There would be no new cost

[[Page 25350]]

burden; the statute does not support our charging health care providers
to receive an NPI.
After implementation, health care providers would no longer have to
keep track of and use different identifiers for different insurers.
This would simplify provider billing systems and processes and reduce
administrative expenses. A standard identifier would facilitate and
simplify coordination of benefits, resulting in faster, more accurate
payments. Under option 2 of the enumeration options, (see section
IX.K.2.d. of this preamble, on enumerators), many health care providers
(all those doing business with Medicare) would receive their NPIs
automatically and would be able to report changes in the data contained
in the NPS to a single place and have the changes made available to
many health plans.
b. Health plans.
Health plans that engage in electronic commerce would have to
modify their systems to use the NPI. This conversion would have a one-
time cost impact on Federal, State, and private health plans alike and
is likely to be more costly for health plans with complex systems that
rely on intelligent provider numbers. Disruption of claims processing
and payment delays could result. However, health plans would be able to
schedule their implementation of the NPI and other standards in a
manner that best fits their needs, as long as they meet the deadlines
specified in the legislation.
Once the NPI has been implemented, health plans' coordination of
benefits activities would be greatly simplified because all health
plans would use the same health care provider identifier. In addition,
utilization review and other payment safeguard activities would be
facilitated, since health care providers would not be able to use
multiple identifiers and could be easily tracked over time and across
geographic areas. Health plans currently assign their own
identification numbers to health care providers as part of their
enrollment procedures, and this would no longer be necessary. Existing
enumeration systems maintained by Federal health programs would be
phased out, and savings would result.
c. Health care clearinghouses.
Health care clearinghouses would face impacts (both positive and
negative) similar to those experienced by health plans. However,
implementation would likely be more complex, because health care
clearinghouses deal with many health care providers and health plans
and would have to accommodate both old and new health care provider
identifiers until all health plans with which they deal have converted.
2. Effects of Various Options.
a. Guiding Principles for Standard Selection.
The implementation teams charged with designating standards under
the statute have defined, with significant input from the health care
industry, a set of common criteria for evaluating potential standards.
These criteria are based on direct specifications in the HIPAA, the
purpose of the law, and principles that support the regulatory
philosophy set forth in Executive Order 12866 of September 30, 1993,
and the Paperwork Reduction Act of 1995. These criteria also support
and are consistent with the principles of the Paperwork Reduction Act
of 1995. In order to be designated as a standard, a proposed standard
should:
<bullet> Improve the efficiency and effectiveness of the health
care system by leading to cost reductions for or improvements in
benefits from electronic HIPAA health care transactions. This principle
supports the regulatory goals of cost-effectiveness and avoidance of
burden.
<bullet> Meet the needs of the health data standards user
community, particularly health care providers, health plans, and health
care clearinghouses. This principle supports the regulatory goal of
cost-effectiveness.
<bullet> Be consistent and uniform with the other HIPAA standards--
their data element definitions and codes and their privacy and security
requirements--and, secondarily, with other private and public sector
health data standards. This principle supports the regulatory goals of
consistency and avoidance of incompatibility, and it establishes a
performance objective for the standard.
<bullet> Have low additional development and implementation costs
relative to the benefits of using the standard. This principle supports
the regulatory goals of cost-effectiveness and avoidance of burden.
<bullet> Be supported by an ANSI-accredited standards developing
organization or other private or public organization that will ensure
continuity and efficient updating of the standard over time. This
principle supports the regulatory goal of predictability.
<bullet> Have timely development, testing, implementation, and
updating procedures to achieve administrative simplification benefits
faster. This principle establishes a performance objective for the
standard.
<bullet> Be technologically independent of the computer platforms
and transmission protocols used in HIPAA health transactions, except
when they are explicitly part of the standard. This principle
establishes a performance objective for the standard and supports the
regulatory goal of flexibility.
<bullet> Be precise and unambiguous, but as simple as possible.
This principle supports the regulatory goals of predictability and
simplicity.
<bullet> Keep data collection and paperwork burdens on users as low
as is feasible. This principle supports the regulatory goals of cost-
effectiveness and avoidance of duplication and burden.
<bullet> Incorporate flexibility to adapt more easily to changes in
the health care infrastructure (such as new services, organizations,
and provider types) and information technology. This principle supports
the regulatory goals of flexibility and encouragement of innovation.
We assessed the various candidates for a provider identifier
against the principles listed above, with the overall goal of achieving
the maximum benefit for the least cost. We found that the NPI met all
the principles, but no other candidate identifier met all the
principles, or even those principles supporting the regulatory goal of
cost-effectiveness. We are assessing the costs and benefits of the NPI,
but we did not assess the costs and benefits of other identifier
candidates, because they did not meet the guiding principles. We invite
your comments on the costs and benefits of the alternative candidate
NPI options for the various market segments.
b. Need To Convert
Because there is no standard provider identifier in widespread use
throughout the industry, adopting any of the candidate identifiers
would require most health care providers, health plans and health care
clearinghouses to convert to the new standard. In the case of the NPI,
all health care providers would have to convert because this identifier
is not in use presently. As we pointed out in our analysis of the
candidates, even the identifiers that are in use are not used for all
purposes or for all provider types. The selection of the NPI does not
impose a greater burden on the industry than the nonselected
candidates, and presents significant advantages in terms of cost-
effectiveness, universality, uniqueness and flexibility.
c. Complexity of Conversion
Some existing provider identifier systems assign multiple
identifiers to a single health care provider in order to distinguish
the multiple identities the health care provider has in the system. For
example, in these systems, the health care provider may have a

[[Page 25351]]

different identifier to represent each ``pay-to'' identity, contract or
provider agreement, practice location, and specialty or provider type.
Since the NPI is a unique identifier for each health care provider, it
would not distinguish these multiple identities. Systems that need to
distinguish these identities would need to use data other than the NPI
to do so. The change to use other data would add complexity to the
conversion to the NPI or to any other standard provider identifier, but
it is necessary in order to achieve the goal of unique identification
of the health care provider.
The complexity of the conversion would also be significantly
affected by the degree to which health plans' processing systems
currently rely on intelligent identifiers. For example, a health plan
may route claims to different processing routines based on the type of
health care provider by keying on a provider type code included in the
identifier. Converting from one unintelligent identifier to another is
less complex than modifying software logic to obtain needed information
from other data elements. However, the use of an unintelligent
identifier is required in order to meet the guiding principle of
assuring flexibility.
Specific technology limitations of existing systems could affect
the complexity of conversion. For example, some existing provider data
systems use a telephone keypad to enter data. Data entry of alpha
characters is inconvenient in these systems. In order to mitigate this
inconvenience, we would implement the NPI by initially assigning
numeric NPIs. After all numeric possibilities have been exhausted, we
would introduce alpha characters in one position at a time. This
implementation strategy would allow additional time for systems with
technology limitations to overcome conversion difficulties.
In general, the shorter the identifier, the easier it is to
implement. It is more likely that a shorter identifier, such as the
NPI, would fit into existing data formats.
The selection of the NPI does not impose a greater burden on the
industry than the nonselected candidates.
d. Enumerators
Based on the analysis discussed earlier in the preamble, we assess
the two most viable combinations of choices for the entities that would
enumerate health care providers. We do not assess choices that permit
large numbers of enumerators (for example, all health plans,
educational institutions, professional associations) because these
choices do not satisfy the critical programmatic requirements of
maintaining a high degree of data quality and consistency and
minimizing confusion for health care providers.
No matter which of the two enumeration options is chosen, certain
costs and impacts would not vary.
<bullet> We assume that the NPS would be used in both options to
generate NPIs and serve as the central enumeration system and database.
We began to develop the NPS for Medicare use, and this effort, which
was funded by HCFA, is now nearing completion. As the NPS becomes
national in scope, we estimate that the cost of maintaining the NPS
software, hardware, and telecommunications, and operating a Help Desk
to deal with user questions, would cost approximately $10.4 million
over the first three years of operation and approximately $2.9 million
per year thereafter. Roughly half of these costs are attributable to
telecommunications expenses. This analysis presumes the availability of
Federal funds to support the development and operations of the NPS.
However, we are seeking comments on how the NPS could be funded once it
becomes national.
<bullet> We further assume that, in both options, the same
implementation strategy of loading the NPS database using health plans'
existing prevalidated files will be utilized to the extent possible.
This would reduce costs by not repeating the process of soliciting,
receiving, controlling, validating and keying applications from health
care providers that have already been enumerated by a trusted source.
For example, we would use existing Medicare provider files to initially
load the NPS database. The majority of work to reformat and edit these
files has already been completed.
We estimate that approximately 1.2 million current health care
providers and 30,000 new health care providers annually would require
NPIs because they conduct HIPAA transactions.
An additional 3 million health care providers (120,000 new health
care providers annually) do not conduct HIPAA transactions, but they
may choose to be enumerated at some future time. We refer to these
health care providers as ``non-HIPAA-transaction health care
providers'' (see section 4. Enumeration Phases of this preamble). These
health care providers would be primarily individual practitioners such
as registered nurses and pharmacists who perform services in
institutions and whose services are not billed by the institution. More
research is required on the time frame and process for enumerating
these health care providers.
Based on Medicare carriers' costs, we have estimated that the
average cost to enumerate a health care provider should not exceed $50.
Enumeration activities would include assisting health care providers
and answering questions, accepting the application for an NPI;
validating as many of the data elements as possible at the point of
application to assure the submitted data are accurate and the
application is authentic; entering the data into the NPS to obtain an
NPI for the health care provider; researching cases where there is a
possible match to a health care provider already enumerated; notifying
the health care provider of the assigned NPI; and entering updated data
into the NPS when notified by the health care provider. The cost of
processing a data update is not known, and for purposes of this
analysis we are assuming an average cost of $10 per update transaction,
and that 5 percent per year of these health care providers on file
would have updated data. However, we estimate that approximately 15
percent of health care providers that do not conduct business with
Federal health plans or Medicaid would require updates each year. These
health care providers may be unfamiliar with the terminology for some
of the information they need to provide in order to be enumerated;
thus, they may need to correct errors they could have made in
completing the applications for NPIs or may have a need to change some
of that information for other reasons. The per transaction cost would
be lower if practice location addresses and membership in groups were
not collected (see section IV., Data, and section IX.E., Maintenance of
the Database, of this preamble) and if enumerators were already
validating data as part of their own enrollment processes. The number
of updates would also be affected by the practice location and group
membership issues because these data are more volatile than demographic
data (see IV., Data, and IX.E., Maintenance of the Database, of this
preamble).
For a similarly sized commercial numbering system that uniquely
identifies corporations and assigns unique identifiers, we have
received independent estimates from Dun & Bradstreet (D&B) of $7 per
enumeration and $3 per update. The D&B estimates are based on the cost
of assigning and maintaining the Data Universal Numbering System (D-U-
N-S) number. The D-U-N-S number is a nine-digit, non-indicative number
assigned to each record in D&B's file. It uses a modulus

[[Page 25352]]

10 check digit in the ninth position. Over 47 million D-U-N-S numbers
have been assigned, worldwide, with 22 million attributed to locations
in the United States. D&B uses the D-U-N-S number to enumerate
businesses, including commercial sites, sole proprietorships, cottage
industries, educational institutions, not-for-profits, and government
entities, but does not maintain records on private individuals. D&B
estimates an average cost of $7 to add a record to its database and
assign it a unique record identifier. To establish a record and ensure
uniqueness, D&B requires the entity's legal name, any ``doing business
as'' names, physical address, telephone number, chief executive, date
started, line of business, number of employees and relationship(s) with
other business entities. D&B runs a daily computer process to audit all
records added during the day and extracts any that may be duplicates
for research by an analyst. Updates to each record are estimated at
approximately $3 but can run as high as $30 per year for very robust
database entries, some of which contain 1500 different data elements.
The D&B estimates may be understated for our purposes because the
four to six data elements used to uniquely identify the enumerated
corporations do not require verification. We welcome comments on which
data elements are required to uniquely identify health care providers
(individuals, groups, and organizations), on whether verification of
the data is necessary for purposes of enumeration, and on estimates of
the cost to enumerate and update that minimum data set. We understand
that the cost would be lower if the number and complexity of the data
elements were reduced, but this cost must be balanced against the level
of confidence that can be placed in the uniqueness of the health care
providers identified. Specific consideration of these tradeoffs in
submitted comments will be very helpful.
The $50 estimated average cost to enumerate a health care provider
is an upper limit. The cost would decrease significantly if the second
data alternative is selected (see section IV.B., Practice Addresses and
Group/Organization Options, of this preamble). Under this alternative,
the NPS would capture only one practice address for an individual or
organization provider. It would not assign location codes. The NPS
would not link the NPI of a group provider to the NPIs of individuals
who are members of the group. Costs would decrease because we would
collect significantly less data at the time of enumeration, and the
data that would be collected would not need to be updated very
frequently. Recent consultations with the industry reveal a growing
consensus for this alternative.
Table 5 below provides estimates as to the cost of each enumeration
option for start-up and outyear, with Federal, State, and private
costs, for HIPAA-transaction and non-HIPAA-transaction health care
providers, and the Federal costs of the NPS. We define ``start-up'' as
the first 3 years during which the NPS becomes operational nationally
and the bulk of the health care providers requiring NPIs are
enumerated. ``Outyear'' would be each subsequent year, in which the
majority of actions would be enumerations of new health care providers
and provider updates. Assumptions follow the table.

Table 5.--Enumeration Costs: Federal, State, and Private
----------------------------------------------------------------------------------------------------------------
Enumeration Costs: Federal, State, and Private
-----------------------------------------------------------------------------------------------------------------
Start-up costs Outyear costs Start-up costs Outyear costs
HIPAA- HIPAA- non-HIPAA- non-HIPAA-
Costs to: transaction transaction transaction transaction
providers providers providers providers
----------------------------------------------------------------------------------------------------------------
OPTION 1--REGISTRY
----------------------------------------------------------------------------------------------------------------
Federal for NPS................................. 10,400,000 2,900,000 .............. ..............
Federal for non-HIPAA-transaction health care
providers...................................... .............. .............. 165,000,000 7,500,000
Federal......................................... 64,560,000 2,280,000 .............. ..............
State........................................... 0 0 .............. ..............
Private......................................... 0 0 .............. ..............
---------------------------------------------------------------
Total....................................... 74,960,000 5,180,000 .............. ..............
----------------------------------------------------------------------------------------------------------------
OPTION 2--COMBINATION OF FEDERAL HEALTH PLANS, MEDICAID STATE AGENCIES, AND FEDERALLY-DIRECTED REGISTRY
----------------------------------------------------------------------------------------------------------------
Federal for NPS................................. 10,400,000 2,900,000 .............. ..............
Federal for non-HIPAA-transaction health care
providers...................................... .............. .............. 165,000,000 7,500,000
Federal (if all Medicaid State agencies
participate)................................... 9,990,000 495,000 .............. ..............
Federal (if 5% of Medicaid State agencies
decline to participate)........................ 10,310,000 505,000 .............. ..............
State (if all Medicaid State agencies
participate)................................... 0 0 .............. ..............
State (if 5% of Medicaid State agencies decline
to participate)................................ 0 0 .............. ..............
Private......................................... 0 0 .............. ..............
---------------------------------------------------------------
Total (if all Medicaid State agencies
participate)............................... 20,390,000 3,395,000 .............. ..............
===============================================================
Total (if 5% of Medicaid State agencies
decline to participate).................... 20,710,000 3,405,000 .............. ..............
----------------------------------------------------------------------------------------------------------------

Assumptions

1. Definitions
a. ``HIPAA-transaction health care provider'' means a health care
provider that we would require to have an NPI; that is, a health care
provider that must be identified in the transactions specified in
HIPAA.
b. ``Non-HIPAA-transaction health care provider'' means a health
care provider that we would not require to have an NPI.
c. ``Start-up'' means the first 3 years in which the NPS becomes
operational nationally and the bulk of the health care providers
requiring NPIs are enumerated. It is the sum of the cost of enumerating
existing health care providers in the first year plus the

[[Page 25353]]

annual cost of enumerating new and updating existing health care
providers for the 2 subsequent years.
d. ``Outyear'' means each subsequent year in which the majority of
actions would be enumerating new health care providers and updating
existing ones. It is the sum of the cost of enumerating new health care
providers plus the cost of updating existing health care providers.
2. The cost to enumerate a health care provider that is not
enrolled or enrolling in a Federal health plan (e.g., Medicare,
CHAMPUS) or Medicaid is estimated to be $50. (See Assumption 4.)
3. The cost to update information on a health care provider that is
not enrolled or enrolling in a Federal health plan (e.g., Medicare,
CHAMPUS) or Medicaid is estimated to be $10. (See Assumption 4.)
4. The cost to Federal health plans (e.g., Medicare, CHAMPUS) and
Medicaid to enumerate or update their own health care providers is
relatively small as these health plans must collect the same
information to enroll or update the health care providers in their own
programs. Possible up-front costs to these health plans and Medicaid
would be offset by simpler, more efficient coordination of benefits,
elimination of the need to maintain multiple enumeration systems, and
elimination of the need to maintain other provider numbers. The Federal
Government pays 75 percent of Medicaid State agencies' costs to
enumerate and update health care providers. Because all of these costs
are relatively small and would be offset by savings, they are
considered to be $0 (zero).
5. This analysis presumes the availability of Federal funds to
support the registry.
6. It is estimated that 5 percent of existing HIPAA-transaction
health care providers that conduct business with Federal health plans
or Medicaid require updates annually; 15 percent of the remaining
HIPAA-transaction health care providers require updates annually.
7. It is estimated that 5 percent of Medicaid State agencies may
decline to participate in enumerating/updating their health care
providers. The registry would enumerate/update that 5 percent.
8. Non-HIPAA-transaction health care providers would not be
enumerated in the initial phases of enumeration. These costs are
estimated to be $165,000,000 for start-up and $7,500,000 for outyear.
The registry would enumerate/update these health care providers only if
funds are available.
Option 1 calls for all 1.2 million HIPAA-transaction health care
providers to be enumerated by a Federally-directed registry. The one-
time cost for the registry to assign NPIs to existing HIPAA-transaction
health care providers would depend on the extent to which existing
files could be used. The cost could be as high as $60 million (1.2
million health care providers x $50) or as low as $9 million (see
option 2). The low estimate assumes that prevalidated provider files
are available for 100 percent of all Federal and Medicaid providers.
The annual outyear cost would be $2.1 million (30,000 new health care
providers x $50 plus 60,000 updates x $10). The Federal health
plans and Medicaid State agencies would no longer have to assign their
own identifiers, which would result in some savings, but they would
still incur costs related to provider enrollment activities that would
duplicate Federally-directed registry functions (for example, duplicate
collection and verification of some information).
Option 2 calls for enumeration of HIPAA-transaction health care
providers to be performed by a combination of Federal programs named as
health plans, Medicaid State agencies, and a Federally-directed
registry. This registry would enumerate non-Federal, non-Medicaid
providers. All enumerators would receive, validate, and enter
application data into the NPS and would communicate with health care
providers. Data files would be available from a central source. The
registry would utilize the NPS and would be operated under Federal
oversight but could, if appropriate, be contracted out.
Medicare, Medicaid, CHAMPUS, and the Department of Veterans Affairs
already assign identifiers to health care providers with whom they
conduct business. They would simply begin to use the NPS to issue NPIs
instead of using their own systems to assign the identifiers they now
use. Initially, these Federal health plans and Medicaid may incur up-
front costs in issuing NPIs; however, these additional costs would be
offset by savings from the fact that each health care provider would
only have to be enumerated once; multiple enumeration systems would not
have to be maintained; other provider numbers would not have to be
maintained; and coordination of benefits would be simpler and more
efficient. We estimate that approximately 5 percent of Medicaid State
agencies may decline to participate (that is, they would not enumerate
and update their health care providers). These health care providers
would need to be enumerated and updated by the Federally-directed
registry; however, that cost would be offset by savings realized by the
discontinuance of UPIN assignment and maintenance of the UPIN registry.
We estimate that approximately 85 percent of the health care providers
that conduct HIPAA transactions would be enumerated in this manner (75
percent by Federal health plans, 10 percent by Medicaid). Additional
costs, if any, to enumerate these health care providers or update their
data would be insignificant.
The remaining 15 percent of health care providers that conduct
HIPAA transactions (180,000) would be enumerated by a Federally-
directed registry. The one-time cost of enumerating these health care
providers would be $9 million (180,000 health care providers x $50).
The cost of enumerating 4,500 new health care providers would be
$225,000 per year, and the cost to process 27,000 updates would be
$270,000, for a total registry cost of $495,000 per outyear.
Based on the cost estimates in this analysis, option 1 is
considerably more expensive than option 2. We believe option 2 to be
preferable to option 1 in that Federal programs and Medicaid State
agencies would enumerate and update their own health care providers.
The enumeration functions of the 5 percent of Medicaid State agencies
that may decline to enumerate and update their own health care
providers would fall to the Federally-directed registry.
The initial and ongoing cost of developing, implementing and
operating the NPS would be borne by the Federal government, depending
on the availability of funds; some of this cost could be offset by
ceasing current enumeration systems like Medicare's UPIN registry.
The previous analysis relates only to health care providers that
are required to have an NPI to perform HIPAA transactions. The
remaining health care providers would not be required to obtain an NPI
but could do so if they wished to have one for other reasons. We
indicated in the Implementation section of this preamble that we would
not issue NPIs to these health care providers until the health care
providers that needed NPIs to conduct any of the electronic
transactions specified in HIPAA had been enumerated. The cost of
enumerating the approximately 3 million non-HIPAA-transaction health
care providers could be as high as $150 million (3 million health care
providers x $50). We are soliciting comments on sources of
information on non-HIPAA-transaction health care providers. We cannot
provide a realistic estimate of the cost of enumerating these health
care providers without this additional input.

[[Page 25354]]

e. Maintenance of the Database
Another cost implication is the maintenance of the database being
developed by the NPS. (We discuss this cost implication in more detail
in section IV. Data but believe the general discussion should be
repeated here in the impact analysis as well.) That database, known as
the National Provider File (NPF), is currently being designed to
contain the data elements shown in the table entitled, ``National
Provider File Data Elements'' in section IV. Data, A. Data Elements,
earlier in this preamble. The majority of the information is used to
uniquely identify a health care provider; other information is used for
administrative purposes. A few of the data elements are collected at
the request of potential users that have been working with HCFA in
designing the database prior to the passage of HIPAA. All of these data
elements represent only a fraction of the information that would
comprise a provider enrollment file. The data elements shown in the
``National Provider File Data Elements'' table earlier in the preamble,
plus cease/effective/termination dates, switches (yes/no), indicators,
and history, are being considered as those that would form the NPF. The
table includes appropriate comments. The table does not display systems
maintenance or similar fields, or health care provider cease/effective/
termination dates.
We need to consider the benefits of retaining all of the data
elements shown in the table versus lowering the cost of maintaining the
database by keeping only the minimum number of data elements needed for
unique provider identification. We solicit input on the composition of
the minimum set of data elements needed to uniquely identify each type
of health care provider. In order to consider the inclusion or
exclusion of data elements, we need to assess their purpose and use.
The data elements in the table with a purpose of ``I'' are being
proposed to identify a health care provider, either in the search
process (which is electronic) or in the investigation of health care
providers designated as possible matches by the search process. These
data elements are critical because unique identification is the
keystone of the NPS.
The data elements in the table with a purpose of ``A'' are not
essential to the identification processes mentioned above, but they
nonetheless are valuable. Certain ``A'' data elements can be used to
contact a health care provider for clarification of information or
resolution of issues encountered in the enumeration process and for
sending written communications; other ``A'' data elements (e.g.,
Provider Enumerate Date, Provider Update Date, Establishing Enumerator/
Agent Number) are used to organize and manage the data.
The data elements in the table with a purpose of ``U'' are
collected at the request of potential users of the information in the
system. While not used by the system's search process to uniquely
identify a health care provider, Race (with a purpose of ``U'') is
nevertheless valuable in the investigation of health care providers
designated as possible matches as a result of that process. In
addition, Race is important to the utility of the NPS as a statistical
sampling frame. Race is collected ``as reported''; that is, it is not
validated. It is not maintained, only stored. The cost of keeping this
data element is virtually nil. Other data elements (Resident/Intern
Code, Provider Certification Code and Number, and Organization Type
Control Code) with a purpose of ``U'', while not used for enumeration
of a health care provider, have been requested to be included by some
members of the health care industry for reports and statistics. These
data elements are optional and do not require validation; many remain
constant by their nature; and the cost to store them is negligible.
The data elements that we judge will be expensive to either
validate or maintain (or both) are the license information, provider
practice location addresses, and membership in groups. We solicit
comments on whether these data elements are necessary for the unique
enumeration of health care providers and whether validation or
maintenance is required for that purpose.
Licenses may be critical in determining uniqueness of a health care
provider (particularly in resolving identifies involving compound
surnames) and are, therefore, considered to be essential by some.
License information is expensive to validate initially, but it is not
expensive to maintain because it does not change frequently.
The practice location addresses can be used to aid in investigating
possible provider matches, in converting existing provider numbers to
NPIs, and in research involving fraud or epidemiology. Location codes,
which are discussed in detail in section B. Practice Addresses and
Group/Organization Options of this preamble, could be assigned by the
NPS to point to and identify practice locations of individuals and
groups. Some potential users felt that practice addresses changed too
frequently to be maintained efficiently at the national level. The
average Medicare physician has two to three addresses at which he or
she practices. Group providers may have many more practice locations.
We estimate that 5 percent of health care providers require updates
annually and that addresses are one of the most frequently changing
attributes. As a result, maintaining more than one practice address for
an individual provider on a national scale could be burdensome and time
consuming. Many potential users believe that practice addresses could
more adequately be maintained at local, health-plan specific levels.
Some potential users felt that membership in groups was useful in
identifying health care providers. Many others, however, felt that
these data are highly volatile and costly to maintain. These users felt
it was unlikely that membership in groups could be satisfactorily
maintained at the national level.
We welcome comments on the data elements proposed for the NPF and
input as to the potential usefulness and tradeoffs for these elements
such as those discussed above.

References

1. Dobson, Allen, Ph.D. and Bergheiser, Matthew; ``Reducing
Administrative Costs in a Pluralistic Delivery System through
Automation;'' Lewin-VHI Report prepared for the Healthcare Financial
Management Association; 1993.
2. Congressional Budget Office; ``Federal Cost Estimate for H.R.
3070;'' 1996.
3. Workgroup for Electronic Data Interchange; ``Report,'' 1993.
4. ``Electronic Network Solution for Rising Healthcare Costs;''
New Jersey Institute of Technology and Thomas Edison State College,
1995.
5. Faulkner & Gray's Health Data Directory, 1997 Edition; Kurt
T. Peters, Publisher (also earlier editions).

List of Subjects in 45 CFR Part 142

Administrative practice and procedure, Health facilities, Health
insurance, Hospitals, Medicare, Medicaid.
Accordingly, 45 CFR subtitle A, subchapter B, would be amended by
adding Part 142 to read as follows:

Note to Reader: This proposed rule and another proposed rule
found elsewhere in this Federal Register are two of several proposed
rules that are being published to implement the administrative
simplification provisions of the Health Insurance Portability and
Accountability Act of 1996. We propose to establish a new 45 CFR
Part 142. Proposed Subpart A--General Provisions is exactly the same
in each rule unless we have added new sections or definitions to
incorporate

[[Page 25355]]

additional general information. The subparts that follow relate to
the specific provisions announced separately in each proposed rule.
When we publish the first final rule, each subsequent final rule
will revise or add to the text that is set out in the first final
rule.

PART 142--ADMINISTRATIVE REQUIREMENTS

Subpart A--General Provisions

Sec.

142.101 Statutory basis and purpose.
142.102 Applicability.
142.103 Definitions.
142.104 General requirements for health plans.
142.105 Compliance using a health care clearinghouse.
142.106 Effective date of a modification to a standard or
implementation specification.

Subparts B--C [Reserved]

Subpart D--National Provider Identifier Standard

142.402 National provider identifier standard.
142.404 Requirements: Health plans.
142.406 Requirements: Health care clearinghouses.
142.408 Requirements: Health care providers.
142.410 Effective dates of the initial implementation of the
national provider identifier standard.

Authority: Sections 1173 and 1175 of the Social Security Act (42
U.S.C. 1320d-2 and 1320d-4).

Subpart A--General Provisions

Sec. 142.101 Statutory basis and purpose.

Sections 1171 through 1179 of the Social Security Act, as added by
section 262 of the Health Insurance Portability and Accountability Act
of 1996, require HHS to adopt national standards for the electronic
exchange of health information in the health care system. The purpose
of these sections is to promote administrative simplification.

Sec. 142.102 Applicability.

(a) The standards adopted or designated under this part apply, in
whole or in part, to the following:
(1) A health plan.
(2) A health care clearinghouse when doing the following:
(i) Transmitting a standard transaction (as defined in
Sec. 142.103) to a health care provider or health plan.
(ii) Receiving a standard transaction from a health care provider
or health plan.
(iii) Transmitting and receiving the standard transactions when
interacting with another health care clearinghouse.
(3) A health care provider when transmitting an electronic
transaction as defined in Sec. 142.103.
(b) Means of compliance are stated in greater detail in
Sec. 142.105.

Sec. 142.103 Definitions.

For purposes of this part, the following definitions apply:
Code set means any set of codes used for encoding data elements,
such as tables of terms, medical concepts, medical diagnostic codes, or
medical procedure codes.
Health care clearinghouse means a public or private entity that
processes or facilitates the processing of nonstandard data elements of
health information into standard data elements. The entity receives
health care transactions from health care providers, health plans,
other entities, or other clearinghouses, translates the data from a
given format into one acceptable to the intended recipient, and
forwards the processed transaction to the appropriate recipient.
Billing services, repricing companies, community health management
information systems, community health information systems, and ``value-
added'' networks and switches that perform these functions are
considered to be health care clearinghouses for purposes of this part.
Health care provider means a provider of services as defined in
section 1861(u) of the Social Security Act, a provider of medical or
other health services as defined in section 1861(s) of the Social
Security Act, and any other person who furnishes or bills and is paid
for health care services or supplies in the normal course of business.
Health information means any information, whether oral or recorded
in any form or medium, that--
(1) Is created or received by a health care provider, health plan,
public health authority, employer, life insurer, school or university,
or health care clearinghouse; and
(2) Relates to the past, present, or future physical or mental
health or condition of an individual, the provision of health care to
an individual, or the past, present, or future payment for the
provision of health care to an individual.
Health plan means an individual or group plan that provides, or
pays the cost of, medical care. Health plan includes the following,
singly or in combination:
(1) Group health plan. A group health plan is an employee welfare
benefit plan (as currently defined in section 3(1) of the Employee
Retirement Income and Security Act of 1974, 29 U.S.C. 1002(1)),
including insured and self-insured plans, to the extent that the plan
provides medical care, including items and services paid for as medical
care, to employees or their dependents directly or through insurance,
or otherwise, and
(i) Has 50 or more participants; or
(ii) Is administered by an entity other than the employer that
established and maintains the plan.
(2) Health insurance issuer. A health insurance issuer is an
insurance company, insurance service, or insurance organization that is
licensed to engage in the business of insurance in a State and is
subject to State law that regulates insurance.
(3) Health maintenance organization. A health maintenance
organization is a Federally qualified health maintenance organization,
an organization recognized as a health maintenance organization under
State law, or a similar organization regulated for solvency under State
law in the same manner and to the same extent as such a health
maintenance organization.
(4) Part A or Part B of the Medicare program under title XVIII of
the Social Security Act.
(5) The Medicaid program under title XIX of the Social Security
Act.
(6) A Medicare supplemental policy (as defined in section
1882(g)(1) of the Social Security Act).
(7) A long-term care policy, including a nursing home fixed-
indemnity policy.
(8) An employee welfare benefit plan or any other arrangement that
is established or maintained for the purpose of offering or providing
health benefits to the employees of two or more employers.
(9) The health care program for active military personnel under
title 10 of the United States Code.
(10) The veterans health care program under 38 U.S.C., chapter 17.
(11) The Civilian Health and Medical Program of the Uniformed
Services (CHAMPUS), as defined in 10 U.S.C. 1072(4).
(12) The Indian Health Service program under the Indian Health Care
Improvement Act (25 U.S.C. 1601 et seq.).
(13) The Federal Employees Health Benefits Program under 5 U.S.C.
chapter 89.
(14) Any other individual or group health plan, or combination
thereof, that provides or pays for the cost of medical care.
Medical care means the diagnosis, cure, mitigation, treatment, or
prevention of disease, or amounts paid for the purpose of affecting any
body structure or function of the body; amounts paid for transportation
primarily for and essential to these items; and amounts paid for
insurance covering the items and the

[[Page 25356]]

transportation specified in this definition.
Participant means any employee or former employee of an employer,
or any member or former member of an employee organization, who is or
may become eligible to receive a benefit of any type from an employee
benefit plan that covers employees of that employer or members of such
an organization, or whose beneficiaries may be eligible to receive any
of these benefits. ``Employee'' includes an individual who is treated
as an employee under section 401(c)(1) of the Internal Revenue Code of
1986 (26 U.S.C. 401(c)(1)).
Small health plan means a group health plan or individual health
plan with fewer than 50 participants.
Standard means a set of rules for a set of codes, data elements,
transactions, or identifiers promulgated either by an organization
accredited by the American National Standards Institute or HHS for the
electronic transmission of health information.
Transaction means the exchange of information between two parties
to carry out financial and administrative activities related to health
care. It includes the following:

(1) Health claims or equivalent encounter information.
(2) Health care payment and remittance advice.
(3) Coordination of benefits.
(4) Health claims status.
(5) Enrollment and disenrollment in a health plan.
(6) Eligibility for a health plan.
(7) Health plan premium payments.
(8) Referral certification and authorization.
(9) First report of injury.
(10) Health claims attachments.
(11) Other transactions as the Secretary may prescribe by regulation.

Sec. 142.104 General requirements for health plans.

If a person conducts a transaction (as defined in Sec. 142.103)
with a health plan as a standard transaction, the following apply:
(a) The health plan may not refuse to conduct the transaction as a
standard transaction.
(b) The health plan may not delay the transaction or otherwise
adversely affect, or attempt to adversely affect, the person or the
transaction on the ground that the transaction is a standard
transaction.
(c) The health information transmitted and received in connection
with the transaction must be in the form of standard data elements of
health information.
(d) A health plan that conducts transactions through an agent must
assure that the agent meets all the requirements of this part that
apply to the health plan.

Sec. 142.105 Compliance using a health care clearinghouse.

(a) Any person or other entity subject to the requirements of this
part may meet the requirements to accept and transmit standard
transactions by either--
(1) Transmitting and receiving standard data elements, or
(2) Submitting nonstandard data elements to a health care
clearinghouse for processing into standard data elements and
transmission by the health care clearinghouse and receiving standard
data elements through the health care clearinghouse.
(b) The transmission, under contract, of nonstandard data elements
between a health plan or a health care provider and its agent health
care clearinghouse is not a violation of the requirements of this part.

Sec. 142.106 Effective date of a modification to a standard or
implementation specification.

HHS may modify a standard or implementation specification after the
first year in which HHS requires the standard or implementation
specification to be used, but not more frequently than once every 12
months. If HHS adopts a modification to a standard or implementation
specification, the implementation date of the modified standard or
implementation specification may be no earlier than 180 days following
the adoption of the modification. HHS determines the actual date,
taking into account the time needed to comply due to the nature and
extent of the modification. HHS may extend the time for compliance for
small health plans.

Subpart B-C--[Reserved]

Subpart D--National Provider Identifier Standard

Sec. 142.402 National provider identifier standard.

(a) The provider identifier standard that must be used under this
subpart is the national provider identifier, which is supported by the
Health Care Financing Administration. The national provider identifier
is an 8-position alphanumeric identifier, which includes as the eighth
position a check digit.
(b) The file containing identifying information for each health
care provider for its national provider identifier includes the
following information:
(1) The national provider identifier.
(2) Other identifiers, such as the social security number
(optional), employer identification number for some provider types, and
identifying numbers from other health programs, if applicable.
(3) Provider names.
(4) Addresses and associated practice location codes.
(5) Demographics (date of birth, State/country of birth, date of
death if applicable, race (optional), sex).
(6) Provider type(s), classification(s), area(s) of specialization.
(7) Education for certain provider types, State licensure for
certain provider types (optional), and board certification (optional
for some classifications).

Sec. 142.404 Requirements: Health plans.

Each health plan must accept and transmit the national provider
identifier of any health care provider that must be identified by the
national provider identifier in any standard transaction.

Sec. 142.406 Requirements: Health care clearinghouses.

Each health care clearinghouse must use the national provider
identifier of any health care provider that must be identified by the
national provider identifier in any standard transaction.

Sec. 142.408 Requirements: Health care providers.

(a) Each health care provider must obtain, by application if
necessary, a national provider identifier.
(b) Each health care provider must accept and transmit national
provider identifiers wherever required on all transactions it accepts
or transmits electronically.
(c) Each health care provider must communicate any changes to the
data elements in its file in the national provider system to an
enumerator of national provider identifiers within 60 days of the
change.
(d) Each health care provider may receive and use only one national
provider identifier. Upon dissolution of a health care provider that is
a corporation or a partnership, or upon the death of a health care
provider who is an individual, the national provider identifier is
inactivated.

Sec. 142.410 Effective dates of the initial implementation of the
national provider identifier standard.

(a) Health plans. (1) Each health plan that is not a small health
plan must comply with the requirements of Secs. 142.104 and 142.404 by
(24 months after the effective date of the final rule in the Federal
Register).
(2) Each small health plan must comply with the requirements of

[[Page 25357]]

Sec. Sec. 142.104 and 142.404 by (36 months after the effective date of
the final rule in the Federal Register).
(b) Health care clearinghouses and health care providers. Each
health care clearinghouse and health care provider must begin using the
standard specified in Sec. 142.402 by (24 months after the effective
date of the final rule in the Federal Register).

Authority: Sections 1173 and 1175 of the Social Security Act (42
U.S.C. 1320d-2 and 1320d-4).

Dated: March 27, 1998.
Donna E. Shalala,
Secretary.
[FR Doc. 98-11692 Filed 5-1-98; 9:05 am]
BILLING CODE 4120-01-P

Hit Counter

Transactions

Code Sets

Identifiers

Send mail to whiteoaksoftware@attbi.com with questions or comments about this web site. Copyright © 2001 White Oak Software Last modified: April 04, 2002

Send mail to whiteoaksoftware@attbi.com with questions or comments about this web site.
Copyright © 2001 White Oak Software
Last modified: April 04, 2002