Second Opinions

SECOND OPINIONS: ACA Makes Changes to HIPAA Standard Transaction Rules

April 9, 2014 (PLANSPONSOR.com) - With all of the other mandates, notices, and penalties included in the Patient Protection and Affordable Care Act (ACA), one section went largely unnoticed but potentially has a big impact on health plans.

By PS | April 09, 2014
Page 1 of 3 View Full Article

The ACA added new requirements to the HIPAA Administrative Simplification Rules, which are the rules that govern privacy and security of protected health information. Two of the changes impose direct requirements on health plans beginning this year—the Health Plan Identifier Rule and the HIPAA Certification Rule. We answer questions about both requirements below.

What is a Health Plan Identifier and how do we obtain one?

The ACA and its regulations require that all health plans obtain a Health Plan Identifier, or HPID.  The HPID is a unique number that will be assigned to the health plan. This number must be used in any HIPAA standard transactions that the health plan conducts or that a business associate conducts on behalf of the health plan. Health plans can register for their HPID at http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/Affordable-Care-Act/Health-Plan-Identifier.html. Note that it may take some time to gather the required information and work through the registration screens. The website has instructions and videos explaining the process.

What is the deadline for obtaining an HPID?

Health plans must obtain an HPID by November 5, 2014.  Small health plans, defined under the HIPAA privacy rules as plans with annual receipts of $5 million or less, have an extra year—until November 5, 2015.

What health plans are subject to these rules?

Any health plan that is a “covered entity” under the HIPAA privacy rules will be required to obtain an HPID. There is a special rule allowing a “controlling health plan” to obtain an HPID on behalf of “subhealth plans.” The regulations defined a “controlling health plan” as a plan that controls its own business activities, actions, or policies, and a “subhealth plan” as a plan whose activities are directed by a controlling health plan.

SPONSORED MESSAGES