The Latest Final Rule
Administrative Simplification: Adoption of a Standard for a Unique Health Plan Identifier;
Addition to the National Provider Identifier Requirements; and a Change to the
Compliance Date for the International Classification of Diseases, 10th Edition (ICD-10-CM
and ICD-10-PCS) Medical Data Code Sets
The HPID/OEID/ICD-10 final rule was published in early September in the Federal Register. The
provisions of this final rule are virtually unchanged from the proposed rule published earlier this year.
This final rule adopts the standard for a national unique health plan identifier (HPID) and
establishes requirements for the implementation of the HPID. In addition, it adopts a data
element that will serve as an “other entity identifier (OEID)”, or an identifier for entities that are
not health plans, health care providers, or individuals, but that need to be identified in standard
transactions. This final rule also specifies the circumstances under which an organization
covered health care provider must require certain non-covered individual health care providers
who are prescribers to obtain and disclose a National Provider Identifier (NPI). Lastly, this final
rule changes the compliance date for the International Classification of Diseases, 10th Revision,
Clinical Modification (ICD-10-CM) for diagnosis coding, including the Official ICD–10–CM
Guidelines for Coding and Reporting, and the International Classification of Diseases,
10th Revision, Procedure Coding System (ICD–10–PCS) for inpatient hospital procedure coding,
including the Official ICD–10–PCS Guidelines for Coding and Reporting, from October 1, 2013
to October 1, 2014.
Key Dates
Health plans with the exception of small health plans must obtain an
HPID by November 5, 2014. Small health plans must obtain an HPID by November 5,
2015. Covered entities must use HPIDs in the standard transactions on or after
November 7, 2016. An organization covered health care provider must comply with the
implementation specifications in §162.410(b) by May 6, 2013. The OEID is voluntary and thus
there is not required date for implementation.
Key Provisions for HPID
Two new categories of health plans (as defined in the HIPAA regulations) are established a. Controlling Health Plan (CHP)
A CHP means a health plan that--(1) controls its own business activities, actions,
or policies; or (2)(i) is controlled by an entity that is not a health plan; and (ii) if it has a
subhealth plan(s), exercises sufficient control over the subhealth plan(s) to direct its/their
business activities, actions, or policies.
The following considerations may be helpful in determining if an entity is a CHP:
• Does the entity itself meet the definition of health plan at 45 CFR 160.103 (the HIPAA
definition of health plan)?
• Does either the entity itself or a non health plan organization control the business activities,
actions, or policies of the entity?
If the answer to both questions is "yes," then the entity would meet the definition of CHP.
An entity that meets the definition of CHP would be required to obtain a health plan identifier.
b. Subhealth Plan (SHP)
A SHP means a health plan whose business activities, actions, or policies are directed by a
controlling health plan.
The following considerations may be helpful in determining whether an entity is a SHP:


Does the entity meet the definition of health plan at §160.103?
Does a CHP direct the business activities, actions, or policies of the health plan entity?
If the answer to both questions is "yes," then the entity meets the definition of SHP. A SHP
would not be required to obtain an HPID, but may choose to obtain an HPID, or its CHP may
obtain an HPID on its behalf.
These are unchanged from the proposed rule.
Required and Permitted Use of the HPID
A covered entity must use an HPID to identify a health plan that has an HPID when a covered
entity identifies a health plan in a transaction for which the Secretary has adopted a standard.
Covered entities would obtain the HPIDs of health plans from the health plans themselves or
from the HPID Enumeration System. If a covered entity uses a business associate to conduct
standard transactions on its behalf, the covered entity must require that its business associate use
an HPID in each field where the business associate identifies a health plan that has an HPID in
all covered transactions.
The HPID may also be used for any other lawful purpose that requires the identification of health
plans. Some examples of permitted uses include the following:
•
•
Health plans may use HPIDs in their internal files to facilitate processing of health care
transactions.
A health plan may use an HPID on a health insurance card.
•
•
•
•
The HPID may be used as a cross-reference in health care fraud and abuse files and other
program integrity files.
Health care clearinghouses may use HPIDs in their internal files to create and process
standard and non-standard transactions, and in communications with health plans and
health care providers.
HPIDs may be used to identify health plans in Health Information Exchanges(HIEs).
HPIDs may be used to identify health plans in Federal and State health insurance
exchanges.
Minor wording modification from the proposed rule.
Enumeration Requirements for Health Plans
CHPs must obtain an HPID for themselves and use it if they are to be identified in a covered
transaction. CHPs may obtain an HPID for their SHPs or direct their SHPs to obtain one. SHPs
may obtain their own regardless of whether or not their CHP directs them to.
Health plans with the exception of small health plans must obtain an
HPID by November 5, 2014. Small health plans must obtain an HPID by November 5,
2015. Covered entities must use HPIDs in the standard transactions on or after
November 7, 2016.
Self-insured group health plans are included in the definition of health plan in §160.103. Because
of this, self-insured group health plans will need to obtain a health plan identifier if they meet the
definition of a CHP.
Unchanged from proposed rule.
Structure of the HPID
The HPID will be a 10-digit, all-numeric identifier with a Luhn check-digit as the tenth digit.
The Luhn check-digit is an algorithm used most often on credit cards as a check sum to validate
that the card number issued is correct.
Unchanged from proposed rule.
Key Provisions for the OEID
The Other Entity Identifier (OEID) will be an optional identifier for other entities for use in
standard transactions. The OEID will serve as an identifier for entities that are not health plans,
health care providers, or "individuals3" yet need to be identified in standard transactions. These
other entities would not be required to obtain an OEID, but they could obtain and use one if they
needed to be identified in covered transactions. If they obtained an OEID, these entities would be
expected to use it and disclose it upon request to entities that need to identify such entities for
covered transactions. Obtaining and using the OEID is voluntary.
Unchanged from proposed rule.
The Enumeration System
The Enumeration System will assign (and deactivate) unique HPIDs and OEIDs to eligible
health plans and eligible other entities, respectively. The Enumeration System will also
disseminate information through a publicly available searchable database or through
downloadable files. HPIDs and OEIDs would only be assigned by the Enumeration System
through an online application process.
Minor wording change from proposed rule.
CMS is still in the process of collecting information and developing the Enumeration System and
will take the comments and suggestions received into consideration.
Retail Pharmacy Transactions
The HPID will not be required in place of the existing BIN/IIN and PCN identifier in retail
pharmacy transactions.
Unchanged from proposed rule.