Health plans now may begin applying for the standard health plan identifier required by HIPAA, CMS has announced. The online application was posted March 29 on CMS’ Health Plan and Other Entity Enumeration System (HPOES).
Most HIPAA-covered health plans, including employer group health plans, must obtain an HPID by Nov. 5, 2014, except that “small health plans” as defined by HIPAA have an extra year. “Sub-health plans” that are controlled by other health plans may obtain an HPID but are not required to (although the controlling health plan may direct them to do so). Entities like third-party administrators that are not health plans but perform certain health plan roles may obtain an “other entity identifier.”
HPOES is housed in CMS’ Health Insurance Oversight System, which now must be accessed via the CMS Enterprise Portal. HPOES users first must register themselves and their organizations, then select the type of application (CHP, SHP or OEID).
SHP applicants must identify the relevant CHP, and CHPs must name an “authorizing official.” All plans must provide the National Association of Insurance Commissioners number or payer ID that they have been using in standard transactions. SHPs must classify themselves as a company, issuer, product, line of business or other category.
OEID applicants must identify their business type, an authorizing official and a payer ID or “atypical provider ID” used in standard transactions. An organization may apply for an OEID if it needs to be identified in standard transactions and is not eligible for an HPID or National Provider Identifier.
Actual use of HPIDs and OEIDs by health plans and providers will not be required until Nov. 7, 2016. In the final HPID rules issued Sept. 5, 2012, HHS established this gradual time frame to avoid some of the implementation problems that have plagued the NPI and other efforts. Once the rules take full effect, the HPID or OEID must be used in the standard transactions when the health plan or other entity is identified, and may be used for any other lawful purpose as well.
HIPAA’s standard identifiers and other transaction rules are detailed in the Employer’s Guide to HIPAA and Employer’s Guide to HIPAA Privacy Requirements.