On Oct. 25, 2019, the Department of Health and Human Services (HHS) released a final rule to rescind the HPID and requirements for its use. Under HIPAA, HHS is required to adopt standards for certain electronic transactions. One of the standards is a unique identifier for health plans—the HPID.
In 2012, HHS released a final rule that included deadlines for health plans to obtain their own identifiers and start using them in HIPAA transactions. However, based on industry feedback, HHS indefinitely delayed the HPID requirement before the final rule’s deadlines. HHS has now withdrawn the HPID requirement because it has concluded that the HPID does not serve a valid purpose.
Health plans are not required to obtain HPIDs and the HPID is not required to be used in HIPAA transactions. The health care industry may continue to use its own standard payer identifier. HHS will deactivate any HPIDs in its system and notify all active users about the deactivation. It is possible that HHS will adopt a more effective HPID standard in the future, considering input from the health care industry.
Background
The HPID is a standard, unique health plan identifier that is primarily for use in HIPAA standard transactions. The HPID is intended to address any industry confusion of having multiple ways to identify a health plan in a transaction. HHS released a final rule adopting the HPID standard on Sept. 5, 2012. The final rule would have required most self-insured health plans to obtain their own HPID. For insured plans, the health insurance issuer, not the employer sponsoring the plan, would have been required to obtain the HPID.
The final rule provided that the deadline for health plans (except small health plans) to obtain their HPIDs was Nov. 5, 2014. Small health plans (those with annual gross receipts of $5 million or less) had an additional year to comply, until Nov. 5, 2015. Also, the final rule provided that, by Nov. 7, 2016, all covered entities must use the HPID in standard transactions involving health plans that have an identifier.
Enforcement Delay
After issuing the final rule, HHS received feedback from the health care industry that the HPID’s implementation would be disruptive, costly and counterproductive to administrative simplification. According to industry experts, the confusion that the HPID was intended to address had already been resolved by the industry’s voluntary adoption of a standardized payer identifier, or Payer ID, in HIPAA transactions.
Based on this feedback, on Oct. 31, 2014, HHS delayed the enforcement of the HPID requirement until further notice. This enforcement delay meant that health plans were not required to obtain an HPID and covered entities were not required to use the HPID in standard transactions.
Final Rule
HHS’ final rule rescinds the HPID requirement. According to HHS, its decision to withdraw the HPID stems from a careful assessment of industry input. This input demonstrates that:
- The health care industry has developed best practices for using Payer IDs to conduct HIPAA transactions. The HPID does not have a place in these transactions, and from the industry’s perspective, does not facilitate administrative simplification.
- It would be a costly, complicated and burdensome disruption for the industry to have to implement the HPID.
HHS may work with stakeholders in the future to explore options for a more effective HPID. In the meantime, HHS will deactivate each HPID record in its Health Insurance Oversight System (HIOS), a secure HHS web-based application that collects and stores information about health plans and health insurance issuers. HHS will also send an email notice to all active HIOS users explaining the deactivation of the HPIDs.