April 19, 2007 issue of Sibson Consulting's Capital Checkup

print this page

April 19, 2007

STEPS HEALTH PLAN SPONSORS CAN TAKE TO PREPARE FOR THE MAY 23, 2007 DEADLINE FOR USING HIPAA NATIONAL PROVIDER IDENTIFIERS

The Health Insurance Portability and Accountability Act (HIPAA) requires health plans to use a new National Provider Identifier (NPI) when conducting certain HIPAA Electronic Data Interchange (EDI) standard transactions. The May 23, 2007 deadline for health plans (other than small health plans) to use the NPI is just around the corner.¹ This Capital Checkup outlines steps that health plan sponsors should consider as they prepare to comply.

If Possible, Comply by the Deadline

Health plan sponsors that conduct HIPAA EDI standard transactions should continue their efforts to use NPIs instead of existing legacy identifiers by the deadline. The NPI will replace legacy identifiers, not the provider's Tax Identification Number (TIN), which will also be required on claims transactions. Timely compliance will require active outreach by the plan and its service providers involved in the EDI process to obtain NPIs and to test transactions using the new NPIs.

Consider Adopting a "Contingency Plan"

Sometimes, no matter how hard a health plan sponsor has worked to achieve compliance, complete compliance by the deadline is not possible due to a lack of readiness of trading partners (e.g., health care providers who have not yet obtained their NPIs) or glitches in the software provided by information technology vendors. As the Centers for Medicare & Medicaid Services (CMS) has long recognized, it takes two compliant parties – one on each side of the transaction – to achieve full compliance.

Concern about the health industry's state of readiness led the CMS to issue important enforcement guidance on April 2, 2007.² That guidance gives health plan sponsors the green light to adopt an NPI compliance contingency plan, but only under certain circumstances. Under such a contingency plan, a plan could continue to process non-compliant claims until May 23, 2008 if it is necessary to do so to ensure a smooth flow of payments.

CMS makes clear, however, that health plans must have made – and must continue to make – good faith efforts to comply with the NPI requirement. This is not an extension of the deadline. Rather, it signifies flexibility in how CMS will enforce the law in the event a complaint is filed with CMS. Specifically, to avoid the imposition of penalties for non-compliance, plans must be able to demonstrate that they made diligent and reasonable efforts to become compliant (including active outreach and testing with trading partners) before the deadline and that they continued to so during the time the contingency plan was deployed.

Document Compliance Efforts

Health plan sponsors should document the compliance activities both before and after the May 23, 2007 deadline. Such documentation will be the only way to demonstrate good faith compliance. Documentation of good faith could include some of the following steps:

Increase external testing of NPIs with health care providers.
Conduct outreach to the provider community, such as letters to providers or information about NPIs on the plan's Web site.
Evidence of planning with information technology staff to accept NPIs and phase out legacy identifiers.

Health plan sponsors that adopted a similar contingency plan in 2003 prior to the October 16, 2003 compliance date for the EDI transactions standards will be familiar with this process. Plan sponsors should consult with legal counsel as to whether the documentation of their good faith compliance efforts is consistent with CMS requirements.

CMS Enforcement Action Will Continue to Be Complaint-Driven

CMS reiterates in this recent NPI guidance that its approach to enforcement of the HIPAA administrative simplification rules focuses on voluntary compliance and is complaint-driven. If a complaint is received by CMS, CMS will notify the plan and provide the plan with the opportunity to demonstrate compliance or its good faith efforts to comply.

As with all issues involving the interpretation or application of laws and regulations, plan sponsors should rely on their attorneys for authoritative advice on the interpretation and application of HIPAA. Sibson Consulting can be retained to work with plan sponsors and their attorneys to comply with all aspects of HIPAA Administrative Simplification: Electronic Data Interchange, Privacy and Security.


¹	For more information about the NPI deadline, see The Segal Company's December 2006 Bulletin, "Deadline for Health Plans to Use New HIPAA National Provider Identifier Approaching". (To return to the Capital Checkup text, click here.)

²	To see the CMS guidance, click here to see the Bulletin. (To return to the Capital Checkup text, click here.)

Capital Checkup is Sibson Consulting's periodic electronic newsletter summarizing activity in Washington with respect to health care and related subjects. Capital Checkup is for informational purposes only. It is not intended to provide guidance on current laws or pending legislation. On all issues involving the interpretation or application of laws and regulations, plan sponsors should rely on their attorneys for legal advice. For back issues of Capital Checkup, click here.