[Congressional Record Volume 144, Number 23 (Monday, March 9, 1998)]
[Senate]
[Pages S1661-S1662]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




  HEALTH INSURANCE STANDARDS: NEW FEDERAL LAW CREATES CHALLENGES FOR 
            CONSUMERS, INSURERS, REGULATORS (GAO/HEHS 98-67)

 Mr. JEFFORDS. Mr. President, as Chairman of the Labor and 
Human Resources Committee, I have closely monitored the implementation 
of the Health Insurance Portability and Accountability Act of 1996 
(HIPAA) over the past year to ensure its successful implementation and 
consistency with legislative intent.
  On February 11, 1997, the Committee held its first oversight hearing 
on proposed HIPAA regulations relating to minimum standards for the 
access, portability, and renewability of health coverage for both fully 
insured and self-funded plans. Today, I am releasing a new GAO Report, 
entitled ``Health Insurance Standards: New Federal Law Creates 
Challenges for Consumers, Insurers, Regulators (GAO/HEHS 98-67),'' that 
examines the HIPAA first year implementation issues and challenges that 
consumers, issuers of health coverage, state insurance regulators, and 
federal regulators have faced since HIPAA's passage. The findings of 
this report will be the focus of a second Labor Committee HIPAA 
oversight hearing that is scheduled for March 19, 1998.
  One of HIPAA's most important features is that it provides people who 
lose their group insurance coverage with guaranteed access to coverage 
in the individual market--regardless of their health status. However, 
the GAO found that the complex nature of the law, as well as, insurance 
carrier practices, and insurance product pricing have hindered many 
consumers from benefiting from this provision. Some insurance carriers 
have charged rates that are 140 to 600 percent of the standard premium 
to people who lose group coverage, and, thus, effectively discouraging 
them from obtaining the needed individual health insurance coverage. In 
addition, HIPAA guarantees access to coverage only if certain 
eligibility criteria have been met. These criteria include having a 
minimum of 18 months of prior coverage, the exhaustion of all residual 
employer coverage, and the application for individual coverage within 
63 days of the termination of group coverage. Many consumers are not 
aware of these requirements and are at risk of forfeiting their right 
to coverage in the individual market.
  Another GAO finding relates to HIPAA's certificate of coverage 
requirement. Health coverage providers, including employers and 
insurance carriers, believe that certain HIPAA regulatory provisions 
create an administrative burden, unanticipated consequences, and the 
potential for consumer abuse.
  Although most insurance issuers comply with the Act by providing the 
mandated certificate of coverage to individuals terminating their 
insurance, most believe that the process is costly and unnecessary. 
They feel it would be more efficient to issue the certificates of 
coverage only to those who request them. The GAO also examined the 
guaranteed renewal provision and its relationship to other programs 
such as Medicare. Once eligible for Medicare, HIPAA does not permit 
issuers to cancel individual coverage. As a consequence, consumers 
could be left with more expensive, redundant coverage. In addition, the 
GAO found that the special enrollment periods for group plan enrollees 
may create opportunities for consumer abuse. Individuals could switch 
from plans with large deductibles to those with ``first dollar'' low 
deductibles in anticipation of medical expenses. Insurance issuers fear 
such practices will raise overall costs.
  The GAO found that implementing and enforcing HIPAA has been 
challenging for state insurance regulators due to certain unclear 
provisions. The provisions cited by the GAO that may need further 
clarification include those relating to risk-spreading, preexisting 
conditions, nondiscrimination, and the late enrollee requirements in 
the group market. The process of clarifying these regulations by the 
three federal agencies involved in implementing HIPAA (DHHS, DOL and 
IRS) is ongoing.
  The report also confirms that federal regulators have faced an 
overwhelming, new role under HIPAA. In the five states that have failed 
to pass the legislation required by HIPAA (CA, MA, MI, RI and MO), the 
Department of Health and Human Services is now required to act as 
insurance regulator for certain provisions. The department may also 
have to play a regulatory role in the District of Columbia and some 
U.S. territories. Meeting these new state regulatory duties has put a 
financial burden on the agency. As a result, DHHS has requested an 
additional $15.5 million to fund 65 new full time equivalent staff and 
contractor support for HIPAA related enforcement activities in fiscal 
year 1999.
  Mr. President, this new GAO report updates the progress in 
implementing the Health Insurance Portability and Accountability Act of 
1996 and highlights important areas for additional oversight. Consumers 
leaving their group coverage are facing barriers to individual 
coverage. Some issuers of health coverage are concerned about the 
additional administrative burden of HIPAA and its possible unintended 
consequences. And there are areas of the law that need further 
clarification for state regulators. The Department

[[Page S1662]]

of Health and Human Services' new role implementing and enforcing HIPAA 
may also require additional resources.
  In addition to this report, another GAO report on the extent to which 
large employers have access to health insurance will be completed by 
the end of May. These two GAO reports and their findings will help 
Congress in our quest to ensure a successful implementation of the 
Health Insurance Portability and Accountability Act of 1996.
  Mr. President, I ask that the executive summary of the report be 
printed in the Record.
  The executive summary follows:


                            results in brief

       Although HIPAA provides people losing group coverage the 
     right to guaranteed access to coverage in the individual 
     market regardless of health status, consumers attempting to 
     exercise their right have been hindered by carrier practices 
     and pricing and by their own misunderstanding of this complex 
     law. Among the 13 states where this provision first took 
     effect, many consumers who had lost group coverage 
     experienced difficulty obtaining individual market coverage 
     with guaranteed access rights, or they paid significantly 
     higher rates for such coverage. Some carriers have 
     discouraged individuals from applying for the coverage or 
     charged them rates 140 to 600 percent of the standard 
     premium. Carriers charge higher rates because they believe 
     individuals who attempt to exercise HIPAA's individual market 
     access guarantee will, on average, be in poorer health than 
     others in the individual market. In addition, many consumers 
     do not realize that the access guarantee applies only to 
     those leaving group coverage who meet other eligibility 
     criteria. For example, individuals must have previously had 
     at least 18 months of coverage, exhausted any residual 
     employer coverage available, and applied for individual 
     coverage within 63 days of group coverage termination. 
     Consumers who misunderstand these restrictions are at risk of 
     losing their right to coverage.
       Issuers of health coverage believe certain HIPAA regulatory 
     provisions result in (1) an excessive administrative burden, 
     (2) unanticipated consequences, and (3) the potential for 
     consumer abuse. Although issuers appear to be generally 
     complying with the requirement to provide a certificate of 
     coverage to all individuals terminating coverage, some 
     issuers continue to suggest that the process is burdensome 
     and costly and that many of these certificates may not be 
     needed. These issuers, as well as many state regulators, 
     believe that issuing the certificates only to consumers who 
     request them would serve the purpose of the law for less 
     cost. Also, issuers fear that HIPAA's guaranteed renewal 
     provision may create several unanticipated consequences for 
     those eligible for Medicare or holding policies designed for 
     certain targeted populations. For example, HIPAA does not 
     permit issuers to cancel coverage of individuals once they 
     become eligible for Medicare. Consequently, some individuals 
     could pay more for redundant coverage. Likewise, for 
     individuals enrolled in subsidized insurance programs for 
     low-income persons, HIPAA may require that such coverage be 
     renewed after these individuals' income exceeds program 
     eligibility limits. Finally, certain protections for group 
     plan enrollees may create the opportunity for consumer abuse. 
     HIPAA's establishment of special enrollment periods may give 
     employees an incentive to forgo coverage until they become 
     ill, and guarantees of credit for prior coverage in the group 
     market could provide enrollees an incentive to switch from 
     low-cost, high-deductible coverage to low-deductible 
     (``first-dollar'') coverage when medical care becomes 
     necessary. Some issuers fear that the overall cost of 
     coverage could increase if such abuses became widespread.
       State insurance regulators have encountered difficulties in 
     their attempts to implement and enforce HIPAA provisions 
     where they found federal guidance to lack sufficient clarity 
     or detail. For example, regulators say unclear risk-spreading 
     requirements contribute to the high costs faced by certain 
     eligible individuals attempting to exercise their right to 
     guaranteed access in the individual market. Lacking 
     sufficient detail, for example, was guidance to implement 
     nondiscrimination and late enrollee requirements in the group 
     market.
       Federal regulators face an unexpectedly large regulatory 
     role under HIPAA that could strain HHS' resources and impair 
     its oversight effectiveness. In five states that reported 
     they had not passed legislation to implement HIPAA provisions 
     by the end of 1997, HHS, as required, has begun performing 
     functions similar to a state insurance regulator, such as 
     approving insurance products and responding to consumer 
     complaints. In addition, HHS may be required to play a 
     regulatory role in some of the other states, the District of 
     Columbia, and the U.S. territories that have yet to pass 
     legislation to implement certain HIPAA provisions. 
     Consequently, the full extent of HHS' regulatory role under 
     HIPAA is not yet known.
       Partly in response to health insurance issuers' and state 
     regulators' concerns, federal agencies issued further 
     regulatory guidance on December 29, 1997, intended to clarify 
     current HIPAA regulations such as those related to 
     nondiscrimination and late enrollment in group health plans. 
     Agencies expect to continue supplementing and clarifying the 
     interim regulations in other areas where problems may arise. 
     To address its resource constraints, HHS has reprogrammed 
     resources and requested additional resources as part of its 
     fiscal year 1999 appropriations.

                          ____________________