[Federal Register Volume 62, Number 142 (Thursday, July 24, 1997)]
[Notices]
[Pages 39844-39847]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-19492]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES


National Committee on Vital and Health Statistics: Publication of 
Recommendations Relating to HIPAA Health Data Standards

AGENCY: Office of the Secretary.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: Section 1172(f) Subtitle F of Pub. L. 104-191, the Health 
Insurance Portability and Accountability Act of 1966, requires the 
Secretary of Health and Human Services to publish in the Federal 
Register any recommendation of the National Committee on Vital and 
Health Statistics (NCVHS) regarding the adoption of a data standard 
under that

[[Page 39845]]

law. Accordingly, the full text of the initial set of NCVHS 
recommendations relating to HIPAA data standards is reproduced below. 
The text of the recommendations is also available on the NCVHS website: 
http://aspe.os.dhhs.gov/ncvhs/. The executive summary of the NCVHS 
recommendations to HHS relating to health information privacy and 
confidentiality is also reproduced below. The full text of the NCVHS 
privacy report is available on the NCVHS website.

SUPPLEMENTARY INFORMATION: Under the Administrative Simplification 
provisions of the Health Insurance Portability and Accountability Act 
of 1966 (HIPAA), the Secretary of Health and Human Services is required 
to adopt standards for specified administrative health care 
transactions to enable information to be exchanged electronically. The 
law requires that, within 24 months of adoption, all health plans, 
health care clearinghouses and health care providers who choose to 
conduct these transactions electronically must comply with these 
standards. Further, the law requires the Secretary to submit to 
Congress detailed recommendations on standards with respect to the 
privacy of individually identifiable health information. In preparing 
these reports and recommendations, the Secretary is required to consult 
with the NCVHS, the statutory public advisory body to HHS on health 
data, privacy and health information policy. On June 27, 1997, the 
Committee submitted a set of initial recommendations relating to health 
data standards. In accordance with the law, the full text of the 
recommendations is published below. The executive summary of the NCVHS 
privacy report also is reproduced below.

Recommendations Relating to the National Provider Identifier

The Honorable Donna E. Shalala,
Secretary of Health and Human Services,
200 Independence Avenue, SW.,
Washington, DC 20201.

    Dear Secretary Shalala: On behalf of the National Committee on 
Vital and Health Statistics (NCVHS), I am pleased to forward to you 
our recommendations relating to the first of the health data 
standards being proposed for adoption in accordance with the 
administrative simplification provisions of the Health Insurance 
Portability and Accountability Act of 1996 (HIPAA). HIPAA outlines a 
new approach to the adoption of data standards to support electronic 
data interchange in the health industry in the United States, in a 
framework that protects the privacy and security of health 
information. The law assigns to you the responsibility for adopting 
such standards by February 1998. It also asks you to provide 
detailed recommendations to Congress with respect to the privacy of 
individually identifiable health information by next August. The 
NCVHS is very pleased to provide support, advice and consultation to 
you in this effort.
    To assist in carrying out our advisory responsibilities to you, 
the NCVHS, in collaboration with HHS, has held a number of public 
hearings to obtain input and advice from throughout the health 
industry, State government, and the research and public health 
communities. The first of the health data standards to be proposed 
for adoption is the unique identifier for health providers, which 
HHS has had under development for some time and which we understand 
is planned for Federal Register publication in July for review and 
comment.
    The NCVHS has been briefed on the proposal for the National 
Provider Identifier (NPI), and we offer our strong support. The 
proposal includes an eight digit alphanumeric identifier that would 
be assigned to all providers, along with essential identifying 
information. The identifier includes a check digit and contains no 
embedded intelligence. We recommend that HHS proceed to publish the 
proposal for public comment without delay. While public comments are 
likely on the technical details of the number and the optimal 
approach to enumeration, we have found broad support for the 
proposal in general and urge you to proceed.
    The Committee did identify one concern that we bring to your 
attention. The NPI, like all of the subsequent standards to be 
adopted, should be conceived of as a generic industry-wide standard 
and it should not contain any requirements that are specific to 
individual programs--government programs or otherwise. It is our 
understanding that information about HHS Inspector General sanctions 
against providers is being considered as part of the NPI system.
    We believe that this approach undermines the principle of a 
generic industry-wide standard and makes the successful 
implementation of the first standard needlessly difficult and 
controversial. While we are supportive of HHS efforts to prevent and 
detect health care fraud and abuse, we strongly recommend against 
the inclusion of sanctions information as part of the NPI system 
itself. The OIG provider sanctions information is already public, 
and it can be further publicized in other ways. We do agree that the 
use of the NPI to facilitate access to health care fraud and abuse 
information in other data systems is both appropriate and consistent 
with the intent of the statue.
    We appreciate your national leadership in health data standards, 
electronic data interchange and privacy, and we are privileged to 
work with you on these issues.
        Sincerely,
Don E. Detmer, M.D.,
Chairman.

Recommendations Relating to Transaction Standards

The Honorable Donna E. Shalala,
Secretary of Health and Human Services, 200 Independence Avenue, SW, 
Washington, DC 20201.
    Dear Secretary Shalala: On behalf of the National Committee on 
Vital and Health Statistics (NCVHS), I am pleased to forward to you 
our recommendations relating to some of the health data standards 
being proposed for adoption in accordance with the administrative 
simplification provisions of the Health Insurance Portability and 
Accountability Act of 1996 (HIPAA). As you are aware, HIPAA outlines 
a new approach to the adoption of data standards to support 
electronic data interchange in the health industry in the United 
States, in a framework that protects the privacy and security of 
health information. The law assigns to you the responsibility for 
adopting such standards by February 1998. It also asks you to 
provide detailed recommendations to Congress with respect to the 
privacy of individually identifiable health information by next 
August. The NCVHS is very pleased to provide support, advice, and 
consultation to you in this effort.
    To assist in carrying out our advisory responsibilities to you, 
the NCVHS, in collaboration with HHS, has held a number of public 
hearings to obtain input and advice from throughout the health 
industry, State government, and the research and public health 
communities. We have heard a great deal of input from the private 
and public sectors, and have synthesized that input into the 
following recommendations regarding the administrative 
simplification standards.

Administrative Transaction Messages

    The NCVHS recommends that you adopt the following standards for 
transmission of administrative and financial transactions. In 
addition, we recommend that you specify the acceptable versions and 
implementation guides for these standards at the time the final 
rules are issued.

Health Claims * or Equivalent Encounter Information

Pharmacy--NCPDP Telecommunications Standard Format
Institutional--ASC X12N Health Care Claim (837)
Professional--ASC X12N Health Care Claim (837)
Dental--ADA Implementation Guide for ASC X12N 837

* The X12N standard for claims includes standard information for 
coordination of benefits.

Enrollment and Disenrollment in a Health Plan

ASC X12N Benefit Enrollment and Maintenance (834)

Eligibility for a Health Plan

ASC X12N Health Care Eligibility/Benefit Inquiry (270)
ASC X12N Health Care Eligibility/Benefit Information (271)

Health Care Payment and Remittance Advice

ASC X12N Health Care Claim Payment/Advice (835)

[[Page 39846]]

Health Care Premium Payments

ASC X12N Consolidated Service Invoice/Statement (811)
ASC X12N Payment Order/Remittance Advice (820)

First Report of Injury

ASC X12N Report of Injury, Illness or Incident (148)

Health Claim Status

ASC X12N Health Care Claim Status Request (276)
ASC X12N Health Care Claim Status Notification (277)

Referral Certification and Authorization

ASC X12N Health Care Service Review Information (278)

    The adoption of a standard for claim attachments is not due 
until next year, so we will make a timely recommendation for that 
transaction at a later time.
    Although we recommend that institutional and professional claims 
should move to the ANSI X12N 837 standard, we recommend a strategy 
to ease the transition for providers and payers that currently rely 
on the older NSF or UB92 flat-file formats for electronic claims 
submissions. We have learned at the hearings that the financial 
health of providers is extremely sensitive to the timing of payments 
for claims submitted. As a result, there is some fear in the 
industry that pushing this transition to the 837 too rapidly could 
lead to financial failures if payments were delayed because of 
technical problems during the conversion. We recommend a transition 
strategy whereby willing trading partners, by mutual agreement, 
could continue to use existing flat-file mechanisms (NSF and UB92) 
to exchange claim transactions until February, 2002. Strict 
adherence to section 1175 of HIPAA (which forbids plans from 
refusing standard transactions or delaying payment on the grounds 
that a transaction is standard) will be expected and should be 
enforced.

Transaction Data Content

    The Committee has a long history of national leadership on 
health data content issues. We will review the information now being 
collected by HHS in the master data dictionary of transaction data 
elements and, once that is available, will formulate our 
recommendations. The Committee's recommendations on data content 
also will include specific recommendations for a process for 
changing, maintaining, and updating the standard data content 
specifications for the above administrative transactions. As part of 
our ongoing responsibilities, we will continue to advise you on the 
need for new data elements, as well as deletions and modifications 
to current data elements, for health care transactions.
    At this time, we would like to make specific recommendations 
about several data elements. In a previous communication, we 
endorsed HCFA's NPI proposal for a unique identifier for providers. 
The Committee would like to endorse the HCFA proposed Payer ID as 
the national standard for the payer identifier. A recommendation on 
the individual identifier may follow, after the Committee has had 
opportunity to review and discuss the commissioned report on this 
topic.
    The Committee recommends that diagnosis and procedure coding 
continue to use the current code sets because replacements will not 
be ready for implementation by the year 2000. ICD-9-CM diagnosis 
codes, ICD-9-CM Volume 3 procedure codes, and HCPCS (including CPT 
and CDT) procedure codes should be adopted as the standards to be 
implemented by the year 2000. Annual updates to ICD-9-CM and HCPCS 
should continue to follow the schedule currently used. In addition, 
we recommend that you advise industry to build and modify their 
information systems to accommodate a change to ICD-10-CM diagnostic 
coding in the year 2001 and a major change to a unified approach to 
coding procedures (yet to be defined) by the year 2002 or 2003. We 
recommend that you identify and implement an approach for procedure 
coding that addresses deficiencies in the current systems, including 
issues of specificity and aggregation, unnecessary redundancy, and 
incomplete coverage of health care providers and settings. The 
committee will continue its leadership and participation in this 
endeavor.

Security Standards

    Security standards will be recommended by the Committee after 
hearings are held on this topic. These hearings are currently 
scheduled for August.
    We appreciate your national leadership in health data standards, 
electronic data interchange and privacy, and we are privileged to 
work with you on these issues.

        Sincerely,
Don E. Detmer, M.D.,
Chairman.

Recommendations Relating to Privacy

The Honorable Donna E. Shalala,
Secretary of Health and Human Services, 200 Independence Avenue 
S.W., Washington, D.C. 20201.
    Dear Secretary Shalala: On behalf of the National Committee on 
Vital and Health Statistics (NCVHS), I am pleased to forward to you 
our recommendations relating to health information privacy. The 
Health Insurance Portability and Accountability Act of 1996 (HIPAA) 
requires you to provide detailed recommendations to the Congress 
with respect to the privacy of individually identifiable health 
information by August 1997. The law also directs you to consult with 
the NCVHS in developing your recommendations. The enclosed report is 
submitted in support of this responsibility.
    In developing our recommendations to you for health information 
privacy, the NCVHS Subcommittee on Privacy and Confidentiality held 
six full days of public hearings during which we heard from 43 
witnesses from the industry, privacy community, State government, 
and public health and research communities. We also benefited from 
two additional days of public hearings in San Francisco where we 
heard from an additional 40 witnesses from across the health 
industry spectrum, including a number of representatives from the 
privacy and patient advocacy community.
    The NCVHS recommends that you and the Administration assign the 
highest priority to the development of a strong position on health 
privacy. The NCVHS also recommends that the 105th Congress enact a 
health privacy law before it adjourns in the fall of 1998.
    We appreciate your leadership on health information privacy, and 
offer our continuing assistance in addressing this national issue.

        Sincerely,
Don E. Detmer, M.D.,
Chairman.
Enclosure

Health Privacy and Confidentiality Recommendations of the National 
Committee on Vital and Health Statistics

Executive Summary

    The Health Insurance Portability and Accountability Act requires 
the Secretary of Health and Human Services to consult with the 
National Committee on Vital and Health Statistics when developing 
recommendations on standards for the protection of the privacy of 
individually identifiable health information. This report is the 
Committee's advice to the Secretary.
    The Committee finds that the United States is in the midst of a 
health privacy crisis. Patients must feel comfortable in 
communicating sensitive personal information. Delays in passing 
privacy legislation will allow additional and uncontrolled uses of 
health information to develop.
    The Committee recommends that the Secretary and the 
Administration assign the highest priority to the development of a 
strong position on health privacy that provides the highest possible 
level of protection for the privacy rights of patients. The 
Committee also unanimously recommends that the 105th Congress enact 
a health privacy law before it adjourns in the fall of 1998.
    Health privacy legislation presents only hard choices and 
difficult tradeoffs. The importance of trust in the provider-patient 
relationship must be preserved. Health records are used to improve 
the quality of health care, reduce the costs of health care, expand 
the availability of health care, protect the public health, and 
assure public accountability of the health care system. Privacy 
competes with all of these objectives, and it is not easy to strike 
a fair balance between privacy and these other worthy goals. The 
Committee has no doubt, however, that a privacy bill can be passed 
that balances the interests of patients with the needs of the health 
care system.
    The Committee calls for a law that will require creators and 
users of identifiable health care information to establish a full 
range of fair information practices, including a patient's right of 
access to records, right to seek amendment of records, and right to 
be informed about users of health information. The law must also 
impose restrictions on

[[Page 39847]]

disclosure and use of the information, require adequate security, 
impose sanctions for violations, and increase reliance on non-
identifiable information whenever possible.
    The Committee strongly supports the use of health records for 
health research, subject to independent review of research protocols 
and other procedural protections for patients. The Committee also 
strongly supports the use of health records for public health 
purposes, subject to substantive and procedural barriers 
commensurate with the importance of the public health functions. The 
Committee believes that patients need strong substantive and 
procedural protections if their health records are to be disclosed 
to law enforcement officials.
    The Committee strongly supports limiting use and disclosure of 
identifiable information to the minimum amount necessary to 
accomplish the purpose. The Committee also strongly believes that 
when identifiable health information is made available for non-
health uses, patients deserve a strong assurance that the data will 
not be used to harm them.

    Contact Person for More Information: Information about the 
Committee as well as the text of the HIPAA recommendations is available 
on the NCVHS website or from James Scanlon, NCVHS Executive Staff 
Director, Office of the Assistant Secretary for Planning and 
Evaluation, DHHS, Room 440-D, Hubert H. Humphrey Building, 200 
Independence Avenue S.W., Washington, D.C. 20201, telephone (202) 690-
7100, or Marjorie S. Greenberg, Executive Secretary, NCVHS, NCHS, Room 
1100, Presidential Building, 6525 Belcrest Road, Hyattsville, Maryland 
20782, telephone (301) 436-7050.

    Dated: July 18, 1997.
James Scanlon,
Director, Division of Data Policy, Office of the Assistant Secretary 
for Planning and Evaluation.
[FR Doc. 97-19492 Filed 7-23-97; 8:45 am]
BILLING CODE-4151-04-M