[Federal Register Volume 63, Number 115 (Tuesday, June 16, 1998)]
[Proposed Rules]
[Pages 32784-32798]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-15782]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary

45 CFR Part 142

[HCFA-0047-P]
RIN 0938-AI59


Health Insurance Reform: National Standard Employer Identifier

AGENCY: Health Care Financing Administration (HCFA), HHS.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: This rule proposes a standard for a national employer 
identifier and requirements concerning its use by health plans, health 
care clearinghouses, and health care providers. The health plans, 
health care clearinghouses, and

[[Page 32785]]

health care providers would use the identifier, among other uses, in 
connection with certain electronic transactions.
    The use of this identifier would improve the Medicare and Medicaid 
programs, and other Federal health programs and private health 
programs, and the effectiveness and efficiency of the health care 
industry in general, by simplifying the administration of the system 
and enabling the efficient electronic transmission of certain health 
information. It would implement some of the requirements of the 
Administrative Simplification subtitle of the Health Insurance 
Portability and Accountability Act of 1996.

DATES: Comments will be considered if we receive them at the 
appropriate address, as provided below, no later than 5 p.m. on August 
17, 1998.

ADDRESSES: Mail written comments (1 original and 3 copies) to the 
following address: Health Care Financing Administration, Department of 
Health and Human Services, Attention: HCFA-0047-P, P.O. Box 26676, 
Baltimore, MD 21207-0519.
    If you prefer, you may deliver your written comments (1 original 
and 3 copies) to one of the following addresses:

Room 309-G, Hubert H. Humphrey Building, 200 Independence Avenue, SW., 
Washington, DC 20201, or
Room C5-09-26, 7500 Security Boulevard, Baltimore, MD 21244-1850.

    Comments may also be submitted electronically to the following e-
mail address: [email protected]. For e-mail and comment 
procedures, see the beginning of SUPPLEMENTARY INFORMATION. For 
information on ordering copies of the Federal Register containing this 
document and on electronic access, see the beginning of SUPPLEMENTARY 
INFORMATION.

FOR FURTHER INFORMATION CONTACT: Mary Emerson, (410) 786-7065.
SUPPLEMENTARY INFORMATION:
    E-mail Comments, Procedures, Availability of Copies, and Electronic 
Access: E-mail comments should include the full name, postal address, 
and affiliation (if applicable) of the sender and must be submitted to 
the referenced address to be considered. All comments should be 
incorporated in the e-mail message because we may not be able to access 
attachments. Because of staffing and resource limitations, we cannot 
accept comments by facsimile (FAX) transmission. In commenting, please 
refer to file code HCFA-0047-P and the specific section or sections of 
the proposed rule. Both electronic and written comments received by the 
time and date indicated above will be available for public inspection 
as they are received, generally beginning approximately 3 weeks after 
publication of a document, in Room 309-G of the Department's offices at 
200 Independence Avenue, SW., Washington, DC, on Monday through Friday 
of each week from 8:30 a.m. to 5 p.m. (phone: (202) 690-7890). 
Electronic and legible written comments will also be posted, along with 
this proposed rule, at the following web site: http://aspe.os.dhhs.gov/
admnsimp/.
    Copies: To order copies of the Federal Register containing this 
document, send your request to: New Orders, Superintendent of 
Documents, P.O. Box 371954, Pittsburgh, PA 15250-7954. Specify the date 
of the issue requested and enclose a check or money order payable to 
the Superintendent of Documents, or enclose your Visa or Master Card 
number and expiration date. Credit card orders can also be placed by 
calling the order desk at (202) 512-1800 or by faxing to (202) 512-
2250. The cost for each copy is $8. As an alternative, you can view and 
photocopy the Federal Register document at most libraries designated as 
Federal Depository Libraries and at many other public and academic 
libraries throughout the country that receive the Federal Register.
    This Federal Register document is also available from the Federal 
Register online database through GPO Access, a service of the U.S. 
Government Printing Office. Free public access is available on a Wide 
Area Information Server (WAIS) through the Internet and via 
asynchronous dial-in. Internet users can access the database by using 
the World Wide Web http://www.access.gpo.gov/nara, by using local WAIS 
client software, or by telnet to swais.access.gpo.gov, then login as 
guest (no password required). Dial-in users should use communications 
software and modem to call (202) 512-1661; type swais, then login as 
guest (no password required).

I. Background

    [Please label written and e-mailed comments about this section with 
the subject: Background.]
    When claims are filed, employer information is used by health plans 
to identify the employer of the participant in the health plan and to 
develop coordination of benefits information.
    Employers may transmit information to health plans when enrolling 
or disenrolling an employee as a participant in a health plan. 
Employers, health care providers, and health plans may need to identify 
the source or receiver of eligibility or benefit information. Although 
the source or receiver is usually a health plan, it could be an 
employer. Employers, health care providers, and health plans may need 
to identify the employer when making or keeping track of health plan 
premium payments or contributions relating to an employee. In all cases 
where information about the employer is transmitted electronically, it 
would be beneficial to identify the employer using a standard 
identifier.

A. Legislation

    The Congress included provisions to address the need for a standard 
identifier and other administrative simplification issues in the Health 
Insurance Portability and Accountability Act of 1996 (HIPAA), Public 
Law 104-191, which was enacted on August 21, 1996. Through subtitle F 
of title II of that law, the Congress added to title XI of the Social 
Security Act a new part C, entitled ``Administrative Simplification.'' 
(Public Law 104-191 affects several titles in the United States Code. 
Hereafter, we refer to the Social Security Act as the Act; we refer to 
the other laws cited in this document by their names.) The purpose of 
this part is to improve the Medicare and Medicaid programs in 
particular and the efficiency and effectiveness of the health care 
system in general by encouraging the development of a health 
information system through the establishment of standards and 
requirements to facilitate the electronic transmission of certain 
health information.
    Part C of title XI consists of sections 1171 through 1179 of the 
Act. These sections define various terms and impose several 
requirements on HHS, health plans, health care clearinghouses, and 
certain health care providers concerning electronic transmission of 
health information.
    The first section, section 1171 of the Act, establishes definitions 
for purposes of part C of title XI for the following terms: code set, 
health care clearinghouse, health care provider, health information, 
health plan, individually identifiable health information, standard, 
and standard setting organization.
    Section 1172 of the Act makes any standard adopted under part C 
applicable to (1) all health plans, (2) all health care clearinghouses, 
and (3) any health care providers that transmit any health information 
in electronic form in connection with the transactions referred to in 
section 1173(a)(1) of the Act.

[[Page 32786]]

    This section also contains requirements concerning standard 
setting.
     The Secretary may adopt a standard developed, adopted, or 
modified by a standard setting organization (that is, an organization 
accredited by the American National Standards Institute (ANSI)) that 
has consulted with the National Uniform Billing Committee (NUBC), the 
National Uniform Claim Committee (NUCC), the Workgroup on Electronic 
Data Interchange (WEDI), and the American Dental Association (ADA).
     The Secretary may also adopt a standard other than one 
established by a standard setting organization, if the different 
standard will reduce costs for health care providers and health plans, 
the different standard is promulgated through negotiated rulemaking 
procedures, and the Secretary consults with each of the above-named 
groups.
     If no standard has been adopted by any standard setting 
organization, the Secretary is to rely on the recommendations of the 
National Committee on Vital and Health Statistics (NCVHS) and consult 
with each of the above-named groups.
    In complying with the requirements of part C of title XI, the 
Secretary must rely on the recommendations of the NCVHS, consult with 
appropriate State, Federal, and private agencies or organizations, and 
publish the recommendations of the NCVHS in the Federal Register.
    Paragraph (a) of section 1173 of the Act requires that the 
Secretary adopt standards for financial and administrative 
transactions, and data elements for those transactions, to enable 
health information to be exchanged electronically. Standards are 
required for the following transactions: health claims, health 
encounter information, health claims attachments, health plan 
enrollments and disenrollments, health plan eligibility, health care 
payment and remittance advice, health plan premium payments, first 
report of injury, health claim status, and referral certification and 
authorization. In addition, the Secretary is required to adopt 
standards for any other financial and administrative transactions that 
are determined to be appropriate by the Secretary.
    Paragraph (b) of section 1173 of the Act requires the Secretary to 
adopt standards for unique health identifiers for all individuals, 
employers, health plans, and health care providers and requires further 
that the adopted standards specify for what purposes unique health 
identifiers may be used.
    Paragraphs (c) through (f) of section 1173 of the Act require the 
Secretary to establish standards for code sets for each data element 
for each health care transaction listed above, security standards for 
health care information systems, standards for electronic signatures 
(established together with the Secretary of Commerce), and standards 
for the transmission of data elements needed for the coordination of 
benefits and sequential processing of claims. Compliance with 
electronic signature standards will be deemed to satisfy both State and 
Federal requirements for written signatures with respect to the 
transactions listed in paragraph (a) of section 1173 of the Act.
    In section 1174 of the Act, the Secretary is required to adopt 
standards for all of the above transactions, except claims attachments, 
within 18 months of enactment. The standards for claims attachments 
must be adopted within 30 months. Generally, after a standard is 
established it cannot be changed during the first year except for 
changes that are necessary to permit compliance with the standard. 
Modifications to any of these standards may be made after the first 
year, but not more frequently than once every 12 months. The Secretary 
must also ensure that procedures exist for the routine maintenance, 
testing, enhancement, and expansion of code sets and that there are 
crosswalks from prior versions.
    Section 1175 of the Act prohibits health plans from refusing to 
process or delaying the processing of a transaction that is presented 
in standard format. The Act's requirements are not limited to health 
plans; however, each person to whom a standard or implementation 
specification applies is required to comply with the standard within 24 
months (or 36 months for small health plans) of its adoption. A health 
plan or other entity may, of course, comply voluntarily before the 
effective date. Entities may comply by using a health care 
clearinghouse to transmit or receive the standard transactions. 
Compliance with modifications and implementation specifications to 
standards must be accomplished by a date designated by the Secretary. 
This date may not be earlier than 180 days after the notice of change.
    Section 1176 of the Act establishes a civil monetary penalty for 
violation of the provisions in part C of title XI of the Act, subject 
to several limitations. The Secretary is required by statute to impose 
penalties of not more than $100 per violation on any person who fails 
to comply with a standard, except that the total amount imposed on any 
one person in each calendar year may not exceed $25,000 for violations 
of one requirement. The procedural provisions in section 1128A of the 
Act, ``Civil Monetary Penalties,'' are applicable.
    Section 1177 of the Act establishes penalties for a knowing misuse 
of unique health identifiers and individually identifiable health 
information: (1) A fine of not more than $50,000 and/or imprisonment of 
not more than 1 year; (2) if misuse is ``under false pretenses,'' a 
fine of not more than $100,000 and/or imprisonment of not more than 5 
years; and (3) if misuse is with intent to sell, transfer, or use 
individually identifiable health information for commercial advantage, 
personal gain, or malicious harm, a fine of not more than $250,000 and/
or imprisonment of not more than 10 years.
    Under section 1178 of the Act, the provisions of part C of title XI 
of the Act, as well as any standards established under them, supersede 
any State law that is contrary to them. However, the Secretary may, for 
statutorily specified reasons, waive this provision.
    Finally, section 1179 of the Act makes the above provisions 
inapplicable to financial institutions or anyone acting on behalf of a 
financial institution when ``authorizing, processing, clearing, 
settling, billing, transferring, reconciling, or collecting payments 
for a financial institution.'' Although the provisions of the law are 
inapplicable to financial institutions when they are carrying out the 
listed financial functions, the provisions are applicable to financial 
institutions when they perform the functions of health care 
clearinghouses.
    Concerning this last provision, the conference report, in its 
discussion on section 1178, states:

    The conferees do not intend to exclude the activities of 
financial institutions or their contractors from compliance with the 
standards adopted under this part if such activities would be 
subject to this part. However, conferees intend that this part does 
not apply to use or disclosure of information when an individual 
utilizes a payment system to make a payment for, or related to, 
health plan premiums or health care. For example, the exchange of 
information between participants in a credit card system in 
connection with processing a credit card payment for health care 
would not be covered by this part. Similarly sending a checking 
account statement to an account holder who uses a credit or debit 
card to pay for health care services, would not be covered by this 
part. However, this part does apply if a company clears health care 
claims, the health care claims activities remain subject to the 
requirements of this part.'') (H.R. Rep. No. 736, 104th Cong., 2nd 
Sess. (1996) reprinted in 1996 U.S.C.C.A.N. 264, 265)

[[Page 32787]]

B. Process for Developing National Standards

    The Secretary has formulated a 5-part strategy for developing and 
implementing the standards mandated under Part C of title XI of the 
Act:
    1. To ensure necessary interagency coordination and required 
interaction with other Federal departments and the private sector, 
establish interdepartmental implementation teams to identify and assess 
potential standards for adoption. The subject matter of the teams 
includes claims/encounters, identifiers, enrollment/eligibility, 
systems security, and medical coding/classification. Another team 
addresses cross-cutting issues and coordinates the subject matter 
teams. The teams consult with external groups such as the NCVHS' 
Workgroup on Data Standards, WEDI, ANSI's Healthcare Informatics 
Standards Board, the NUCC, the NUBC, and the ADA. The teams are charged 
with developing regulations and other necessary documents and making 
recommendations for the various standards to the HHS' Data Council 
through its Committee on Health Data Standards. (The HHS Data Council 
is the focal point for consideration of data policy issues. It reports 
directly to the Secretary and advises the Secretary on data standards 
and privacy issues.)
    2. Develop recommendations for standards to be adopted.
    3. Publish proposed rules in the Federal Register describing the 
standards. Each proposed rule provides the public with a 60-day comment 
period.
    4. Analyze public comments and publish the final rules in the 
Federal Register.
    5. Distribute standards and coordinate preparation and distribution 
of implementation guides.
    This strategy affords many opportunities for involvement of 
interested and affected parties in standards development and adoption:
     Participate with standards development organizations.
     Provide written input to the NCVHS.
     Provide written input to the Secretary of HHS.
     Provide testimony at NCVHS' public meetings.
     Comment on the proposed rules for each of the proposed 
standards.
     Invite HHS staff to meetings with public and private 
sector organizations or meet directly with senior HHS staff involved in 
the implementation process.
    The implementation teams charged with reviewing standards for 
designation as required national standards under the statute have 
defined, with significant input from the health care industry, a set of 
principles for guiding choices for the standards to be adopted by the 
Secretary. These principles are based on direct specifications in HIPAA 
and the purpose of the law, principles that support the regulatory 
philosophy set forth in Executive Order 12866 and the Paperwork 
Reduction Act of 1995. To be designated as an HIPAA standard, each 
standard should:
    1. Improve the efficiency and effectiveness of the health care 
system by leading to cost reductions for or improvements in benefits 
from electronic health care transactions.
    2. Meet the needs of the health data standards user community, 
particularly health care providers, health plans, and health care 
clearinghouses.
    3. Be consistent and uniform with the other HIPAA standards--their 
data element definitions and codes and their privacy and security 
requirements--and, secondarily, with other private and public sector 
health data standards.
    4. Have low additional development and implementation costs 
relative to the benefits of using the standard.
    5. Be supported by an ANSI-accredited standards developing 
organization or other private or public organization that will ensure 
continuity and efficient updating of the standard over time.
    6. Have timely development, testing, implementation, and updating 
procedures to achieve administrative simplification benefits faster.
    7. Be technologically independent of the computer platforms and 
transmission protocols used in electronic transactions, except when 
they are explicitly part of the standard.
    8. Be precise and unambiguous, but as simple as possible.
    9. Keep data collection and paperwork burdens on users as low as is 
feasible.
    10. Incorporate flexibility to adapt more easily to changes in the 
health care infrastructure (such as new services, organizations, and 
provider types) and information technology.
    A master data dictionary providing for common data definitions 
across the standards selected for implementation under HIPAA will be 
developed and maintained. We intend for the data element definitions to 
be precise, unambiguous, and consistently applied. The transaction-
specific reports and general reports from the master data dictionary 
will be readily available to the public. At a minimum, the information 
presented will include data element names, definitions, and appropriate 
references to the transactions where they are used.
    This proposed rule would establish the standard health care 
employer identifier. We anticipate publishing several regulations 
documents altogether to promulgate the various standards required under 
the HIPAA. The other proposed regulations cover security standards, the 
transactions specified in the Act, and the other three identifiers.

II. Provisions of the Proposed Regulations

    [Please label written and e-mailed comments about this section with 
the subject: Provisions.]
    In this proposed rule, we propose a standard employer identifier 
and requirements concerning its implementation. This rule would 
establish requirements that health plans, health care clearinghouses, 
and health care providers would have to meet to comply with the 
statutory requirement to use a unique employer identifier in electronic 
transactions.
    We propose to add a new part to title 45 of the Code of Federal 
Regulations for health plans, health care providers, and health care 
clearinghouses in general. The new part would be part 142 of title 45 
and would be titled ``Administrative Requirements.'' Subpart F would 
contain provisions specific to the employer identifier.

A. Applicability

    Section 262 of HIPAA applies to any health plans, any health care 
clearinghouses, and any health care provider that transmits any health 
information in electronic form in connection with transactions referred 
to in section 1173(a)(1) of the Act. Our proposed rules (at 45 CFR 
142.102) would apply to the health plans and health care clearinghouses 
as well, but we would clarify the statutory language in our regulations 
for health care providers: we would have the regulations apply to any 
health care provider only when electronically transmitting any of the 
transactions to which section 1173(a)(1) of the Act refers.
    Electronic transmissions would include transmissions using all 
media, even when the transmission is physically moved from one location 
to another using magnetic tape, disk, or CD media. Transmissions over 
the Internet (wide-open), Extranet (using Internet technology to link a 
business with information only accessible to collaborating parties), 
leased lines, dial-up lines, and private networks are all

[[Page 32788]]

included. Telephone voice response and ``faxback'' systems would not be 
included. The ``HTML'' interaction between a server and a browser by 
which the elements of a transaction are solicited from a user would not 
be included, but once assembled into a transaction by the server, 
transmission of the full transaction to another corporate entity, such 
as a health plan, would be required to comply.
    Our regulations would apply to health care clearinghouses when 
transmitting transactions to, and receiving transactions from, a health 
care provider or health plan that transmits and receives standard 
transactions (as defined under ``transaction'') and at all times when 
transmitting to or receiving electronic transactions from another 
health care clearinghouse. The law would apply to each health care 
provider when transmitting or receiving any electronic transaction.
    The law applies to health plans for all transactions.
    Section 142.104 would contain the following provisions (from 
section 1175 of the Act):
    If a person desires to conduct a transaction (as defined in 
Sec. 142.103) with a health plan as a standard transaction, the 
following apply:
    (1) The health plan may not refuse to conduct the transaction as a 
standard transaction.
    (2) The health plan may not delay the transaction or otherwise 
adversely affect, or attempt to adversely affect, the person or the 
transaction on the ground that the transaction is a standard 
transaction.
    (3) The information transmitted and received in connection with the 
transaction must be in the form of standard data elements of health 
information.
    As a further requirement, we would require that a health plan that 
conducts transactions through an agent assure that the agent meets all 
the requirements of part 142 that apply to the health plan.
    Section 142.105 would state that a person or other entity may meet 
the requirements of Sec. 142.104 by either--
    (1) Transmitting and receiving standard data elements, or
    (2) Submitting nonstandard data elements to a health care 
clearinghouse for processing into standard data elements and 
transmission by the health care clearinghouse and receiving standard 
data elements through the clearinghouse.
    Health care clearinghouses would be able to accept nonstandard 
transactions for the sole purpose of translating them into standard 
transactions for sending customers and would be able to accept standard 
transactions and translate them into nonstandard formats for receiving 
customers. We would state in Sec. 142.105 that the transmission of 
nonstandard transactions, under contract, between a health plan or a 
health care provider and a health care clearinghouse would not violate 
the law.
    Transmissions within a corporate entity would not be required to 
comply with the standards. For example, a hospital that is wholly owned 
by a managed care company would not have to use the standards to pass 
encounter information back to the home office, but it would have to use 
the standard claims transaction to submit a claim to another health 
plan.
    Although there are situations in which the use of the standards is 
not required (for example, health care providers may continue to submit 
paper claims and employers are not required to use any of the standard 
transactions), we stress that a standard may be used voluntarily in any 
situation in which it is not required.

B. Definitions

    Section 1171 of the Act defines several terms and our proposed 
rules would, for the most part, simply restate the law. The terms that 
we are defining in this proposed rule follow:
1. Code Set
    We would define ``code set'' as section 1171(1) of the Act does: 
``code set'' means any set of codes used for encoding data elements, 
such as tables of terms, medical concepts, medical diagnostic codes, or 
medical procedure codes.
2. Employer
    We would define ``employer'' as 26 U.S.C. 3401(d) does: 
``employer'' means the person for whom an individual performs or 
performed any service, of whatever nature, as the employee of that 
person or organization, except that:
    a. If the person for whom the individual performs or performed the 
services does not have control of the payment of wages for those 
services, the term ``employer'' means the person having control of the 
payment of those wages; and
    b. In the case of a person paying wages on behalf of a nonresident 
alien individual, foreign partnership, or foreign corporation, not 
engaged in trade or business within the United States, the term 
``employer'' means that person.

3. Health Care Clearinghouse

    We would define ``health care clearinghouse'' as section 1171(2) of 
the Act does, but we are adding a further, clarifying sentence. The 
statute defines a ``health care clearinghouse'' as a public or private 
entity that processes or facilitates the processing of nonstandard data 
elements of health information into standard data elements. We would 
further explain that such an entity is one that currently receives 
health care transactions from health care providers and other entities, 
translates the data from a given format into one acceptable to the 
intended recipient and forwards the processed transaction to 
appropriate health plans and other clearinghouses, as necessary, for 
further action.
    There are currently a number of private clearinghouses that perform 
these functions for health care providers. For purposes of this rule, 
we would consider billing services, repricing companies, community 
health management information systems or community health information 
systems, value-added networks, and switches performing these functions 
to be health care clearinghouses.
4. Health Care Provider
    As defined by section 1171(3) of the Act, a ``health care 
provider'' is a provider of services as defined in section 1861(u) of 
the Act, a provider of medical or other health services as defined in 
section 1861(s) of the Act, and any other person who furnishes health 
care services or supplies. Our regulations would define ``health care 
provider'' as the statute does and clarify that the definition of a 
health care provider is limited to those entities that furnish, or bill 
and are paid for, health care services in the normal course of 
business.
    For a more detailed discussion of the definition of health care 
provider, we refer the reader to our proposed rule, HCFA-0045-P, 
Standard Health Care Provider Identifier, published on May 7, 1998 (63 
FR 25320).
5. Health Information
    ``Health information,'' as defined in section 1171 of the Act, 
means any information, whether oral or recorded in any form or medium, 
that--
     Is created or received by a health care provider, health 
plan, public health authority, employer, life insurer, school or 
university, or health care clearinghouse; and
     Relates to the past, present, or future physical or mental 
health or condition of an individual; the provision of health care to 
an individual; or the past, present, or future payment for the 
provision of health care to an individual.

[[Page 32789]]

    We propose the same definition for our regulations.
6. Health Plan
    We propose that a ``health plan'' be defined essentially as section 
1171 of the Act defines it. Section 1171 of the Act cross refers to 
definitions in section 2791 of the Public Health Service Act (as added 
by Public Law 104-191, 42 U.S.C. 300gg-91); we would incorporate those 
definitions as currently stated into our proposed definitions for the 
convenience of the public. We note that many of these terms are defined 
in other statutes, such as the Employee Retirement Income Security Act 
of 1974 (ERISA), Public Law 93-406, 29 U.S.C. 1002(7) and the Public 
Health Service Act. Our definitions are based on the roles of plans in 
conducting administrative transactions, and any differences should not 
be construed to affect other statutes.
    For purposes of implementing the provisions of administrative 
simplification, a ``health plan'' would be an individual or group 
health plan that provides, or pays the cost of, medical care. This 
definition includes, but is not limited to, the 13 types of plans 
listed in the statute. On the other hand, plans such as property and 
casualty insurance plans and workers compensation plans, which may pay 
health care costs in the course of administering nonhealth care 
benefits, are not considered to be health plans in the proposed 
definition of health plan. Of course, these plans may voluntarily adopt 
these standards for their own business needs. At some future time, the 
Congress may choose to expressly include some or all of these plans in 
the list of health plans that must comply with the standards.
    Health plans often carry out their business functions through 
agents, such as plan administrators (including third party 
administrators), entities that are under ``administrative services 
only'' (ASO) contracts, claims processors, and fiscal agents. These 
agents may or may not be health plans in their own right; for example, 
a health plan may act as another health plan's agent as another line of 
business. As stated earlier, a health plan that conducts HIPAA 
transactions through an agent is required to assure that the agent 
meets all HIPAA requirements that apply to the plan itself.
    ``Health plan'' includes the following, singly or in combination:
    a. ``Group health plan'' (as currently defined by section 2791(a) 
of the Public Health Service Act). A group health plan is a plan that 
has 50 or more participants (as the term ``participant'' is currently 
defined by section 3(7) of ERISA) or is administered by an entity other 
than the employer that established and maintains the plan. This 
definition includes both insured and self-insured plans. We define 
``participant'' separately below.
    Section 2791(a)(1) of the Public Health Service Act defines ``group 
health plan'' as an employee welfare benefit plan (as currently defined 
in section 3(1) of ERISA) to the extent that the plan provides medical 
care, including items and services paid for as medical care, to 
employees or their dependents directly or through insurance, or 
otherwise.
    It should be noted that group health plans that have fewer than 50 
participants and that are administered by the employer would be 
excluded from this definition and would not be subject to the 
administrative simplification provisions of HIPAA.
    b. ``Health insurance issuer'' (as currently defined by section 
2791(b) of the Public Health Service Act).
    Section 2791(b)(2) of the Public Health Service Act currently 
defines a ``health insurance issuer'' as an insurance company, 
insurance service, or insurance organization that is licensed to engage 
in the business of insurance in a State and is subject to State law 
that regulates insurance.
    c. ``Health maintenance organization'' (as currently defined by 
section 2791(b) of the Public Health Service Act).
    Section 2791(b) of the Public Health Service Act currently defines 
a ``health maintenance organization'' as a Federally qualified health 
maintenance organization, an organization recognized as such under 
State law, or a similar organization regulated for solvency under State 
law in the same manner and to the same extent as such a health 
maintenance organization. These organizations may include preferred 
provider organizations, provider sponsored organizations, independent 
practice associations, competitive medical plans, exclusive provider 
organizations, and foundations for medical care.
    d. Part A or Part B of the Medicare program (title XVIII of the 
Act).
    e. The Medicaid program (title XIX of the Act).
    f. A ``Medicare supplemental policy'' as defined under section 
1882(g)(1) of the Act.
    Section 1882(g)(1) of the Act defines a ``Medicare supplemental 
policy'' as a health insurance policy that a private entity offers a 
Medicare beneficiary to provide payment for expenses incurred for 
services and items that are not reimbursed by Medicare because of 
deductible, coinsurance, or other limitations under Medicare. The 
statutory definition of a Medicare supplemental policy excludes a 
number of plans that are generally considered to be Medicare 
supplemental plans, such as health plans for employees and former 
employees and for members and former members of trade associations and 
unions. A number of these health plans may be included under the 
definitions of ``group health plan'' or ``health insurance issuer'', as 
defined in a. and b. above.
    g. A ``long-term care policy,'' including a nursing home fixed-
indemnity policy. A ``long-term care policy'' is considered to be a 
health plan regardless of how comprehensive it is. We recognize the 
long-term care insurance segment of the industry is largely unautomated 
and we welcome comments regarding the impact of HIPAA on the long-term 
care segment.
    h. An employee welfare benefit plan or any other arrangement that 
is established or maintained for the purpose of offering or providing 
health benefits to the employees of two or more employers. This 
includes plans and other arrangements that are referred to as multiple 
employer welfare arrangements (``MEWAs'') as defined in section 3(40) 
of ERISA.
    i. The health care program for active military personnel under 
title 10 of the United States Code.
    j. The veterans health care program under chapter 17 of title 38 of 
the United States Code.
    This health plan primarily furnishes medical care through hospitals 
and clinics administered by the Department of Veterans Affairs for 
veterans with a service-connected disability that is compensable. 
Veterans with non-service-connected disabilities (and no other health 
benefit plan) may receive health care under this health plan to the 
extent resources and facilities are available.
    k. The Civilian Health and Medical Program of the Uniformed 
Services (CHAMPUS), as defined in 10 U.S.C. 1072(4).
    CHAMPUS primarily covers services furnished by civilian medical 
providers to dependents of active duty members of the uniformed 
services and retirees and their dependents under age 65.
    l. The Indian Health Service program under the Indian Health Care 
Improvement Act (25 U.S.C. 1601 et seq.).
    This program furnishes services, generally through its own health 
care providers, primarily to persons who are eligible to receive 
services because they are of American Indian or Alaskan Native descent.

[[Page 32790]]

    m. The Federal Employees Health Benefits Program under 5 U.S.C. 
chapter 89.
    This program consists of health insurance plans offered to active 
and retired Federal employees and their dependents. Depending on the 
health plan, the services may be furnished on a fee-for-service basis 
or through a health maintenance organization.

    (Note: Although section 1171(5)(M) of the Act refers to the 
``Federal Employees Health Benefit Plan,'' this and any other rules 
adopting administrative simplification standards will use the 
correct name, the Federal Employees Health Benefits Program. One 
health plan does not cover all Federal employees; there are over 350 
health plans that provide health benefits coverage to Federal 
employees, retirees, and their eligible family members. Therefore, 
we will use the correct name, the Federal Employees Health Benefits 
Program, to make clear that the administrative simplification 
standards apply to all health plans that participate in the 
Program.)

    n. Any other individual or group health plan, or combination 
thereof, that provides or pays for the cost of medical care.
    We would include a fourteenth category of health plan in addition 
to those specifically named in HIPAA, as there are health plans that do 
not readily fit into the other categories but whose major purpose is 
providing health benefits. The Secretary would determine which of these 
plans are health plans for purposes of title II of HIPAA. This category 
would include the Medicare Plus Choice plans that will become available 
as a result of section 1855 of the Act as amended by section 4001 of 
the Balanced Budget Act of 1997 (Public Law 105-33) to the extent that 
these health plans do not fall under any other category.
7. Medical Care
    ``Medical care,'' which is used in the definition of health plan, 
would be defined as current section 2791 of the Public Health Service 
Act defines it: the diagnosis, cure, mitigation, treatment, or 
prevention of disease, or amounts paid for the purpose of affecting any 
body structure or function of the body; amounts paid for transportation 
primarily for and essential to these items; and amounts paid for 
insurance covering the items and the transportation specified in this 
definition.
8. Participant
    We would define the term ``participant'' as section 3(7) of ERISA 
currently defines it: a ``participant'' is any employee or former 
employee of an employer, or any member or former member of an employee 
organization, who is or may become eligible to receive a benefit of any 
type from an employee benefit plan that covers employees of such an 
employer or members of such an organization, or whose beneficiaries may 
be eligible to receive any of these benefits. An ``employee'' would 
include an individual who is treated as an employee under section 
401(c)(1) of the Internal Revenue Code of 1986 (26 U.S.C. 401(c)(1)).
9. Small Health Plan
    We would define a ``small health plan'' as a group health plan or 
individual health plan with fewer than 50 participants.
    The HIPAA does not define a ``small health plan'' but instead 
leaves the definition to be determined by the Secretary. The Conference 
Report suggests that the appropriate definition of a ``small health 
plan'' is found in current section 2791(a) of the Public Health Service 
Act, which is a group health plan with fewer than 50 participants. We 
would also define small individual health plans as those with fewer 
than 50 participants.
10. Standard
    Section 1171 of the Act defines ``standard,'' when used with 
reference to a data element of health information or a transaction 
referred to in section 1173(a)(1) of the Act, as any such data element 
or transaction that meets each of the standards and implementation 
specifications adopted or established by the Secretary with respect to 
the data element or transaction under sections 1172 through 1174 of the 
Act.
    Under our definition, a standard would be a set of rules for a set 
of codes, data elements, transactions, or identifiers promulgated 
either by an organization accredited by the American National Standards 
Institute or HHS for the electronic transmission of health information.
11. Transaction
    ``Transaction'' would mean the exchange of information between two 
parties to carry out financial and administrative activities related to 
health care. A transaction would be any of the transactions listed in 
section 1173(a)(2) of the Act and any determined appropriate by the 
Secretary in accordance with section 1173(a)(1)(B) of the Act. We 
present them below in the order in which we propose to list them in the 
regulations text to thisdocument and in the regulations document for 
proposed standards for these transactions that we will publish later.
    A ``transaction'' would mean any of the following:
    a. Health claims or equivalent encounter information. This 
transaction may be used to submit health care claim billing 
information, encounter information, or both, from health care providers 
to health plans, either directly or via intermediary billers and claims 
clearinghouses.
    b. Health care payment and remittance advice. This transaction may 
be used by a health plan to make a payment to a financial institution 
for a health care provider (sending payment only), to send an 
explanation of benefits or a remittance advice directly to a health 
care provider (sending data only), or to make payment and send an 
explanation of benefits remittance advice to a health care provider via 
a financial institution (sending both payment and data).
    c. Coordination of benefits. This transaction can be used to 
transmit health care claims and billing payment information between 
health plans with different payment responsibilities where coordination 
of benefits is required or between health plans and regulatory agencies 
to monitor the rendering, billing, and/or payment of health care 
services within a specific health care/insurance industry segment.
    In addition to the nine electronic transactions specified in 
section 1173(a)(2) of the Act, section 1173(f) directs the Secretary to 
adopt standards for transferring standard data elements among health 
plans for coordination of benefits and sequential processing of claims. 
This particular provision does not state that these should be standards 
for electronic transfer of standard data elements among health plans. 
However, we believe that the Congress, when writing this provision, 
intended for these standards to apply to the electronic form of 
transactions for coordination of benefits and sequential processing of 
claims. The Congress expressed its intent on these matters generally in 
section 1173(a)(1)(B), where the Secretary is directed to adopt ``other 
financial and administrative transactions . . . consistent with the 
goals of improving the operation of the health care system and reducing 
administrative costs''. Adoption of a standard for electronic 
transmission of standard data elements among health plans for 
coordination of benefits and sequential processing of claims would 
serve these goals expressed by the Congress.

[[Page 32791]]

    d. Health claim status. This transaction may be used by health care 
providers and recipients of health care products or services (or their 
authorized agents) to request the status of a health care claim or 
encounter from a health plan.
    e. Enrollment and disenrollment in a health plan. This transaction 
may be used to establish communication between the sponsor of a health 
benefit and the health plan. It provides enrollment data, such as 
subscriber and dependents, employer information, and primary care 
health care provider information. The sponsor is the backer of the 
coverage, benefit, or product. A sponsor can be an employer, union, 
government agency, association, or insurance company. The health plan 
refers to an entity that pays claims, administers the insurance product 
or benefit, or both.
    f. Eligibility for a health plan. This transaction may be used to 
inquire about the eligibility, coverage, or benefits associated with a 
benefit plan, employer, plan sponsor, subscriber, or a dependent under 
the subscriber's policy. It also can be used to communicate information 
about or changes to eligibility, coverage, or benefits from information 
sources (such as insurers, sponsors, and health plans) to information 
receivers (such as physicians, hospitals, third party administrators, 
and government agencies).
    g. Health plan premium payments. This transaction may be used by, 
for example, employers, employees, unions, and associations to make and 
keep track of payments of health plan premiums to their health 
insurers. This transaction may also be used by a health care provider, 
acting as liaison for the beneficiary, to make payment to a health 
insurer for coinsurance, copayments, and deductibles.
    h. Referral certification and authorization. This transaction may 
be used to transmit health care service referral information between 
primary care health care providers, health care providers furnishing 
services, and health plans. It can also be used to obtain authorization 
for certain health care services from a health plan.
    i. First report of injury. This transaction may be used to report 
information pertaining to an injury, illness, or incident to entities 
interested in the information for statistical, legal, claims, and risk 
management processing requirements.
    j. Health claims attachments. This transaction may be used to 
transmit health care service information, such as subscriber, patient, 
demographic, diagnosis, or treatment data for the purpose of a request 
for review, certification, notification, or reporting the outcome of a 
health care services review.
    k. Other transactions as the Secretary may prescribe by regulation. 
Under section 1173(a)(1)(B) of the Act, the Secretary shall adopt 
standards, and data elements for those standards, for other financial 
and administrative transactions deemed appropriate by the Secretary. 
These transactions would be consistent with the goals of improving the 
operation of the health care system and reducing administrative costs.

C. Effective Dates--General

    In general, any given standard would be effective 24 months after 
the effective date (36 months for small health plans) of the final rule 
for that standard. Because there are other standards to be established 
than those in this proposed rule, we specify the date for a given 
standard under the subpart for that standard.
    If HHS adopts a modification to an implementation specification or 
a standard, the implementation date of the modification would be no 
earlier than the 180th day following the adoption of the modification. 
HHS would determine the actual date, taking into account the time 
needed to comply due to the nature and extent of the modification. HHS 
would be able to extend the time for compliance for small health plans. 
This provision would be at Sec. 142.106.
    The law does not address scheduling of implementation of the 
standards; it gives only a date by which all concerned must comply. As 
a result, any of the health plans, health care clearinghouses, and 
health care providers may implement a given standard earlier than the 
date specified in the subpart created for that standard. We realize 
that this may create some problems temporarily, as early implementers 
would have to be able to continue using old standards until the new 
ones must, by law, be in place.
    At the WEDI Healthcare Leadership Summit held on August 15, 1997, 
it was recommended that health care providers not be required to use 
any of the standards during the first year after the adoption of the 
standard. However, willing trading partners could implement any or all 
of the standards by mutual agreement at any time during the 2-year 
implementation phase (3-year implementation phase for small health 
plans). In addition, it was recommended that a health plan give its 
health care providers at least 6 months notice before requiring them to 
use a given standard.
    We welcome comments specifically on early implementation as to the 
extent to which it would cause problems and how any problems might be 
alleviated.

D. Employer Identifier Standard

[Please label written and e-mailed comments about this section with the 
subject: EIN STANDARD.]
    Section 142.602, Employer identifier standard, would contain the 
employer identifier standard. There is no recognized standard for 
employer identification as defined in the law. That is, there is no 
standard that has been developed, adopted, or modified by a standard 
setting organization after consultation with the National Uniform 
Billing Committee, the National Uniform Claim Committee, WEDI, and the 
American Dental Association. Therefore, we would designate a new 
standard.
    We are proposing as the standard the employer identification number 
(EIN), which is assigned by the Internal Revenue Service (IRS), 
Department of the Treasury.
    The EIN is defined in 26 CFR 301.7701-12. We would define 
``Employer identification number'' (EIN) as 26 CFR 301.7701-12 does: 
``Employer identification number'' is the taxpayer identifying number 
of an individual or other person (whether or not an employer) that is 
assigned pursuant to 26 U.S.C. 6011(b) or corresponding provisions of 
prior law, or pursuant to 26 U.S.C. 6109, and in which nine digits are 
separated by a hyphen, as follows: 00-0000000.
1. Selection Criteria
    The implementation team used the criteria described in section 
I.B., Process for Developing National Standards, to evaluate the EIN as 
a candidate for the employer identifier standard.
    Criteria #1, #2, #4, and #6--The team found that the EIN met these 
criteria in that it is a nationally defined and assigned employer 
identifier and is the most widely used employer identifier in the 
United States.
    Criteria #3 and #5--The team found that the EIN met these criteria 
in that it is an identifier that is already in use in the Accredited 
Standards Committee (ASC) X12N Insurance Subcommittee electronic 
transactions that require an employer identifier, including the 
transactions used for the Health Claim, Enrollment and Disenrollment in 
a Health Plan, Eligibility for a Health Plan, and Health Plan Premium 
Payment.
    Criterion #7--The team found that the EIN met criterion #7 in that 
it is technologically independent of

[[Page 32792]]

computer platforms and transmission protocols.
    Criterion #8--The team found that the EIN met criterion #8 in that 
it is a relatively short identifier that would fit into many existing 
formats.
    Criterion #9--The team found that the EIN met criterion #9 in that 
it is an identifier already assigned to each employer for tax 
identification purposes. Its adoption as a standard would not result in 
additional data collection or paperwork burdens on users.
    Criterion #10--The team found that the EIN met criterion #10 in 
that it is flexible enough to identify any employer, regardless of 
services, organization, or provider type.
2. Other Identifiers
    We initially considered whether the PAYERID, the 9 position numeric 
identifier developed by HCFA as the unique identifier for health plans, 
could be used as the employer identifier. Since all employers are 
already enumerated by EIN, an entirely new employer identifier would 
require everyone to convert to a new identifier in addition to the EIN, 
which would still be used. Another key drawback to the use of the 
PAYERID as the employer identifier is the fact that the PAYERID 
numbering scheme does not have sufficient numbers available to 
enumerate all health plans and all employers. In addition, PAYERID's 
data capabilities were developed based on the data requirements for 
health plans, which are not the same as those for employers. Based on 
these limitations, the team believed that the PAYERID would not meet 
criteria #1, #2, #4, #9, and #10 and would not be acceptable as a 
candidate for the employer identifier.
    The EIN is the most widely used employer identifier in the claim, 
enrollment and disenrollment for a health plan, eligibility for a 
health plan and health plan premium payment transactions. The D-U-N-S 
number and the D-U-N-S+4 number, maintained by Dun & Bradstreet, are 
sometimes used to identify business entities including employers in 
these transactions (primarily in premium payment transactions), but the 
EIN is used to a far greater extent than any other identifier to 
identify the employer of a participant. Since the D-U-N-S and D-U-N-S+4 
numbers were not widely used in the claim, the enrollment and 
disenrollment in a health plan, and the eligibility for a health plan 
transactions, the team believed that these numbers did not meet 
criteria #1, #2, #4, and #9 and were less appropriate than the EIN as 
candidates for the employer identifier.
    Because of the widespread use of the EIN to identify the employer 
in health transactions, we selected the EIN as the national employer 
identifier standard for use in those electronic health transactions 
that require an employer identifier.
    Since the IRS is responsible for issuing the EIN, we consulted with 
the IRS on the legality and feasibility of using the EIN as the 
standard employer identifier for electronic health transactions. On 
September 11, 1997, we forwarded our request for IRS concurrence, and 
on January 16, 1998, IRS concurred.
    Although the EIN is not confidential, some employers may not wish 
to supply the EIN because it is their tax identifying number. We 
welcome comments on this issue and on any other possible problems that 
the use of the EIN would cause for employers or others who would need 
to obtain and use the EIN in their electronic health transactions.

E. Requirements

    [Please label written and e-mailed comments about this section with 
the subject: Requirements]

    We note that the law does not bind employers to use the standard. 
However, providers, health plans, and health care clearinghouses are 
bound to use the standard in electronic health transactions. Any 
individual or other entity that needs to know an employer's EIN for use 
in electronic health transactions would obtain it directly from the 
employer. The EIN is not considered confidential and it may be freely 
used and exchanged by employers and others.
1. Health Plans
    In Sec. 142.604, Requirements: Health plans, we would require 
health plans to accept the EIN on all electronic transactions and 
transmit the EIN on all electronic transactions that require an 
employer identifier. Federal agencies and States may place additional 
requirements on their health plans.
2. Health care clearinghouses
    We would require in Sec. 142.606 that each health care 
clearinghouse use the EIN on all electronic transactions that require 
an employer identifier.
3. Health care providers
    In Sec. 142.608, Requirements: Health care providers, we would 
require each health care provider to use the EIN on all transactions, 
wherever required, that are electronically transmitted.
4. Employers
    In Sec. 142.610, Requirements: Employers, we would require each 
employer to disclose its EIN, when requested, to any entity that 
conducts standard electronic transactions that require that employer's 
identifier.
    We believe the authority to require employers to disclose their 
EINs to entities that are required to use these numbers in electronic 
health care transactions is implicit in the statutory directive to the 
Secretary to adopt an employer identification number for use in the 
health care system. We note that we have been unable to identify any 
reason for an employer to refuse to furnish the number to an entity 
that conducts electronic health care transactions since the EIN, unlike 
the social security number, is not information about a person. We note 
too that access to the EIN does not give access to specific tax 
information.

F. Effective Dates of the Employer Identifier

    Health plans would be required to comply with our requirements as 
follows:
    1. Each health plan that is not a small health plan would have to 
comply with the requirements of Secs. 142.104 and 142.604 no later than 
24 months after publication of the final rule.
    2. Each small health plan would have to comply with the 
requirements of Secs. 142.104 and 142.604 no later than 36 months after 
the date of publication of the final rule.
    3. If HHS adopts a modification to a standard or implementation 
specification, the implementation date of the modification would be no 
earlier than the 180th day following the adoption of the modification. 
HHS would determine the actual date, taking into account the time 
needed to comply due to the nature and extent of the modification. HHS 
would be able to extend the time for compliance for small health plans.
    Failure to comply with standards may well result in monetary 
penalties. The Secretary is required by statute to impose penalties of 
not more than $100 per violation on any person who fails to comply with 
a standard, except that the total amount imposed on any one person in 
each calendar year may not exceed $25,000 for violations of one 
requirement. We will propose enforcement procedures in a future Federal 
Register document once the industry has more experience with using the 
standards.

[[Page 32793]]

III. Implementation of the Employer Identification Standard

    [Please label written and e-mailed comments about this section with 
the subject: Implementation]

A. Obtaining an EIN

    The Internal Revenue Service maintains the process for assigning 
EINs. A business can obtain an EIN by submitting, to the Internal 
Revenue Service, Internal Revenue Service Form SS-4, Application for 
Employer Identification Number. Any business that pays wages to one or 
more employees is required to have an EIN as its tax identifying 
number. A sole proprietor who has no employees and who files no excise 
or pension tax returns is the only business person who does not need to 
have an EIN as the tax identifying number. We believe that there would 
be few, if any, employers that would not have an EIN for tax 
identifying purposes.
    The EIN is currently the employer identifier in most widespread use 
in the health claim, the enrollment and disenrollment in a health plan, 
the eligibility for a health plan, and the health plan premium payment 
transactions. If they conduct administrative health transactions 
electronically, health care providers, health care clearinghouses, and 
health plans would have to obtain and use the EIN on all electronic 
transactions that require an employer identifier. Employers are not 
required by subtitle F of HIPAA to use the EIN or conduct standard 
electronic health transactions. However, we believe that many employers 
will find that it will be to their advantage and will choose to do so.

B. Organizations with Multiple EINs

    We are aware that some organizations have more than one EIN. We 
seek comment from the public on whether it is important, in order to 
avoid confusion and achieve administrative simplification, that one of 
these EINs be used consistently in health transactions. If use of one 
EIN is desirable, how should it be chosen?

C. Approved Uses

    Two years after adoption of this standard (3 years for small health 
plans) the EIN must be used as the employer identifier in the health-
related financial and administrative transactions identified in section 
1173(a) that require an employer identifier. The approved uses of the 
EIN are detailed in 26 U.S.C. 6109 (i.e., income tax purposes and for 
purposes of implementing certain provisions of the Food Stamp Act of 
1977 and the Federal Crop Insurance Act). It may not be used in any 
activity otherwise prohibited by law. The use of the EIN for the 
purposes specified in this proposed rule is covered under the current 
approved uses for the EIN.
    Examples of approved uses included in this proposed rule are:
     Health care providers submitting health claims to health 
plans electronically would use the EIN to identify the employers of the 
participants in the health plan.
     Employers would use their EINs to identify themselves in 
electronic transactions making health plan premium payments to health 
plans on behalf of their employees.
     Employers and health care providers would use the EIN to 
identify the employer as the source or receiver of information about 
eligibility.
     Employers would use their EINs to identify themselves in 
electronic transactions to enroll or disenroll their employees in a 
health plan.

IV. New and Revised Standards

[Please label written and e-mailed comments about this section with the 
subject: Revisions.]
    To encourage innovation and promote development, we intend to 
develop a process that would allow an organization to request a 
revision or replacement to any adopted standard or standards.
    An organization could request a revision or replacement to an 
adopted standard by requesting a waiver from the Secretary of Health 
and Human Services to test a revised or new standard. The organization 
must, at a minimum, demonstrate that the revised or new standard offers 
an improvement over the adopted standard. If the organization presents 
sufficient documentation that supports testing of a revised or new 
standard, we want to be able to grant the organization a temporary 
waiver to test while remaining in compliance with the law. The waiver 
would be applicable to standards that could change over time; for 
example, transaction standards. We do not intend to establish a process 
that would allow an organization to avoid using any adopted standard.
    We would welcome comments on the following: (1) How we should 
establish this process, (2) the length of time a proposed standard 
should be tested before we decide whether to adopt it, (3) whether we 
should solicit public comments before implementing a change in a 
standard, and (4) other issues and recommendations we should consider 
in developing this process.
    Following is one possible process:
     Any organization that wishes to revise or replace an 
adopted standard must submit its waiver request to an HHS evaluation 
committee (not currently established or defined). The organization must 
do the following for each standard it wishes to revise or replace:
    + Provide a detailed explanation, no more than 10 pages in length, 
of how the revision or replacement would be a clear improvement over 
the current standard in terms of the principles listed in section I.B., 
Process for developing national standards, of this preamble.
    + Provide specifications and technical capabilities on the revised 
or new standard, including any additional system requirements.
    + An explanation, no more than 5 pages in length, of how the 
organization intends to test the standard.
     The committee's evaluation would, at a minimum, be based 
on the following:
    + A cost-benefit analysis.
    + An assessment of whether the proposed revision or replacement 
demonstrates a clear improvement to an existing standard.
    + The extent and length of time of the waiver.
     The evaluation committee would inform the organization 
requesting the waiver within 30 working days of the committee's 
decision on the waiver request. If the committee decides to grant a 
waiver, the notification may include the following:
    + Committee comments such as the following:
    - The length of time for which the waiver applies if it differs 
from the waiver request.
    - The sites the committee believes are appropriate for testing if 
they differ from the waiver request.
    - Any pertinent information regarding the conditions of an approved 
waiver.
     Any organization that receives a waiver would be required 
to submit a report containing the results of the study, no later than 3 
months after the study is completed.
     The committee would evaluate the report and determine 
whether the benefits of the proposed revision or new standard 
significantly outweigh the disadvantages of implementing it and make a 
recommendation to the Secretary.

V. Collection of Information Requirements

    Under the Paperwork Reduction Act of 1995, we are required to 
provide 60-day notice in the Federal Register and

[[Page 32794]]

solicit public comment before a collection of information requirement 
is submitted to the Office of Management and Budget (OMB) for review 
and approval. In order to fairly evaluate whether an information 
collection should be approved by OMB, section 3506(c)(2)(A) of the 
Paperwork Reduction Act of 1995 requires that we solicit comment on the 
following issues:
     The need for the information collection and its usefulness 
in carrying out the proper functions of our agency.
     The accuracy of our estimate of the information collection 
burden.
     The quality, utility, and clarity of the information to be 
collected.
     Recommendations to minimize the information collection 
burden on the affected public, including automated collection 
techniques.

Section 142.604  Requirements: Health plans

    Health plans would be required to accept the EIN on all electronic 
transactions and transmit the EIN on all electronic transmissions that 
require an employer identifier.

Section 3142.608  Requirements: Health care providers

    Each health care provider would be required to obtain and use the 
EIN of the employer on all electronically transmitted standard 
transactions that require it.

Section 142.610  Requirements: Employers.

    Each employer would have to disclose its EIN, when requested, to 
any entity that conducts standard electronic transactions that require 
that employer's identifier.

Discussion

    The emerging and increasing use of health care EDI standards and 
transactions raises the issue of the applicability of the PRA. The 
question arises whether a regulation that adopts an EDI standard used 
to exchange certain information constitutes an information collection 
subject to the PRA. However, for the purpose of soliciting useful 
public comment we provide the following burden estimates.
    In particular, the initial burden on the estimated 4 million health 
plans and 1.2 million health care providers to modify their current 
computer systems software would be 2 hours/$60 per entity, for a total 
burden of 10.4 million hours/$312 million. While this burden estimate 
may appear low, on average, we believe it to be accurate. This is based 
on the assumption that these and the other burden calculations 
associated with HIPAA administrative simplification systems 
modifications may overlap and is also based on the overwhelming extent 
to which the EIN is already in use in the health care community. This 
average also takes into consideration that (1) this standard may not be 
used by several of the entities included in the estimate, (2) this 
standard may already be in use by several of the entities included in 
the estimate, (3) modifications may be performed in an aggregate manner 
during the course of routine business and/or, (4) modifications may be 
made by contractors, such as practice management vendors, in a single 
effort for a multitude of affected entities.
    We invite public comment on the issues discussed above. If you 
comment on these information collection and recordkeeping requirements, 
please e-mail comments to JB[email protected] (Attn:HCFA-0047) or mail 
copies directly to the following:

Health Care Financing Administration, Office of Information Services, 
Information Technology Investment Management Group, Division of HCFA 
Enterprise Standards, Room C2-26-17, 7500 Security Boulevard, 
Baltimore, MD 21244-1850 Attn: John Burke HCFA-0047, HCFA Reports 
Clearance Officer

      And,
Office of Information and Regulatory Affairs, Office of Management and 
Budget, Room 10235, New Executive Office Building, Washington, DC 
20503, Attn: Allison Herron Eydt, HCFA Desk Officer.

VI. Response to Comments

    Because of the large number of items of correspondence we normally 
receive on Federal Register documents published for comment, we are not 
able to acknowledge or respond to them individually. We will consider 
all comments we receive by the date and time specified in the DATES 
section of this preamble, and, if we proceed with a subsequent 
document, we will respond to the comments in the preamble to that 
document.

VII. Impact Analysis

    As the effect of any one standard is affected by the implementation 
of other standards, it can be misleading to discuss the impact of one 
standard by itself. Therefore, we did an impact analysis on the total 
effect of all the standards in the proposed rule concerning the 
national provider identifier (HCFA-0045-P), which can be found at 63 FR 
25320.
    We intend to publish in each proposed rule an impact analysis that 
is specific to the standard or standards proposed in that rule, but the 
impact analysis will assess only the relative cost impact of 
implementing a given standard. As stated in the general impact analysis 
in HCFA-0045-P, we do not intend to associate costs and savings to 
specific standards.
    Although we cannot determine the specific economic impact of the 
standard being proposed in this rule (and individually each standard 
may not have a significant impact), the overall impact analysis makes 
clear that, collectively, all the standards will have a significant 
impact of over $100 million on the economy. Also, while each standard 
may not have a significant impact on a substantial number of small 
entities, the combined effects of all the proposed standards may have a 
significant effect on a substantial number of small entities. 
Therefore, the following impact analysis should be read in conjunction 
with the overall impact analysis.

Unfunded Mandates

    This proposed rule has been reviewed in accordance with the 
Unfunded Mandates Reform Act of 1995 (UMRA) (2 U.S.C. 1501 et seq.) and 
Executive Order 12875. As discussed in the combined impact analysis to 
which we refer above (see 63 FR 25320), HHS estimates that 
implementation of the standards will require the expenditure of more 
than $100 million by the private sector. Therefore, the rule 
establishes a Federal private sector mandate and is a significant 
regulatory action within the meaning of section 202 of UMRA (2 U.S.C. 
1532). HHS has included this statement to address the anticipated 
effects of the proposed rules pursuant to section 202.
    These standards also apply to State and local governments in their 
roles as health plans or health care providers. Thus, the proposed 
rules impose unfunded mandates on these entities. While we do not have 
sufficient information to provide estimates of these impacts, several 
State Medicaid agencies have estimated that it would cost $1 million 
per State or territory to implement all of the HIPAA standards. 
However, the costs that these standards impose on these entities are 
well below the UMRA section threshold that will require additional 
analysis and consultation; the Congressional Budget Office analysis 
stated that ``States are already in the forefront in administering the 
Medicaid program electronically; the only costs--which should not be 
significant--would involve bringing the software and computer systems 
for the

[[Page 32795]]

Medicaid programs into compliance with the new standards.''
    The anticipated benefits and costs of this proposed standard, and 
other issues raised in section 202 of the UMRA, are addressed in the 
analysis below and in the combined impact analysis. In addition, 
pursuant to section 205 of the UMRA (2 U.S.C. 1535), having considered 
a reasonable number of alternatives as outlined in the preamble to this 
rule and in the following analysis, HHS has concluded that the rule is 
the most cost-effective alternative for implementation of HHS's 
statutory objective of administrative simplification.

Executive Order 12866

    In accordance with the provisions of Executive Order 12866, this 
proposed rule was reviewed by the Office of Management and Budget.
Specific Impact of Employer Identifier
    This is the portion of the impact analysis that relates 
specifically to the standard that is the subject of this regulation--
the employer identifier. This section describes specific impacts that 
relate to the employer identifier. However, as we indicated in the 
introduction to this impact analysis, we do not intend to associate 
costs and savings to specific standards.
1. Affected Entities
a. Health Care Providers
    Health care providers that conduct electronic transactions with 
health plans would have to obtain and use the EIN to identify the 
employer in those electronic transactions that require an employer 
identifier. In most cases health care providers currently obtain and 
use the EIN of the employer in those transactions that require an 
employer identifier. Any negative impact on health care providers 
generally would be related to the initial implementation period for 
providers that currently use an identifier other than the EIN to 
identify the employer in electronic transactions. They would incur 
implementation costs for converting systems from other employer 
identifiers to the EIN. Some health care providers would incur those 
costs directly and others would incur them in the form of fee increases 
from billing agents and health care clearinghouses.
b. Health Care Plans
    Health care plans that engage in electronic commerce would have to 
modify their systems to use the EIN if they do not currently use the 
EIN to identify the employer in electronic transactions that require an 
employer identifier. In most cases health care plans currently obtain 
and use the EIN of the employer in those transactions that require an 
employer identifier. The conversion for health plans currently using an 
employer identifier other than the EIN would have a one-time cost 
impact.
c. Health Care Clearinghouses
    Health care clearinghouses would have to modify their systems to 
transmit the EIN if they do not currently use the EIN to identify the 
employer in electronic transactions that require an employer 
identifier. In most cases health care clearinghouses currently obtain 
and use the EIN of the employer in those transactions that require an 
employer identifier. The conversion for health care clearinghouses 
currently using an employer identifier other than the EIN would have a 
one-time cost impact.
d. Employers
    Each employer would have to disclose its EIN, when requested, to 
any entity that conducts standard electronic transactions that require 
the employer's identifier. Entities that conduct electronic 
transactions that require an employer identifier commonly obtain that 
identifier from the employer as a normal business practice. This 
practice would not change. Any impact on employers would be the one-
time impact to disclose the EIN to entities that have previously used a 
different identifier for that individual.
2. Effects of Various Options
a. Guiding Principles for Standard Selection
    The implementation teams charged with designating standards under 
the statute have defined, with significant input from the health care 
industry, a set of common criteria for evaluating potential standards. 
These criteria are based on direct specifications in the HIPAA, the 
purpose of the law, and principles that support the regulatory 
philosophy set forth in Executive Order 12866 of September 30, 1993, 
and the Paperwork Reduction Act of 1995. In order to be designated as a 
standard, a proposed standard should:
     Improve the efficiency and effectiveness of the health 
care system by leading to cost reductions for or improvements in 
benefits from electronic HIPAA health care transactions. This principle 
supports the regulatory goals of cost-effectiveness and avoidance of 
burden.
     Meet the needs of the health data standards user 
community, particularly health care providers, health plans, and health 
care clearinghouses. This principle supports the regulatory goal of 
cost-effectiveness.
     Be consistent and uniform with the other HIPAA standards--
their data element definitions and codes and their privacy and security 
requirements--and, secondarily, with other private and public sector 
health data standards. This principle supports the regulatory goals of 
consistency and avoidance of incompatibility, and it establishes a 
performance objective for the standard.
     Have low additional development and implementation costs 
relative to the benefits of using the standard. This principle supports 
the regulatory goals of cost-effectiveness and avoidance of burden.
     Be supported by an ANSI-accredited standards developing 
organization or other private or public organization that will ensure 
continuity and efficient updating of the standard over time. This 
principle supports the regulatory goal of predictability.
     Have timely development, testing, implementation, and 
updating procedures to achieve administrative simplification benefits 
faster. This principle establishes a performance objective for the 
standard.
     Be technologically independent of the computer platforms 
and transmission protocols used in HIPAA health transactions, except 
when it is explicitly part of the standard. This principle establishes 
a performance objective for the standard and supports the regulatory 
goal of flexibility.
     Be precise and unambiguous, but as simple as possible. 
This principle supports the regulatory goals of predictability and 
simplicity.
     Keep data collection and paperwork burdens on users as low 
as is feasible. This principle supports the regulatory goals of cost-
effectiveness and avoidance of duplication and burden.
     Incorporate flexibility to adapt more easily to changes in 
the health care infrastructure (such as new services, organizations, 
and provider types) and information technology. This principle supports 
the regulatory goals of flexibility and encouragement of innovation.
    We assessed the various options for an employer identifier against 
the principles listed above, with the overall goal of achieving the 
maximum benefit for the least cost. We found that the EIN met all the 
principles. No other candidate employer identifier is in widespread 
use. No other candidate met a majority of the principles, especially 
those principles supporting the regulatory goal of cost-effectiveness. 
We are assessing the costs and benefits of

[[Page 32796]]

the EIN, but we did not assess the costs and benefits of other 
identifier options, because they did not meet the guiding principles.
b. Need to Convert
    All health care providers, health plans, and health care 
clearinghouses that do not currently use the EIN to identify the 
employer in electronic health transactions that require an employer 
identifier would have to convert. Because the EIN is currently in 
widespread use as an employer identifier throughout the industry, 
adopting the EIN would not require conversion for most health care 
providers, health plans or health care clearinghouses. The selection of 
the EIN imposes a far smaller burden on the industry than any 
nonselected option and presents significant advantages in terms of 
cost-effectiveness, universality, and flexibility.
c. Complexity of Conversion
    The EIN does not contain embedded intelligence. For those 
providers, health plans, and health care clearinghouses that must 
convert to use the EIN, the complexity of the conversion would be 
significantly affected by the degree to which their processing systems 
currently rely on intelligent employer identifiers. Converting from one 
unintelligent identifier to another is less complex than modifying 
software logic to obtain needed information from other data elements. 
However, the use of an unintelligent identifier like the EIN is 
required in order to meet the guiding principle of assuring 
flexibility.
    In general, the shorter the identifier, the easier it is to 
implement. It is more likely that a shorter identifier, such as the 
EIN, would fit into existing data formats.
    The selection of the EIN does not impose a greater burden on the 
industry in terms of the complexity of conversion than the nonselected 
options.

List of Subjects in 45 CFR Part 142

    Administrative practice and procedure, Health facilities, Health 
insurance, Hospitals, Medicaid, Medicare, Reporting and recordkeeping 
requirements.
    Accordingly, 45 CFR subtitle A, subchapter B, would be amended by 
adding Part 142 to read as follows:

    Note to Reader: This proposed rule is one of several proposed 
rules that are being published to implement the administrative 
simplification provisions of the Health Insurance Portability and 
Accountability Act of 1996. We propose to establish a new 45 CFR 
Part 142. Proposed Subpart A--General Provisions is exactly the same 
in each rule unless we have added new sections or definitions to 
incorporate additional general information. The subparts that follow 
relate to the specific provisions announced separately in each 
proposed rule. When we publish the first final rule, each subsequent 
final rule will revise or add to the text that is set out in the 
first final rule.

PART 142--ADMINISTRATIVE REQUIREMENTS

Subpart A--General Provisions

Sec.
142.101  Statutory basis and purpose.
142.102  Applicability.
142.103  Definitions.
142.104  General requirements for health plans.
142.105  Compliance using a health care clearinghouse.
142.106  Effective date of a modification to a standard or 
implementation specification.

Subparts B--E [Reserved]

Subpart F--National Employer Identifier Standard

142.602  National employer identifier standard.
142.604  Requirements: Health plans.
142.606  Requirements: Health care clearinghouses.
142.608  Requirements: Health care providers.
142.610  Requirements: Employers.
142.612  Effective dates of the initial implementation of the 
national employer identifier standard.

    Authority: Sections 1173 and 1175 of the Social Security Act (42 
U.S.C. 1320d-2 and 1320d-4). 4

Subpart A--General Provisions


Sec. 142.101  Statutory basis and purpose.

    Sections 1171 through 1179 of the Social Security Act, as added by 
section 262 of the Health Insurance Portability and Accountability Act 
of 1996 (Pub. L. 104-191, 110 Stat. 2021), require HHS to adopt 
national standards for the electronic exchange of health information in 
the health care system. The purpose of these sections is to promote 
administrative simplification.


Sec. 142.102  Applicability.

    (a) The standards adopted or designated under this part apply, in 
whole or in part, to the following:
    (1) A health plan.
    (2) A health care clearinghouse when doing the following:
    (i) Transmitting a standard transaction (as defined in 
Sec. 142.103) to a health care provider or health plan.
    (ii) Receiving a standard transaction from a health care provider 
or health plan.
    (iii) Transmitting and receiving the standard transactions when 
interacting with another health care clearinghouse.
    (3) A health care provider when transmitting an electronic 
transaction as defined in Sec. 142.103.
    (b) Means of compliance are stated in greater detail in 
Sec. 142.105.


Sec. 142.103  Definitions.

    For purposes of this part, the following definitions apply:
    Code set means any set of codes used for encoding data elements, 
such as tables of terms, medical concepts, medical diagnostic codes, or 
medical procedure codes.
    Employer means the following:
    (1) The entity for whom an individual performs or performed any 
service, of whatever nature, as the employee of that entity except 
that:
    (i) If the entity for whom the individual performs or performed the 
services does not have control of the payment of wages for those 
services, the term ``employer'' means the entity having control of the 
payment of the wages; and
    (ii) In the case of an entity paying wages on behalf of a 
nonresident alien individual, foreign partnership, or foreign 
corporation, not engaged in trade or business within the United States, 
the term ``employer'' means that entity.
    (2) Any entity acting directly as an employer, or indirectly in the 
interest of an employer, in relation to an employee benefit plan and 
includes a group or association of employers acting for an employer in 
that capacity.
    Health care clearinghouse means a public or private entity that 
processes or facilitates the processing of nonstandard data elements of 
health information into standard data elements. The entity receives 
health care transactions from health care providers, health plans, 
other entities, or other clearinghouses, translates the data from a 
given format into one acceptable to the intended recipient, and 
forwards the processed transaction to the appropriate recipient. 
Billing services, repricing companies, community health management 
information systems, community health information systems, and ``value-
added'' networks and switches that perform these functions are 
considered to be health care clearinghouses for purposes of this part.
    Health care provider means a provider of services as defined in 
section 1861(u) of the Social Security Act, 42 U.S.C. 1395x, a provider 
of medical or other health services as defined in section 1861(s) of 
the Social Security Act, 42 U.S.C. 1395x, and any other person who 
furnishes or bills and is paid for health care services or

[[Page 32797]]

supplies in the normal course of business.
    Health information means any information, whether oral or recorded 
in any form or medium, that--
    (1) Is created or received by a health care provider, health plan, 
public health authority, employer, life insurer, school or university, 
or health care clearinghouse; and
    (2) Relates to the past, present, or future physical or mental 
health or condition of an individual, the provision of health care to 
an individual, or the past, present, or future payment for the 
provision of health care to an individual.
    Health plan means an individual or group plan that provides, or 
pays the cost of, medical care. Health plan includes the following, 
singly or in combination:
    (1) Group health plan. Group health plan is an employee welfare 
benefit plan (as currently defined in section 3(1) of the Employee 
Retirement Income and Security Act of 1974, 29 U.S.C. 1002(1)), 
including insured and self-insured plans, to the extent that the plan 
provides medical care, including items and services paid for as medical 
care, to employees or their dependents directly or through insurance, 
or otherwise, and--
    (i) Has 50 or more participants; or
    (ii) Is administered by an entity other than the employer that 
established and maintains the plan.
    (2) Health insurance issuer. A health insurance issuer is an 
insurance company, insurance service, or insurance organization that is 
licensed to engage in the business of insurance in a State and is 
subject to State law that regulates insurance.
    (3) Health maintenance organization. A health maintenance 
organization is a Federally qualified health maintenance organization, 
an organization recognized as a health maintenance organization under 
State law, or a similar organization regulated for solvency under State 
law in the same manner and to the same extent as such a health 
maintenance organization.
    (4) Part A or Part B of the Medicare program under title XVIII of 
the Social Security Act.
    (5) The Medicaid program under title XIX of the Social Security 
Act.
    (6) A Medicare supplemental policy (as defined in section 
1882(g)(1) of the Social Security Act, 42 U.S.C. 1395ss).
    (7) A long-term care policy, including a nursing home fixed-
indemnity policy.
    (8) An employee welfare benefit plan or any other arrangement that 
is established or maintained for the purpose of offering or providing 
health benefits to the employees of two or more employers.
    (9) The health care program for active military personnel under 
title 10 of the United States Code.
    (10) The veterans health care program under 38 U.S.C. chapter 17.
    (11) The Civilian Health and Medical Program of the Uniformed 
Services (CHAMPUS), as defined in 10 U.S.C. 1072(4).
    (12) The Indian Health Service program under the Indian Health Care 
Improvement Act (25 U.S.C. 1601 et seq.).
    (13) The Federal Employees Health Benefits Program under 5 U.S.C. 
chapter 89.
    (14) Any other individual or group health plan, or combination 
thereof, that provides or pays for the cost of medical care.
    Medical care means the diagnosis, cure, mitigation, treatment, or 
prevention of disease, or amounts paid for the purpose of affecting any 
body structure or function of the body; amounts paid for transportation 
primarily for and essential to these items; and amounts paid for 
insurance covering the items and the transportation specified in this 
definition.
    Participant means any employee or former employee of an employer, 
or any member or former member of an employee organization, who is or 
may become eligible to receive a benefit of any type from an employee 
benefit plan that covers employees of that employer or members of such 
an organization, or whose beneficiaries may be eligible to receive any 
of these benefits. ``Employee'' includes an individual who is treated 
as an employee under section 401(c)(1) of the Internal Revenue Code of 
1986 (26 U.S.C. 401(c)(1)).
    Small health plan means a group health plan or an individual health 
plan with fewer than 50 participants.
    Standard means a set of rules for a set of codes, data elements, 
transactions, or identifiers promulgated either by an organization 
accredited by the American National Standards Institute or HHS for the 
electronic transmission of health information.
    Transaction means the exchange of information between two parties 
to carry out the financial and administrative activities related to 
health care. It includes the following:
    (1) Health claims or equivalent encounter information.
    (2) Health care payment and remittance advice.
    (3) Coordination of benefits.
    (4) Health claims status.
    (5) Enrollment and disenrollment in a health plan.
    (6) Eligibility for a health plan.
    (7) Health plan premium payments.
    (8) Referral certification and authorization.
    (9) First report of injury.
    (10) Health claims attachments.
    (11) Other transactions as the Secretary may prescribe by 
regulation.


Sec. 142.104  General requirements for health plans.

    If a person conducts a transaction (as defined in Sec. 142.103) 
with a health plan as a standard transaction, the following apply:
    (a) The health plan may not refuse to conduct the transaction as a 
standard transaction.
    (b) The health plan may not delay the transaction or otherwise 
adversely affect, or attempt to adversely affect, the person or the 
transaction on the ground that the transaction is a standard 
transaction.
    (c) The health information transmitted and received in connection 
with the transaction must be in the form of standard data elements of 
health information.
    (d) A health plan that conducts transactions through an agent must 
assure that the agent meets all the requirements of this part that 
apply to the health plan.


Sec. 142.105  Compliance using a health care clearinghouse.

    (a) Any person or other entity subject to the requirements of this 
part may meet the requirements to accept and transmit standard 
transactions by either--
    (1) Transmitting and receiving standard data elements; or
    (2) Submitting nonstandard data elements to a health care 
clearinghouse for processing into standard data elements and 
transmission by the health care clearinghouse and receiving standard 
data elements through the health care clearinghouse.
    (b) The transmission, under contract, of nonstandard data elements 
between a health plan or a health care provider and its agent health 
care clearinghouse is not a violation of the requirements of this part.


Sec. 142.106  Effective date of a modification to a standard or 
implementation specification.

    HHS may modify a standard or implementation specification after the 
first year in which HHS requires the standard or implementation 
specification to be used, but not more frequently than once every 12 
months. If HHS adopts a modification to a standard or implementation 
specification, the implementation date

[[Page 32798]]

of the modified standard or implementation specification may be no 
earlier than 180 days following the adoption of the modification. HHS 
determines the actual date, taking into account the time needed to 
comply due to the nature and extent of the modification. HHS may extend 
the time for compliance for small health plans.

Subparts B-E [Reserved]

Subpart F--National Employer Identifier Standard


Sec. 142.602  National employer identifier standard.

    The employer identifier standard that must be used under this 
subpart is the employer identification number (EIN), which is the 
taxpayer identifying number of an individual or other entity (whether 
or not an employer) that is assigned pursuant to 26 U.S.C. 6011(b), or 
corresponding provisions of prior law, or pursuant to 26 U.S.C. 6109, 
and in which nine digits are separated by a hyphen, as follows: 00-
0000000. The EIN is assigned by the Internal Revenue Service, U.S. 
Department of the Treasury.


Sec. 142.604  Requirements: Health plans.

    Each health plan must accept and transmit the national employer 
identifier of any employer that must be identified by the national 
employer identifier in any standard transaction.


Sec. 142.606  Requirements: Health care clearinghouses.

    Each health care clearinghouse must use the national employer 
identifier of any employer that must be identified by the national 
employer identifier in any standard transaction.


Sec. 142.608  Requirements: Health care providers.

    Each health care provider must use the national employer identifier 
wherever required on all transactions the health care provider 
transmits electronically.


Sec. 142.610  Requirements: Employers.

    Each employer must disclose its EIN, when requested, to any entity 
that conducts standard electronic transactions that require that 
employer's identifier.


Sec. 142.612  Effective dates of the initial implementation of the 
national employer identifier standard.

    (a) Health plans. (1) Each health plan that is not a small health 
plan must comply with the requirements of Secs. 142.104 and 142.604 by 
[24 months after the effective date of the final rule in the Federal 
Register].
    (2) Each small health plan must comply with the requirements of 
Secs. 142.104 and 142.604 by [36 months after the effective date of the 
final rule in the Federal Register].
    (b) Health care clearinghouses and health care providers. Each 
health care clearinghouse and health care provider must begin using the 
standard specified in Sec. 142.602 by [24 months after the effective 
date of the final rule in the Federal Register].

    Dated: April 17, 1998.
Donna E. Shalala,
Secretary.
[FR Doc. 98-15782 Filed 6-15-98; 8:45 am]
BILLING CODE 4120-01-P