[Federal Register Volume 67, Number 105 (Friday, May 31, 2002)]
[Rules and Regulations]
[Pages 38009-38020]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 02-13616]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of the Secretary
45 CFR Parts 160 and 162
[CMS-0047-F]
RIN 0938-AI59
Health Insurance Reform: Standard Unique Employer Identifier
AGENCY: Centers for Medicare and Medicaid Services (CMS), HHS.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: This final rule establishes a standard for a unique employer
identifier and requirements concerning its use by health plans, health
care clearinghouses, and health care providers. The health plans,
health care clearinghouses, and health care providers must use the
identifier, among other uses, in connection with certain electronic
transactions.
The use of this identifier will improve the Medicare and Medicaid
programs, and other Federal health programs and private health
programs, and the effectiveness and efficiency of the health care
industry in general, by simplifying the administration of the system
and enabling the efficient electronic transmission of certain health
information. It will implement some of the requirements of the
Administrative Simplification subtitle of the Health Insurance
Portability and Accountability Act of 1996.
EFFECTIVE DATE: This regulation is effective July 30, 2002.
FOR FURTHER INFORMATION CONTACT: Patricia Peyton, (410) 786-1812.
SUPPLEMENTARY INFORMATION:
Copies: To order copies of the Federal Register containing this
document, send your request to: New Orders, Superintendent of
Documents, P.O. Box 371954, Pittsburgh, PA 15250-7954. Specify the date
of the issue requested and enclose a check or money order payable to
the Superintendent of Documents, or enclose your Visa or Master Card
number and expiration date. Credit card orders can also be placed by
calling the order desk at (202) 512-1800 or by faxing to (202) 512-
2250. The cost for each copy is $9. As an alternative, you can view and
photocopy the Federal Register document at most libraries designated as
Federal Depository Libraries and at many other public and academic
libraries throughout the country that receive the Federal Register. You
may also obtain a copy from the following web sites:
[[Page 38010]]
http://www.access.gpo.gov/nara/index.html; http://aspe.hhs.gov/admnsimp/.
I. Background
Employers may need to be identified when they transmit information
to health plans to enroll or disenroll an employee as a participant in
a health plan. Employers, health care providers, and health plans may
need to identify the source or receiver of eligibility or benefit
information. Although the source is usually a health plan, it could be
an employer. Employers and health plans may need to identify the
employer when making or keeping track of health plan premium payments
or contributions relating to an employee. In all cases, in health care
transactions, where information about the employer is transmitted
electronically, it will be beneficial to identify the employer using a
standard identifier.
A. Legislation
The Congress included provisions to address the need for a standard
unique employer identifier and other administrative simplification
issues in the Health Insurance Portability and Accountability Act of
1996 (HIPAA), Public Law 104-191, which became effective on August 21,
1996. Through subtitle F of title II of that law, the Congress added to
title XI of the Social Security Act a new part C, titled Administrative
Simplification (Public Law 104-191) affects several titles in the
United States Code. Hereafter, we refer to the Social Security Act as
the Act; we refer to the other laws cited in this document by their
names.) The purpose of this part is to improve the Medicare and
Medicaid programs in particular and the efficiency and effectiveness of
the health care system in general by encouraging the development of a
health information system through the establishment of standards and
requirements to facilitate the electronic transmission of certain
health information.
Part C of title XI consists of sections 1171 through 1179 of the
Act. These sections define various terms and impose several
requirements on the Secretary, health plans, health care
clearinghouses, and certain health care providers concerning electronic
transmission of health information, and security and privacy.
We discussed the legislation in greater detail in a final rule for
Standards for Electronic Transactions (the Transactions Rule) published
on August 17, 2000 (65 FR 50312), and in a final rule for Privacy of
Individually Identifiable Health Information (the Privacy Rule),
published on December 28, 2000 (65 FR 82462). Rather than repeating the
discussion here, we refer the reader to those documents for further
information.
Section 1172 of the Act makes any standard adopted under part C
applicable to (1) all health plans, (2) all health care clearinghouses,
and (3) any health care provider who transmits any health information
in electronic form in connection with a transaction referred to in
section 1173 (a)(1).
In complying with the requirements of part C of title XI, the
Secretary must rely on the recommendations of the National Committee on
Vital Health Statistics (NCVHS), consult with appropriate State,
Federal, and private agencies or organizations, and publish the
recommendations of the NCVHS in the Federal Register.
Paragraph (b) of section 1173 of the Act requires the Secretary to
adopt standards for unique health identifiers for all employers (in
addition to identifiers for individuals, health plans, and health care
providers) for use in the health care system, and requires further that
the adopted standards specify for what purposes unique health
identifiers may be used.
II. Provisions of the Proposed Regulations
On June 16, 1998 (63 FR 32784), we proposed a national standard
employer identifier and requirements concerning its implementation.
That rule would have established requirements that health plans, health
care clearinghouses, and health care providers would have to meet to
comply with the requirements for use of a unique employer identifier in
electronic transactions.
We proposed to add a new part to title 45 of the Code of Federal
Regulations (63 FR 32784) for health plans, health care providers, and
health care clearinghouses in general. The new part would have been
part 142 of title 45 and would have been titled Administrative
Requirements. Subpart F would have contained provisions specific to the
employer identifier. In this final rule, we have codified these
provisions in Part 162.
The proposed rule for the employer identifier (63 FR 32784)
discussed applicability of HIPAA to all health plans, all health care
clearinghouses, and those health care providers that transmit any
health information in electronic form in connection with transactions
referred to in section 1173(a)(1) of the Act.
The Transactions Rule (65 FR 50312) contains general requirements
for administrative simplification, including applicability of the
regulations, general effective dates, and definitions. We refer the
reader to that rule for the discussion of comments and responses and
for the actual regulations that were codified in the Code of Federal
Regulations for the general requirements (45 CFR part 160 Subpart A,
and 45 CFR part 162 Subparts A and I). In addition, some provisions in
part 160 were further revised by the Privacy Rule published on December
28, 2000 (65 FR 82462).
A. Definitions
We proposed to define ``employer'' as 26 U.S.C. 3401(d) does: a
person (or an entity) for whom an individual performs or performed any
service, of any nature, as the employee of that person (or that entity)
except for the following:
(1) If the entity for whom the individual performs or performed the
services does not have control of the payment of the wages for the
services, the term ``employer'' means the entity having control of the
payment of the wages.
(2) If the entity pays wages on behalf of a nonresident alien
individual, foreign partnership, or foreign corporation, not engaged in
trade or business within the United States, the term ``employer'' means
that entity.
We did not receive any comments on our definition of ``employer.''
We note here that our proposed definition incorrectly omitted a
reference to 26 U.S.C. 3401(a) of the Internal Revenue Code that is
part of the definition at 26 U.S.C. 3401(d) of the Internal Revenue
Code. We clarify in this rule that our definition of ``employer'' is as
it appears in 26 U.S.C. 3401(d). We also note that the use of the term
``individual'' in the definition at 26 U.S.C. 3401(d) is not the same
as in the final Privacy Rule. In the Privacy Rule, the word
``individual'' means a person who is the subject of protected health
information. In the definition of employer, the word ``individual''
means a person who is an employee.
The EIN is defined in 26 CFR 301.7701-12. We proposed to define
``Employer identification number'' (EIN) as 26 CFR 301.7701-12 does:
``the taxpayer identifying number of an individual or other person
(whether or not an employer) which is assigned pursuant to 26 U.S.C.
6011(b) or corresponding provisions of prior law, or pursuant to 26
U.S.C. 6109, and in which nine digits are separated by a hyphen, as
follows: 00-0000000.''
In this final rule, we deleted the formatting description from our
definition of EIN. We continue to define EIN as the employer
identification number, as assigned by the IRS.
[[Page 38011]]
Deletion of the formatting description from our regulatory definition
gives us flexibility, in case the IRS should decide in the future to
change the format of the EIN.
B. Employer Identifier Standard
We proposed that Sec. 142.602, National employer identifier
standard, would describe the employer identifier standard. There
currently exists no standard for employer identification that has been
developed, adopted, or modified by a standard setting organization
after consultation with the National Uniform Billing Committee (NUBC),
the National Uniform Claim Committee (NUCC), the Workgroup for
Electronic Data Interchange (WEDI), and the American Dental Association
(ADA). Therefore, we would designate a new standard.
We proposed as the standard the employer identification number
(EIN), which is assigned by the Internal Revenue Service (IRS),
Department of the Treasury. As stated in II. Provisions of the Proposed
Regulations, A. Definitions, we define EIN as the employer
identification number assigned by the IRS, and we delete the formatting
description in our definition.
Proposed Sec. 142.602 has become Sec. 162.605.
C. Requirements
In the proposed rule (63 FR 32787), we noted that the Act does not
bind employers to use the standard. However, covered health care
providers, health plans, and health care clearinghouses are bound to
use the standard, where required, in electronic health transactions.
1. Health plans.
In Sec. 142.604, Requirements: Health plans, we proposed to require
health plans to accept the EIN on all standard transactions and
transmit the EIN on all standard transactions that require an employer
identifier to identify a person or entity as an employer.
2. Health care clearinghouses.
We proposed to require in Sec. 142.606, Requirements: Health care
clearinghouses, that each health care clearinghouse use the EIN on all
standard transactions that require an employer identifier to identify a
person or entity as an employer.
3. Health care providers.
In Sec. 142.608, Requirements: Health care providers, we proposed
to require each health care provider to use the EIN, wherever required,
on all standard transactions that require an employer identifier to
identify a person or entity as an employer.
4. Employers.
In Sec. 142.610, Requirements: Employers, we proposed to require
each employer to disclose its EIN, when requested, to any entity that
conducts standard electronic transactions that require that employer's
identifier to identify a person or entity as an employer.
Proposed Secs. 142.604, 142.606, and 142.608 have been consolidated
into Sec. 162.610, and proposed Sec. 142.610 has been removed in this
final rule.
D. Effective Dates and Compliance Dates of the Employer Identifier
We proposed that health plans would be required to comply with our
requirements as follows:
Each health plan that is not a small health plan would
have to comply with the requirements of Sec. 142.604, now consolidated
into Sec. 162.610, no later than 24 months after the effective date of
the final rule. (Note, proposed Sec. 142.104, General requirements for
health plans, is addressed in the final Transactions Rule (65 FR
50369).)
Each small health plan would have to comply with the
requirements of Sec. 142.604, now consolidated into Sec. 162.610, no
later than 36 months after the effective date of the final rule. (Note,
proposed Sec. 142.104, General requirements for health plans, is
addressed in the final Transactions Rule (65 FR 50369).)
If the Secretary adopts a modification to a standard or
implementation specification, the implementation date of the
modification would be no earlier than the 180th day following the
adoption of the modification. The Secretary would determine the actual
date, taking into account the time needed to comply due to the nature
and extent of the modification. The Secretary would be able to extend
the time for compliance for small health plans.
We proposed that health care clearinghouses and health
care providers must begin using the standard specified in Sec. 142.602,
now Sec. 162.605, no later than 24 months after the effective date of
the final rule.
III. Comments and Responses Concerning the Proposed Provisions
All general comments on applicability of the HIPAA standards were
addressed in the Transactions Rule. These comments will not be repeated
here.
There were 61 commenters on the proposed rule. These commenters
included Federal and State government agencies, private organizations
(including health plans and health care provider professional
organizations), and individuals.
A. Employer Identifier Standard
Comment: Two commenters said there should be no regulation as to
the use or non-use of the hyphen as part of the format for the EIN.
Eight commenters stated the hyphen should be omitted when transmitting
standard transactions. One commenter said it should be omitted on
standard transactions but used in human-readable formats. One commenter
stated that the use of a modifier would be beneficial for identifying
specific State agencies under a single EIN; another commenter
recommended that the EIN not be used with a modifier. A few commenters
recommended a check digit be used with the EIN; a larger number of
commenters recommended a check digit not be used.
Response: The hyphen is part of the EIN, as it is defined at 26 CFR
301.7701-12 and assigned by the IRS. The standard transaction formats
use alphanumeric fields for the EIN. These fields can accommodate the
EIN with or without the hyphen. The implementation guides for the
standard transactions are silent on whether the hyphen must be
transmitted. Most translator software can easily add the hyphen to or
remove it from the EIN field within standard transactions. In spite of
the flexibility of the standard transaction formats and the capability
of translators to handle EINs with and without the hyphen, we believe
that we should require standardization of the identifier format within
the standard transactions, in order to promote simplification and
savings. We further believe that it would be confusing to adopt the EIN
as the standard unique employer identifier, but then to direct that the
adopted standard be modified, by removing the hyphen, before use in
standard transactions. It would be equally confusing to adopt ``the EIN
minus the hyphen'' as the standard, because this identifier would still
be referred to informally as the EIN, and it would not be clear when
the hyphen is needed and when it is not. We believe it is advantageous
to adopt the EIN exactly as assigned by the IRS. This strategy is
clearer and more flexible, should the IRS, at some time in the future,
modify its defined format of the EIN for any reason. We therefore
require that the EIN as assigned by the IRS be used in the standard
transactions, which means at present that the hyphen must be
transmitted as part of the EIN.
The EIN was selected as a cost-effective choice for the standard
employer identifier because the IRS is already issuing it and employers
already have this identifier. The IRS has no
[[Page 38012]]
project initiated at this time to modify the format of the EIN or to
add a check digit to the EIN.
The presence of a check digit can help in detection of keying
errors made in data entry of a number. We could have specified a check
digit to be used with the IRS-issued EIN. However, we believe that in
many cases where the EIN is used in standard transactions, it will be
on file electronically and will not need to be inserted through data
entry. Therefore, the benefits of a check digit would be modest.
Modification of the IRS-issued identifier by addition of modifiers
or a check digit for use in health care transactions would require
costly additional processes and would negate the benefits of using the
existing IRS infrastructure; therefore, we do not add modifiers or a
check digit to the IRS format.
Comment: Several commenters thought that the EIN was proposed to
identify health care providers. Some stated that the EIN was not
specific enough to uniquely identify health care providers. Others
expressed privacy concerns if the EIN were used to identify health care
providers.
Response: The same entity may have multiple roles in health care
transactions. On May 7, 1998, we proposed that the National Provider
Identifier, not the EIN, be adopted to uniquely identify health care
providers (63 FR 25320). The EIN will be used to identify an entity in
the employer role. For example, a hospital may be both an employer and
a health care provider. The hospital would use its EIN to identify
itself when conducting transactions in an employer role, for example,
making premium payments on behalf of its employees. When making claims
for health care services furnished, it would use its National Provider
Identifier.
Comment: Several commenters thought that the EIN was proposed to
identify the patient's health plan or insurance coverage. One commenter
stated one identifier should be used for both payer and employer. One
commenter stated it would be confusing to use a different identifier
for employee welfare benefit plans and employers, since such plans are
sponsored by employers.
Response: The EIN will be used to identify an entity acting in the
employer role in standard transactions. It will not identify the
patient's health plan or insurance coverage. It will not replace the
group number, account number, policy number, or subscriber number.
Although it is true that the employee welfare benefit plans are often
sponsored by employers, the EIN will be used to identify only the
employer, not the health plan. In a future proposed rule, HHS intends
to propose a health plan identifier to identify health plans. Employee
welfare benefit plans would be identified by a health plan identifier.
Comment: Several commenters supported the choice of the EIN. Two
commenters stated the EIN did not meet the 10 criteria established for
selection of a standard under the Act.
Response: Of the two commenters stating that the EIN did not meet
the criteria (see 65 FR 50351-50352 for the list of criteria), one
commenter was not specific about how the EIN did not meet the criteria.
The second commenter incorrectly believed that the EIN was being
proposed to identify the insurance coverage of a patient rather than to
identify an employer in standard transactions.
B. Requirements
Comment: One commenter stated that we should clarify the meaning of
the terms ``required'' and ``situational.'' Many commenters stated that
the usage of the EIN of the employer in health care transactions was
unclear and requested clarification, i.e., whether the EIN was
required, situational, etc. One commenter said the EIN of the employer
should be a situational data element on all electronic data interchange
(EDI) transactions. Several commenters stated that the EIN should be
required only on transactions exchanged between an employer and a
health plan. Several commenters said they needed clarification on which
transactions would use the EIN.
Response: As used with respect to a data element in a standard
transaction, the word ``required'' means that the data element is
required according to the standard implementation guide for that
transaction. The word ``situational'' means that the data element or
choice of a specific code value is required if the data condition
described in the standard implementation guide occurs. For purposes of
this rule, if use of the employer identifier is situational and the
data condition occurs, the EIN is considered to be required.
The X12N Version 4010 transaction implementation guides are the
authority for specific information on the use of the EIN to identify
the employer in X12N transactions. The following summarizes use of the
EIN to identify the employer in X12N transactions:
X12N 270/271 Eligibility for a Health Plan--Situational
(Used to identify the employer as the source of eligibility information
when the employer maintains that information.) (Note: Although the
implementation guide does support the use by employers, and the
information receiver can be identified specifically as an employer,
employer participation in this transaction is not a HIPAA business
purpose.)
X12N 276/277 Health Care Claims Status--Situational (Used
to identify the employer in worker's compensation claims. This usage
covers situations where the employer is considered the subscriber for a
patient when the claim is a result of a work-related injury or illness.
In this circumstance, the health care provider and health plan are
using the standard named in the final Transactions Rule although this
is not required by the Final Rule because one or both are not covered
entities or this is a business purpose not covered under the final
Transactions Rule. In most cases, the health care provider will already
know the EIN because it will have a relationship with the employer for
worker's compensation cases or because provision of the EIN is required
by local, State, or other regulation.)
X12N 820 Health Plan Premium Payments--Situational (Used
to identify an entity who is an employer as the remitter of the premium
or as the entity to which the premium payment applies.)
X12N 834 Enrollment and Disenrollment in a Health Plan--
Required (when used to identify the sponsor of the health plan when the
sponsor is an employer.) Situational (when used to identify the
employer of a person covered under a health plan when that employer is
not the sponsor. The non-sponsor employer is identified only when the
contract between the sponsor and the health plan requires that the
sponsor report this information.)
An employer identifier is not used to identify an entity as an
employer in the following X12N standard transactions:
X12N 278 Referral Certification and Authorization
X12N 835 Health Care Payment and Remittance Advice
X12N 837 Health Care Claims or Equivalent Encounter
Information-- Dental
X12N 837 Health Care Claims or Equivalent Encounter
Information--Professional
X12N 837 Health Care Claims or Equivalent Encounter
Information--Institutional
The EIN of the employer is optional in the NCPDP retail pharmacy
transactions. The implementation guides for the NCPDP transaction
standards are the authorities for specific information on the use of
the EIN of the
[[Page 38013]]
employer in the NCPDP standard transactions.
Comment: Many commenters expressed concern that health care
providers would be required to report the EIN of the patient's or
subscriber's employer on standard transactions. They requested more
specific data related to the costs to health care providers of
reporting these EINs. They noted that health care providers do not
routinely obtain and patients do not generally know these EINs. Some
commenters noted that, with the exception of the X12N 834 enrollment
transaction, the X12N implementation guides specify the employer
identifier is situational in all occurrences. Health care providers are
not a party to the X12N 834 and thus would not be required to report a
patient's employer's EIN. Many commenters therefore recommended that
all references to the use of employer identifiers by health care
providers be deleted from the regulation. One commenter noted that
third party administrators sometimes require health care providers to
report the employer on eligibility transactions, and that
subcontracting health care providers in Provider Sponsored
Organizations sometimes direct eligibility transactions to the
employer. Some commenters stated that if health care providers were
required to report or use the EIN of the patient's employer, health
insurance cards should carry this EIN; otherwise, health cards should
not carry the EIN.
Response: Health care providers do not conduct the X12N 834
enrollment transaction, the only standard transaction where the
employer identifier is required. In all standard transactions that a
health care provider might conduct, the employer identifier is either
not a permitted value or is one of a choice of alternate values. In the
situations where the employer identifier may be used in a standard
transaction used by covered entities under HIPAA, the employer
identifier is used only if the party being identified is an employer
and its identifier has been given to the health care provider as the
electronic transaction identifier for the employer as an information
source in an eligibility transaction. The standard transaction for
eligibility inquiry and response does not contain data elements for
identifying the subscriber's employer. We expect that health care
providers will be able to obtain the EIN from the employer, as is the
current practice, for the limited cases when an EIN is needed in
covered standard transactions initiated by the health care provider.
Comment: Some commenters stated that employers may not want to
disclose their EINs and requested that the final rule explicitly state
the penalties for an employer that does not disclose its EIN. Some were
concerned that the EIN may not be accessible to parties needing the EIN
for health care transactions. One commenter said that because of
administrative costs, employers will not want to provide their EINs.
Another commenter stated that employers would be so overwhelmed by
requests for their EINs that they would place them on everything to
limit staff time required for answering these requests.
Response: These concerns were generated because commenters
incorrectly thought that EINs would be required in transactions
initiated by health care providers or others who would not know the
EIN. Although identification of the subscriber's employer was part of
the data content of the institutional health care claim transaction in
the proposed Transactions Rule, that data element was removed from the
institutional health care claim transaction that was adopted by the
final Transactions Rule. In fact, the EIN will be used, for the most
part, in transactions initiated by the employer itself. The EIN is
required for the enrollment in a health plan standard transaction,
which is usually initiated by employers (which are not covered
entities). In other transactions, such as the eligibility for a health
plan transaction, the employer identifier only occurs in conjunction
with the use of the standard transaction between one or more
organizations who are noncovered entities under HIPAA, or as one of the
possible choices of identifiers for the employer. In the eligibility
for a health plan transaction, the employer identifier can be used as
one of the permitted identifiers for the employer as the source or
receiver of eligibility information. Thus, when a health care provider
is initiating the eligibility for a health plan transaction to an
employer, in the process of determining the proper electronic routing
identifiers and other electronic identifiers, the health care provider
has the opportunity to obtain an EIN if required by the employer as its
electronic routing or other electronic identifier. We believe that use
of the EIN will not generally create compliance problems for covered
entities.
We had proposed to require each employer to disclose its EIN, upon
request, to any covered entity that needed to use that employer's EIN
in a standard transaction. This requirement is not adopted in this
final rule because employers are not covered entities under the
Administrative Simplification provisions of HIPAA. However, we believe
that employers will have a strong incentive to continue the common
business practice of providing their EINs voluntarily in those rare
cases where it is not already known in order to maintain or improve the
efficiency of administrative processes.
Comment: Many commenters thought that the EIN of the patient's
employer or of the patient would be required in health care claim and
encounter transactions. These commenters stated that use of the EIN in
these transactions is an invasion of privacy, both personal and
medical. Several commenters stated that implementation of a national
standard employer identifier will permit unwarranted Federal monitoring
of patient care and linking of medical records through employers. They
stated that the possibility of Federal monitoring and linking of
medical records will create barriers of distrust between doctors and
patients and between employers and employees. They stated use of the
EIN will eventually lead to a numbering system on citizens that will
make it easier to track citizens from one employer to another, build
citizen profiles, or discriminate against citizens based upon health
status. One commenter thought that the use of the EIN would result in
the collection of centralized medical records and had potential for
abuse. Several commenters stated this regulation was an improper role
of government. Several commenters said they would like to shelve the
proposed rule, while others said there should be a nationally
publicized hearing or that the use of the EIN should go to a public
vote and not be decided by the government. Several commenters were
concerned about the security of medical records stored in central
computer locations. One commenter supported a ``Patients' Bill of
Rights'' with enforcement through the court systems. One commenter
requested clarification of penalties for patients who refuse to give
the names or EINs of their employers. One commenter said that States
should not be required to give employers access to benefit information.
This commenter stated this would be unacceptable, based on
confidentiality and administrative burden.
Response: Many commenters misunderstood the proposed application of
the employer identifier. The inclusion of the employer identifier is
optional in the NCPDP retail pharmacy claim. The employer identifier is
not used at all to identify an entity as an employer in the X12N
standard health care claim or equivalent encounter information
transactions. It is used
[[Page 38014]]
primarily to identify employers that are sending or receiving
transactions for enrollment in a health plan or payment of premiums.
Those transactions do not carry information about the treatment of
individuals. We do not believe the employer identifier will facilitate
federal monitoring of patient care, collection of central medical
records, or tracking of citizens. We do not believe it will lead to
barriers of distrust between doctors and patients, or between employers
and employees. HHS proposed standards for security of health
information, including medical records, in a proposed rule (63 FR
43242) published on August 12, 1998. HHS also adopted standards for
privacy of individually identifiable health information in the Privacy
Rule (65 FR 82462) published December 28, 2000. We do not require
patients to give the EIN of their employers to anyone or require States
to give employers access to benefit information.
Comment: One commenter recommended the revision of Secs. 142.604
and 142.608 as follows: ``Each health plan/health care provider must
accept and transmit the national employer identifier of any employer
that must be identified in any standard transaction.'' One commenter
stated that Sec. 142.606 should be deleted since clearinghouses do not
collect, validate, or supply data elements to the transaction.
Response: We agree that Secs. 142.604 and 142.608 should be revised
for clarity. We do not agree that Sec. 142.606 should be deleted
because health care clearinghouses are covered entities and are
required to use the standards, but we made a similar revision as that
made to Secs. 142.604 and 142.608. These revisions are reflected in
Sec. 162.610.
C. Implementation Concerns
Comment: One commenter recommended HHS notify employers of this
proposal for national use of EINs.
Response: Employers are not covered entities, and this rule places
no requirements upon them. In many cases, employers already use the EIN
to identify themselves in standard transactions. Use of the EIN by
employers in standard transactions will continue to be voluntary. While
employers are not covered entities under this rule, health plans are
free, as part of their business arrangements with employers, to require
employers to use the standard transactions and to provide their EINs
for this purpose. We have provided public notice of this proposal by
publication of the proposed rule in the Federal Register on June 16,
1998 (63 FR 32784) and by publication of this final rule in the Federal
Register.
Comment: Several commenters requested clarification of the employer
enumeration process and how information in the employer identifier
system would be maintained. They also stated that timely and accurate
updates to this system are critical to accurate public health data
collection efforts. One commenter wanted confirmation that the plans
for authenticating prior to the IRS's issuance of an EIN would remain
the same as today. It was suggested that one or more centers be
established to answer questions about the employer identifier and
redirect questions to the IRS or other Departments.
Response: The IRS maintains the EIN enumeration system and
database, and makes information on the EIN available through its web
site at http://www.irs.ustreas.gov/. The IRS authentication,
enumeration and update processes and the IRS enumeration system will
not be changed as a result of this regulation. The IRS answers
questions about the EIN through its web site. HHS answers questions
about the Administrative Simplification regulations through its web
site at http://aspe.hhs.gov/admnsimp.
Comment: One commenter asked whether the EIN is always the same as
the taxpayer identifying number.
Response: The taxpayer identifying number may be an EIN, a Social
Security Number, or an IRS individual taxpayer identification number.
The IRS, at 26 CFR 301.7701-12, defines the Employer Identification
Number as ``the taxpayer identifying number of an individual or other
person (whether or not an employer) which is assigned pursuant to
section 6011(b) or corresponding provisions of prior law, or pursuant
to section 6109, and in which nine digits are separated by a hyphen, as
follows: 00-0000000.''
Comment: A commenter wanted to know the IRS policy on reusing an
EIN.
Response: Currently, the IRS does not reuse EINs; that is, it does
not assign a previously used EIN to a new applicant for an EIN. IRS
Publication Number 1635, ``Understanding Your EIN, Employer
Identification Numbers,'' includes information on business and
corporate changes that would allow continued use of an organization's
EIN or would require issuance of a new EIN. This publication can be
ordered by calling (800) 829-3676 or can be downloaded from the IRS web
site at http://www.irs.ustreas.gov/plain/bus_info/pub1635.html.
Comment: Several commenters recommended the use of an online EIN
database and suggested an IRS directory be established. Several
commenters recommended use of a standards-based directory schema.
Another stated it would be necessary to have a directory only if
transactions other than the X12N 834 Health Care Benefit Enrollment
were to require use of the EIN. This commenter stated the X12N 834
transaction would not require a directory since it is initiated by
employers.
Response: For the most part, the EIN will be used in HIPAA
transactions initiated by the employer. The employer will know its own
EIN; therefore, an on-line public directory will not be necessary. In
the few cases where a standard transaction that requires an employer's
identifier is initiated by an entity other than the employer, we expect
that the entity will obtain the EIN from the employer, as is the
current practice.
Comment: A concern was raised by one commenter about the length of
time it would take to receive an EIN and how both Medicare and Medicaid
claims would be paid if the employer did not have an EIN. One commenter
said that the proposed rule makes electronic transmissions impossible
for any employer that lacks an EIN or refuses to disclose its EIN. Two
commenters suggested that the IRS determine those employers that do not
already have EINs and that HHS require those named by the IRS to obtain
EINs. Another commenter suggested that instructions be made available
on what to do if an employer does not have an EIN. One commenter stated
that employers utilizing Social Security Numbers for tax reporting
purposes should be required to apply for EINs.
Response: Many of these concerns were based on an incorrect belief
that the patient's employer's EIN would be required in standard claim
transactions. Actually, the patient's employer's EIN is not included in
the X12N standard claim transactions and is optional in the NCPDP
retail pharmacy claim. We know of no situation where an employer
identifier would be required in a standard transaction and the employer
would not have an EIN. The employer identifier is used in standard
transactions to identify the employer of employees who are subjects in
the transaction. Any business that pays wages to one or more employees
is required to have an EIN as its taxpayer identifying number. A sole
proprietor who has no employees or who files no excise or pension tax
return is the only business person who is not required to obtain an
EIN; a sole proprietor with no employees would not need to be
identified as an employer in standard transactions. The IRS
publication,
[[Page 38015]]
``Understanding Your EIN, Employer Identification Numbers,''
Publication 1635, states that the IRS generally assigns an EIN within
4-5 weeks of receiving an application by mail or assigns an EIN
immediately via the tele-TIN telephone process. For the telephone
number in each state, see the ``Where to Apply'' section in Publication
1635. Publication 1635 can be downloaded from the IRS web site at
http://www.irs.ustreas.gov/plain/bus_info/pub1635.html or can be
ordered by calling (800) 829-3676.
Comment: One Medicaid State agency requested clarification on
whether Medicaid State agencies would use the EIN when making health
plan premium payments or when making capitation payments to managed
care plans. Other commenters had concerns of how health plan sponsors
that are not employers would be identified in standard transactions.
One commenter requested that the description on how to obtain an EIN
(63 FR 32793) be expanded to include those non-employer entities that
will need an identifier for HIPAA transactions.
Response: HIPAA requires that the Secretary adopt a standard unique
health identifier for each individual, employer, health plan, and
health care provider for use in the health care system. If the Medicaid
State agency is making premium payments or capitation payments as an
employer on behalf of its own employees, it would use its EIN. The law
does not provide for adoption of a standard identifier for health plan
sponsors that are not employers but that may enroll or make premium
payments on behalf of other persons. We recognize that in some
situations, the EIN is used to identify health plan sponsors that are
not employers. This practice will not be affected by this final rule.
Comment: One commenter asked how foreign employers would be
identified in standard transactions.
Response: Foreign employers are treated the same as all other
employers under this rule. In this rule, we have intentionally adopted
a definition of ``employer'' that is identical to the definition used
by the Internal Revenue Service in 26 U.S.C. 3401(d). This definition
covers foreign employers who pay wages to employees for whom tax
withholding is required by the IRS. For purposes of this rule, it is
important that any employer that enrolls or disenrolls employees in a
health plan or that makes premium payments on behalf of employees to a
health plan be able to be identified by the standard employer
identifier. Since any business that pays wages to one or more employees
is required to obtain an EIN as its taxpayer identifying number, we
know of no employer that would not be able to be identified by an EIN
when enrolling or disenrolling employees in a health plan or making
premium payments on behalf of employees to a health plan.
Comment: In the proposed rule (63 FR 32793) we noted that some
employer organizations have more than one EIN. We asked for comment on
whether one EIN should be used consistently in health care
transactions. One commenter noted that in some cases employer
organizations with multiple EINs may be doing business with multiple
health plans and using a different EIN with each plan, resulting in
coordination of benefits problems. Several commenters recommended that
specific guidelines be defined for using a single EIN across the board
in health-related transactions. Several commenters stated that the use
of multiple EINs would not be a problem. Several commenters made
suggestions on which EIN should be designated for use in health care
transactions, for example, the one that appears on the IRS Form W-2,
Wage and Tax Statement, of the employee that is a subject of the
transaction, the one that identifies the employee's employment address,
or the one with the lowest numeric value. Some commenters noted that
the intended purpose of the employer identifier is to identify the
employer and that the employer should decide which EIN to use. Several
commenters suggested that an IRS publication include information on IRS
protocols for multiple EINs. Two commenters requested information about
the IRS maintenance of EINs when corporate changes such as mergers
occur.
Response: When a business entity is a consolidated group consisting
of several corporations, each corporation may be separately identified
for certain Federal tax reporting purposes, and may have its own EIN.
The consolidated group may also have an EIN, under which it files a
consolidated income tax return. For any relationship of an employer to
an employee of that employer, only one unique EIN designates the
employer. The standard unique employer identifier of an employer of a
particular employee is the EIN that appears on that employee's IRS Form
W-2, Wage and Tax Statement, from the employer.
The IRS regulations at 26 CFR 301.7701 contain definitions of
entities that may be identified for Federal tax purposes. The
instructions accompanying IRS Form SS-4, ``Application for Employer
Identification Number,'' detail the kinds of entities that must have
EINs and the situations that require an entity to obtain a new EIN. IRS
publication 1635, ``Understanding Your EIN, Employer Identification
Numbers,'' gives further information on business or corporate changes
that do and do not require an entity to obtain a new EIN. IRS
publications can be downloaded from the IRS web site at http://www.irs.ustreas.gov/plain/forms_pubs/index.html or ordered by calling
(800) 829-3676.
Comment: One commenter was concerned about possibly conflicting
Federal and State regulations for use of the EIN.
Response: This commenter did not note any particular conflicts in
use of the EIN and we are not aware of any conflicts. Section 1178 of
the Act discusses the effect of the Administrative Simplification
provisions on State law. The general rule is that the standards adopted
under the Act supersede any contrary provision of State law. For a more
detailed discussion of the statutory preemption provisions and the
regulatory implementation of those provisions, see 65 FR 82480 through
82481 and 65 FR 82579 through 82588.
D. Approved Uses
Comment: One commenter stated that the regulations should not
require the EIN on ``past'' health information. Another commenter
expressed concern over the lack of guidelines and controls in
dissemination and use of EINs for health care purposes. These
commenters said that the regulation should clearly define the approved
uses and cross-refer to penalties for misuse.
Response: This regulation does not require use of the EIN in
transactions conducted before the compliance date. HHS intends to
publish a proposed rule concerning enforcement of the HIPAA standards.
Civil penalties for failure to comply with requirements and standards
are covered in Section 1176 of the Act. Criminal penalties for misuse
of an employer identifier are covered in Section 1177 of the Act.
Comment: One commenter questioned if the EIN would replace the
United Business Identifier used in non-health transactions. Another
asked if the EIN would replace other employer identifiers, or be used
in addition to them.
Response: This rule does not address non-health care transactions.
We cannot speak to the issue of what will happen in such transactions.
The EIN is the only employer identifier in standard transactions.
[[Page 38016]]
Comment: Some commenters were concerned that employers would not
want to use their EINs because of privacy issues. One commenter stated
that effective security and confidentiality measures should protect the
EIN. Three commenters stated that health data organizations and public
policy researchers should have access to the EIN for public health
surveillance. They wanted this access to be clarified.
Response: The confidentiality of the EIN is protected under the
Internal Revenue Code. Section 26 U.S.C. Sec. 6103 provides that,
generally, taxpayer return information, including taxpayer identity
(which includes a taxpayer identifying number), must be kept
confidential and may not be disclosed by, among others, federal
officers or employees, except as permitted by Title 26.
In this rule we make no changes to the existing access that health
data organizations and public policy researchers have to the EIN.
Health data organizations and researchers desiring access to data from
a Federal system of records that contains the EIN should address their
requests to the Freedom of Information Act official in the agency
responsible for the system.
E. The Specific Impact of the Employer Identifier
Comment: One commenter stated that the cost to implement the EIN
would add to premiums paid by individuals and their families. Several
commenters said the expense and resources to implement this identifier
are greater than estimated. One commenter stated that more specific
data related to the exact costs to health care providers should be made
available for public comment prior to publication of the final rule.
Response: Those concerned with the cost of the identifier consisted
primarily of commenters that incorrectly thought that health care
providers would be required to use the EIN on health care claims. As
noted in our previous responses, the EIN will be used primarily by
employers on transactions they initiate; therefore, we do not expect
the costs to be higher than those estimated in the proposed rule. When
the employer identifier is used in standard transactions initiated by
entities other than the employer, we expect that these entities will
obtain the EIN from the employer, as is the current practice.
IV. Provisions of Final Rule
We are implementing the employer identifier standard, which we now
refer to as the standard unique employer identifier, as we proposed in
the proposed rule, incorporating minor revisions. Any revisions are
noted in Section VI (Summary of Changes to the Proposed Rule).
V. Implementation of the Standard Unique Employer Identifier
A. Obtaining an EIN
The Internal Revenue Service (IRS) maintains the process for
assigning EINs. A business can obtain an EIN by submitting, to the
Internal Revenue Service, Internal Revenue Service Form SS-4,
Application for Employer Identification Number. Any business that is
required to furnish a taxpayer identification number (generally one
that pays wages to one or more employees) must use an EIN as its
taxpayer identifying number. (26 CFR 301.6109-1(a)(1)(ii)(C)). A sole
proprietor who has no employees or who files no excise or pension tax
returns is the only business person who does not need to have an EIN as
the taxpayer identifying number. We know of no situations where an
employer having employees would not be able to obtain an EIN. The EIN
is currently the employer identifier in most widespread use in the
enrollment and disenrollment in a health plan, the eligibility for a
health plan, and the health plan premium payment transactions.
Employers are not required by the Act to use the EIN or conduct
standard transactions. However, we believe that many employers will
find that it will be to their advantage to do so.
B. Approved Uses
The IRS, in a letter to us dated January 16, 1998, stated that
``the use of the EIN as a unique identifying number in all health care
transactions would not present a problem for the (Internal Revenue)
Service in any way.'' The IRS further expressed the ``hope that the use
of the EIN in this capacity will bring about the consistency and
accuracy that are required for these types of transactions.'' Two years
after adoption of this standard (3 years for small health plans)
covered entities must use the EIN as the employer identifier in the
health-related financial and administrative transactions for which
standards have been adopted by the Secretary under 45 CFR Subchapter C
that require an employer identifier. We note that employers that are
not health plans, health care clearinghouses, or health care providers
are not bound by the Act, and use of the EIN by employers to identify
themselves in the employer role is voluntary.
Examples of approved uses in standard health care transactions are
the following:
Employers could use their EINs to identify themselves in
transactions making health plan premium payments to health plans on
behalf of their employees.
Employers could use the EIN to identify themselves or
other employers as the source or receiver of information about
eligibility.
Employers could use their EINs to identify themselves in
transactions to enroll or disenroll their employees in a health plan.
VI. Summary of Changes to the Proposed Rule
We changed the title of this regulation from National Standard
Employer Identifier to Standard Unique Employer Identifier to
accurately reflect the requirement under the Act for the Secretary to
adopt a standard unique health identifier for each employer for use in
the health care system.
We deleted the formatting description from the definition of EIN.
We continue to define EIN as the employer identification number as
assigned by the IRS.
We clarified that our definition of employer is as it appears in 26
U.S.C. 3401(d).
We removed the requirement for each employer to disclose its EIN,
upon request, to covered entities that need to use that employer's EIN
in standard transactions.
We consolidated the requirements for health care providers, health
plans, and health care clearinghouses in Sec. 162.610.
VII. Collection of Information Requirements
Under the Paperwork Reduction Act of 1995 (PRA), agencies are
required to provide a 30-day notice in the Federal Register and solicit
public comment on a collection of information requirement submitted to
the Office of Management and Budget (OMB) for review and approval. In
order to fairly evaluate whether an information collection should be
approved by OMB, section 3506(c)(2)(A) of the PRA requires that we
solicit comment on the following issues:
Whether the information collection is necessary and useful
to carry out the proper functions of the agency.
The accuracy of the agency's estimate of the information
collection burden.
The quality, utility, and clarity of the information to be
collected.
Recommendations to minimize the information collection
burden on the
[[Page 38017]]
affected public, including automated collection techniques.
We are soliciting public comment on each of these issues for the
following section of this document that contains information collection
requirements.
Subpart F--Standard Unique Employer Identifier
Sec. 162.610 Requirements for covered entities
Discussion
While this standard would replace the use of multiple identifiers,
resulting in a reduction of burden, the requirement to use and disclose
information using this standard meets the definition of an agency-
sponsored third-party disclosure under the Paperwork Reduction Act of
1995 (PRA). However, the burden associated with the routine or ongoing
use of this requirement is excluded under the definition of ``burden''
at 5 CFR 1320.3(b)(2). Health care clearinghouses do not normally
obtain or use the EIN except to reformat it as part of translating one
transaction format to another. Adoption of the EIN does not require any
changes to the way health care clearinghouses process employer
identifiers. Thus, the cost of this regulation for health care
clearinghouses is negligible.
As explained earlier in this document in section III. Comments and
Responses Concerning the Proposed Provisions, health care providers do
not conduct the only standard transaction in which the employer
identifier is a required data element. In standard transactions that
include the employer identifier and which may be conducted by a health
care provider, the employer identifier use is situational. In such
transactions, if the employer identifier is not known by the health
care provider, the health care provider does not have to furnish it.
The cost of this regulation for health care providers, therefore, is
negligible.
The remaining burden associated with this requirement, which is
subject to the PRA, is the initial one-time burden on health plans and
covered health care providers to modify their current computer systems.
In most cases where a health plan would need to use an employer
identifier, the health plan would have received the identifier on an
incoming transaction from the employer. We estimate the one-time burden
over a 3-year period on the estimated 2.55 million health plans to
modify their current computer systems software would be 2 hours/$60 per
entity, for a total burden of 5.1 million hours/$153 million. The
maximum annual burden would be 5.1 million hours divided by 3, or 1.7
million hours, and $153 million divided by 3, or $51 million. These
figures are based on the assumption that this and the other burden
calculations associated with HIPAA, Title II systems modifications, may
overlap. This average also takes into consideration that: (1) this
standard may already be in use by several of the estimated entities;
(2) modifications may be performed in an aggregate manner during the
course of routine business and/or; (3) modifications may be made by
contractors such as practice management vendors, in a single effort for
a multitude of affected entities.
As required by section 3504(h) of the Paperwork Reduction Act of
1995, we have submitted a copy of this document to the Office of
Management and Budget (OMB) for its review of these information
collection requirements.
Centers for Medicare & Medicaid Services, Office of Information
Services, DCES, SSG, Attn: John Burke, Room N2-14-26, 7500 Security
Boulevard, Baltimore, MD 21244-1850; ATTN: CMS 0047-F
and
Office of Information and Regulatory Affairs, Office of Management and
Budget, Room 10235, New Executive Office Building, Washington, DC
20503, Attn: Brenda Aguilar, CMS Desk Officer
VIII. Final Impact Analysis of the Employer Identifier
We have examined the impacts of this rule as required by Executive
Order 12866 (September 1993, Regulatory Planning and Review), the
Regulatory Flexibility Act (RFA) (September 16, 1980, Pub. L. 96-354),
section 1102(b) of the Social Security Act, the Unfunded Mandates
Reform Act of 1995 (Pub. L. 104-4), and Executive Order 13132.
Executive Order 12866 directs agencies to assess all costs and benefits
of available regulatory alternatives and, if regulation is necessary,
to select regulatory approaches that maximize net benefits (including
potential economic, environmental, public health and safety effects,
distributive impacts, and equity). A regulatory impact analysis (RIA)
must be prepared for major rules with economically significant effects
($100 million or more in any 1 year). We estimate the total maximum
annual costs for all health plans to modify their computer systems
software to implement the employer identifier standard to be $51
million per year, for 3 years. Therefore, we do not believe that this
rule is a major rule under Executive Order 12866 or 5 U.S.C. 804(2).
Section 1102(b) of the Act requires us to prepare a regulatory
impact analysis if a rule may have a significant impact on the
operations of a substantial number of small rural hospitals. This
analysis must conform to the provisions of section 604 of the RFA. For
purposes of section 1102(b) of the Act, we define a small rural
hospital as a hospital that is located outside of a Metropolitan
Statistical Area and has fewer than 100 beds. We have determined that
this final rule will not have a significant impact on the operations of
a substantial number of small rural hospitals.
We note that the costs and savings for the administrative
simplification standards were presented in the final Transactions Rule
(65 FR 50350). Due to a lack of data that would permit an analysis of
each individual standard, the Department chose to analyze the impact of
all of the standards in total, with the exception of the privacy
standards. As the effect of any one standard is affected by the
implementation of other standards, it can be misleading to discuss the
impact of one standard by itself. Therefore, we have done an impact
analysis on the total effect of all the standards in the final
Transactions Rule (65 FR 50350). This employer identifier rule is
expected to represent a minor portion of the costs or savings expected
from the administrative simplification standards, because of the
voluntary nature of the use of this identifier by employers and the
limited use of an employer identifier in standard transactions
conducted by covered entities.
A. Unfunded Mandates
This final rule has been reviewed in accordance with the Unfunded
Mandates Reform Act of 1995 (UMRA) (2 U.S.C. 1501 et seq.) and
Executive Order 12866. Section 202 of UMRA requires that agencies
assess anticipated costs and benefits before issuing any rule that may
result in expenditure in any 1 year by State, local, or tribal
governments, in the aggregate, or by the private sector, of $110
million. As discussed in the combined impact analysis published at 65
FR 50350, HHS estimates that implementation of the administrative
simplification standards overall will require the expenditure of more
than $110 million by the private sector. However, we do not believe the
implementation of the employer identifier standard to be a significant
regulatory action under UMRA.
B. Regulatory Flexibility Analysis
The Regulatory Flexibility Act (RFA) of 1980, Pub. L. 96-354,
requires us to prepare a regulatory flexibility analysis
[[Page 38018]]
if the Secretary certifies that a regulation would have a significant
economic impact on a substantial number of small entities. On November
17, 2000, the Small Business Administration (SBA) published a final
rule (65 FR 69432) changing the small business size standards for the
health care industry. This SBA final rule became effective December 18,
2000. The size standards that the SBA now uses are those defined by the
North American Industry Classification System. Prior to that, the SBA
used size standards as defined by the Standard Industrial Codes. The
size standard is no longer a uniform $5 million in annual revenues for
all components in the health care sector. Rather, the size standard now
ranges from $6 million to $29 million. The regulatory flexibility
analysis for the employer identifier is linked to the aggregate
regulatory flexibility analysis for all the administrative
simplification standards that appeared in the final Transactions Rule
published on August 17, 2000, which predated the SBA change. It is
appropriate, for the purposes of this rule, to continue to use the $5
million small business size standard that was in effect at the time of
publication of the final Transactions Rule. Nonprofit organizations are
considered small entities. Small government jurisdictions with a
population of less than 50,000 people are also considered small
entities. Individuals and States are not considered small entities.
We do not believe that this regulation will have a significant
economic impact on a substantial number of small entities. The EIN is
already one of the identifiers most frequently used to identify the
employer in electronic health care transactions. Most clearinghouses,
including small clearinghouses, already have the ability to accept and
transmit the EIN when an employer identifier is required. Many health
plans and health care providers already use the EIN to identify the
employer in any transactions that require an employer identifier. Their
current practice is to obtain the EIN from the employer, if they are
the initiator of the transaction and they do not already know the EIN.
We believe these entities will incur few conversion costs as a result
of this regulation. There are few situations when an employer
identifier is required in standard transactions initiated by health
plans and no such situations for those initiated by health care
providers. Converting from other employer identifiers to the EIN
primarily involves the database administration task of substituting one
record identifier for another in a limited number of records, which is
not a costly activity. Therefore, we believe this regulation will not
impose a significant economic impact on small health plans or small
health care providers that convert their systems to use the EIN to
identify the employer in those few situations. As stated in the
Collection of Information Requirements section in this rule, we
estimate the total maximum annual costs for all health plans to modify
their computer systems software to be $51 million per year, for 3
years. Employers are not bound by the Act to use the standards;
therefore, any use of the EIN by employers will be voluntary. Most of
the use of the employer identifier in transactions will be voluntary
use by employers in transactions they initiate. Therefore, we believe
this regulation will not impose a significant economic impact on small
employers.
C. Executive Order 12866
In accordance with the provisions of Executive Order 12866, this
final rule was reviewed by the Office of Management and Budget.
This portion of the impact analysis relates specifically to the
standard that is the subject of this regulation--the employer
identifier. This section describes specific impacts that relate to the
employer identifier. As we indicated in the introduction to this impact
analysis, however, we do not associate the specific costs and savings
to the specific standards.
1. Affected Entities
a. Health Care Providers
In all standard transactions conducted by the health care provider,
the employer identifier is not used or is situational. The employer
identifier is used only if the data condition described in the
implementation guide occurs. In the instances when an EIN could be used
by a health care provider, the EIN is situationally required only if
the entity being identified is an employer and the identifier is known
to the health care provider. We expect health care providers will
obtain the EIN from the employer in these limited cases. However, if
the health care provider cannot obtain the EIN, then the data condition
has not been met and its use is not required. There are no situations
in which an employer identifier is required in a standard transaction
initiated by a health care provider. Any negative impact on health care
providers generally will be related to the initial implementation
period for health care providers that currently use an identifier other
than the EIN to identify the employer in electronic health
transactions. Those health care providers will incur implementation
costs for converting systems from use of other employer identifiers to
use of the EIN. Some health care providers will incur those costs
directly and others will incur them in the form of fee increases from
billing agents and health care clearinghouses.
b. Health Plans
Health plans that engage in electronic commerce will have to modify
their systems to use the EIN if they do not currently use the EIN to
identify the employer in standard electronic health transactions that
require an employer identifier. In most cases, health plans currently
obtain and use the EIN of the employer in those standard transactions
that require an employer identifier. Health plans currently using an
employer identifier other than the EIN will have a one-time cost
impact. We estimate the total maximum cost for all health plans to be
$51 million per year, over 3 years, to make these systems
modifications.
c. Health Care Clearinghouses
Health care clearinghouses will have to modify their systems to use
the EIN if they do not currently use the EIN to identify the employer
in standard electronic health transactions that require an employer
identifier. In most cases, health care clearinghouses currently use the
EIN of the employer in those standard transactions that require an
employer identifier. Health care clearinghouses currently using an
employer identifier other than the EIN will have a one-time cost
impact.
2. Effects of Various Options
a. Guiding Principles for Standard Selection
The implementation teams charged with designating standards under
the statute have defined, with significant input from the health care
industry, a set of common criteria for evaluating potential standards
(see 65 FR 50351-50352). These criteria are based on direct
specifications in HIPAA, the purpose of the law, and principles that
support the regulatory philosophy set forth in Executive Order 12866 of
September 30, 1993, and the Paperwork Reduction Act of 1995.
We assessed the various options for an employer identifier against
those criteria with the overall goal of achieving the maximum benefit
for the least cost. We found that the EIN met all the criteria. No
other alternative employer identifier is in widespread
[[Page 38019]]
use. No other alternative met a majority of the criteria, especially
those supporting the regulatory goal of cost-effectiveness. We assessed
the costs and benefits of the EIN, but we did not assess the costs and
benefits of other identifier options, because they did not meet the
criteria.
b. Need To Convert
All covered health care providers, health plans, and health care
clearinghouses that do not currently use the EIN to identify the
employer in electronic health transactions that require an employer
identifier would have to convert. Because the EIN is currently in
widespread use as an employer identifier throughout the industry,
adopting the EIN would not require conversion for most health care
providers, health plans or health care clearinghouses. The selection of
the EIN imposes a far smaller burden on the industry than any
nonselected option and presents significant advantages in terms of
cost-effectiveness, universality, and flexibility.
c. Complexity of Conversion
The first two digits of the EIN reflect the issuing Internal
Revenue district. However, the EIN does not rely significantly on
embedded intelligence (coded information that is part of the
identifier) to identify the specific employer. For those health care
providers, health plans, and health care clearinghouses that must
convert to use the EIN, the complexity of the conversion would be
significantly affected by the degree to which their processing systems
currently rely on employer identifiers that contain embedded
intelligence. Converting from one identifier that contains no embedded
intelligence to another is less complex than modifying software logic
to obtain needed information from other data elements. However, the use
of an identifier that does not contain embedded intelligence meets the
guiding principle of assuring flexibility.
In general, the shorter the identifier, the easier it is to
implement. It is more likely that a shorter identifier, such as the
EIN, would fit into existing data formats.
The selection of the EIN does not impose a greater burden on the
industry in terms of the complexity of conversion than the nonselected
options.
Executive Order 13132 of August 4, 1999, Federalism, published in
the Federal Register on August 10, 1999 (64 FR 43255) requires us to
ensure meaningful and timely input by State and local officials in the
development of rules that have Federalism implications. Although the
proposed rule (63 FR 32784) was published before the enactment of this
Executive Order, the Department consulted with State and local
officials as part of an outreach program early in the process of
developing the proposed regulation. The Department received comments on
the proposed rule from State agencies and from entities who conduct
transactions with State agencies. Many of the comments referred to the
costs incurred by State and local governments that will result from
implementation of the HIPAA standards. We assume that government
entities will have these costs offset by future savings, consistent
with our projections for the private sector (see the combined impact
analysis (65 FR 50350)). A Congressional Budget Office analysis made
the following points: States are already in the forefront of
administering the Medicaid program electronically, Medicaid State
agencies can compensate (for these costs) by reducing other
expenditures, and the Federal Government pays a portion of the cost of
converting State Medicaid Management Information Systems.
Other comments regarding States expressed the need for
clarification as to when State agencies were subject to the standards.
Responses to comments from States and State organizations regarding the
employer identifier standard are found elsewhere in this preamble.
In complying with the requirements of part C of title XI, the
Secretary established interdepartmental implementation teams that
consulted with appropriate State and Federal agencies and private
organizations. These external groups consisted of the NCVHS'
Subcommittee on Standards and Security, the Workgroup for Electronic
Data Interchange (WEDI), the National Uniform Claim Committee (NUCC),
the National Uniform Billing Committee (NUBC) and the American Dental
Association (ADA). The teams also received comments on the proposed
regulation from a variety of organizations, including State Medicaid
agencies and other Federal agencies.
List of Subjects
45 CFR Part 160
Electronic transactions, Health, Health care, Health facilities,
Health insurance, Health records, Medicaid, Medical research, Medicare,
Reporting and recordkeeping requirements.
45 CFR Part 162
Administrative practice and procedure, Electronic transactions,
Health facilities, Health insurance, Hospitals, Incorporation by
reference, Medicaid, Medicare, Reporting and recordkeeping
requirements.
For the reasons stated in the preamble of this final rule, 45 CFR
subchapter C is amended to read as follows:
PART 160--GENERAL ADMINISTRATIVE REQUIREMENTS
A. Part 160 is amended as follows:
1. The authority citation for part 160 continues to read as
follows:
Authority: Secs. 1171 through 1179 of the Social Security Act
(42 U.S.C. 1320d-1320d-8), as added by sec. 262 of Pub. L. 104-191,
110 Stat. 2021-2031, and sec. 264 of Pub. L. 104-191, 110 Stat.
2033-2034 (42 U.S.C. 1320d-2 (note)).
2. Section 160.103 is amended by republishing the introductory text
and adding the definitions of ``EIN'' and ``Employer'' in alphabetical
order to read as follows:
Sec. 160.103 Definitions.
Except as otherwise provided, the following definitions apply to
this subchapter:
* * * * *
EIN stands for the employer identification number assigned by the
Internal Revenue Service, U.S. Department of the Treasury. The EIN is
the taxpayer identifying number of an individual or other entity
(whether or not an employer) assigned under one of the following:
(1) 26 U.S.C. 6011(b), which is the portion of the Internal Revenue
Code dealing with identifying the taxpayer in tax returns and
statements, or corresponding provisions of prior law.
(2) 26 U.S.C. 6109, which is the portion of the Internal Revenue
Code dealing with identifying numbers in tax returns, statements, and
other required documents.
Employer is defined as it is in 26 U.S.C. 3401(d).
* * * * *
PART 162--ADMINISTRATIVE REQUIREMENTS
B. Part 162 is amended as follows:
1. The authority citation for part 162 continues to read as
follows:
Authority: Secs. 1171 through 1179 of the Social Security Act
(42 U.S.C. 1320d-1320d-8), as added by sec. 262 of Pub. L. 104-191,
110 Stat. 2021-2031, and sec. 264 of Pub. L. 104-191, 110 Stat.
2033-2034 (42 U.S.C. 1320d-2 (note)).
Subparts B Through E--[Reserved]
2. Subparts B through E are reserved.
[[Page 38020]]
3. A new subpart F, consisting of Secs. 162.600, 162.605 and
162.610, is added to read as follows:
Subpart F--Standard Unique Employer Identifier
Sec.
162.600 Compliance dates of the implementation of the standard
unique employer identifier.
162.605 Standard unique employer identifier.
162.610 Implementation specifications for covered entities.
Subpart F--Standard Unique Employer Identifier
Sec. 162.600 Compliance dates of the implementation of the standard
unique employer identifier.
(a) Health care providers. Health care providers must comply with
the requirements of this subpart no later than July 30, 2004.
(b) Health plans. A health plan must comply with the requirements
of this subpart no later than one of the following dates:
(1) Health plans other than small health plans-- July 30, 2004.
(2) Small health plans-- August 1, 2005.
(c) Health care clearinghouses. Health care clearinghouses must
comply with the requirements of this subpart no later than July 30,
2004.
Sec. 162.605 Standard unique employer identifier.
The Secretary adopts the EIN as the standard unique employer
identifier provided for by 42 U.S.C. 1320d-2(b).
Sec. 162.610 Implementation specifications for covered entities.
(a) The standard unique employer identifier of an employer of a
particular employee is the EIN that appears on that employee's IRS Form
W-2, Wage and Tax Statement, from the employer.
(b) A covered entity must use the standard unique employer
identifier (EIN) of the appropriate employer in standard transactions
that require an employer identifier to identify a person or entity as
an employer, including where situationally required.
Subparts G Through H--[Reserved]
4. Subparts G through H are reserved.
Dated: March 20, 2002.
Tommy G. Thompson
Secretary.
[FR Doc. 02-13616 Filed 5-24-02; 4:50 pm]
BILLING CODE 4120-01-P