25320 Federal Register /Vol. 63, No. 88/Thursday, May 7 ... · the Department of Health and Human...

25320 Federal Register / Vol. 63, No. 88 / Thursday, May 7, 1998 / Proposed Rules

Hierarchical Level CodeHierarchical Parent ID NumberHierarchical Structure CodeHome Health Certification PeriodIdentification Code QualifierInformation Release CodeInsured IndicatorLast Admission DateLast Visit DateLevel of Service CodeMedicare Coverage IndicatorMonthly Treatment CountNature of Condition CodeNursing Home Residential Status CodeOriginator Application Transaction IdentifierOxygen Delivery System CodeOxygen Equipment Type CodeOxygen Flow RateOxygen Saturation QuantityOxygen Test Condition CodeOxygen Test Findings CodeOxygen Use Period Hour CountPatient Condition Description TextPatient Discharge Facility Type CodePatient Status CodePatient WeightPeriod CountPhysician Contact DatePhysician Order DatePortable Oxygen System Flow RatePrevious Certification IdentifierProcedure DateProcedure Monetary AmountProcedure QuantityProduct/Service ID QualifierProduct/Service Procedure Code TextProduct/Service Procedure CodePrognosis CodeProposed Admission DateProposed Discharge DateProposed Surgery DateProvider CodeProvider Contact NameProvider IdentifierProvider Service State CodeProvider Specialty Certification CodeProvider Specialty CodeQuantity QualifierRace or Ethnicity CodeReference Identification QualifierReject Reason CodeRelated-Causes CodeRelationship To Insured CodeRequest Category CodeRequester Address First Address LineRequester Address Second Address LineRequester City NameRequester Contact Communication NumberRequester Contact NameRequester Country CodeRequester First NameRequester IdentifierRequester Last or Organization NameRequester Middle NameRequester Name PrefixRequester Name SuffixRequester Postal CodeRequester State or Province CodeRequester Supplemental IdentifierRespiratory Therapist Order TextRound Trip Purpose Description TextSample Selection ModulusSecond Surgical Opinion IndicatorService Authorization DateService From DateService Provider City Name

Service Provider Contact CommunicationNumber

Service Provider Country CodeService Provider First Address LineService Provider First NameService Provider IdentifierService Provider Last or Organization NameService Provider Middle NameService Provider Name PrefixService Provider Name SuffixService Provider Postal CodeService Provider Second Address LineService Provider State or Province CodeService Provider Supplemental IdentifierService Trace NumberService Type CodeService Unit CountShip/Delivery or Calendar Pattern CodeState CodeStretcher Purpose Description TextSubluxation Level CodeSubscriber Additional IdentifierSubscriber Additional Information TextSubscriber Birth DateSubscriber Citizenship Country CodeSubscriber First NameSubscriber Gender CodeSubscriber IdentifierSubscriber Last NameSubscriber Marital Status CodeSubscriber Middle NameSubscriber Name PrefixSubscriber Name SuffixSubscriber Trace NumberSurgery DateSurgical Procedure CodeTime Period QualifierTrace Type CodeTransaction Segment CountTransaction Set Control NumberTransaction Set Identifier CodeTransaction Set Purpose CodeTransaction Type CodeTransport DistanceTreatment CountTreatment Period CountTreatment Series NumberUnit or Basis for Measurement CodeUtilization Management Organization (UMO)

or Last NameUtilization Management Organization (UMO)

First Address LineUtilization Management Organization (UMO)

First NameUtilization Management Organization (UMO)

Middle NameUtilization Management Organization (UMO)

Name PrefixUtilization Management Organization (UMO)

Name SuffixUtilization Management Organization (UMO)

Second Address LineUtilization Managment Organization (UMO)

City NameUtilization Managment Organization (UMO)

Contact Communication NumberUtilization Managment Organization (UMO)

Contact NameUtilization Managment Organization (UMO)

Country CodeUtilization Managment Organization (UMO)

IdentifierUtilization Managment Organization (UMO)

Postal CodeUtilization Managment Organization (UMO)

State or Province Code

Valid Request Indicator CodeVersion/Release/Industry IdentifierX-Ray Availability Indicator Code 1861J1

Facility Indicator

[FR Doc. 98–11691 Filed 5–1–98; 9:04 am]BILLING CODE 4120–01–P

DEPARTMENT OF HEALTH ANDHUMAN SERVICES

Office of the Secretary

45 CFR Part 142

[HCFA–0045-P]

RIN 0938–AH99

National Standard Health CareProvider Identifier

AGENCY: Health Care FinancingAdministration (HCFA), HHS.ACTION: Proposed rule.

SUMMARY: This rule proposes a standardfor a national health care provideridentifier and requirements concerningits use by health plans, health careclearinghouses, and health careproviders. The health plans, health careclearinghouses, and health careproviders would use the identifier,among other uses, in connection withcertain electronic transactions.

The use of this identifier wouldimprove the Medicare and Medicaidprograms, and other Federal healthprograms and private health programs,and the effectiveness and efficiency ofthe health care industry in general, bysimplifying the administration of thesystem and enabling the efficientelectronic transmission of certain healthinformation. It would implement someof the requirements of theAdministrative Simplification subtitleof the Health Insurance Portability andAccountability Act of 1996.DATES: Comments will be considered ifwe receive them at the appropriateaddress, as provided below, no laterthan 5 p.m. on July 6, 1998.ADDRESSES: Mail written comments (1original and 3 copies) to the followingaddress: Health Care FinancingAdministration, Department of Healthand Human Services, Attention: HCFA–0045-P, P.O. Box 26585, Baltimore, MD21207–0519.

If you prefer, you may deliver yourwritten comments (1 original and 3copies) to one of the followingaddresses:Room 309–G, Hubert H. Humphrey

Building, 200 Independence Avenue,SW., Washington, DC 20201, or

Room C5–09–26, 7500 SecurityBoulevard, Baltimore, MD 21244–1850.

25321Federal Register / Vol. 63, No. 88 / Thursday, May 7, 1998 / Proposed Rules

Comments may also be submittedelectronically to the following e-mailaddress: [email protected]. E-mailcomments should include the full name,postal address, and affiliation (ifapplicable) of the sender and must besubmitted to the referenced address tobe considered. All comments should beincorporated in the e-mail messagebecause we may not be able to accessattachments.

Because of staffing and resourcelimitations, we cannot accept commentsby facsimile (FAX) transmission. Incommenting, please refer to file codeHCFA–0045–P and the specific sectionor sections of the proposed rule. Bothelectronic and written commentsreceived by the time and date indicatedabove will be available for publicinspection as they are received,generally beginning approximately 3weeks after publication of a document,in Room 309–G of the Department’soffices at 200 Independence Avenue,SW., Washington, DC, on Mondaythrough Friday of each week from 8:30a.m. to 5 p.m. (phone: (202) 690–7890).Electronic and legible written commentswill also be posted, along with thisproposed rule, at the following web site:http://aspe.os.dhhs.gov/admnsimp/.

Copies: To order copies of the FederalRegister containing this document, sendyour request to: New Orders,Superintendent of Documents, P.O. Box371954, Pittsburgh, PA 15250–7954.Specify the date of the issue requestedand enclose a check or money orderpayable to the Superintendent ofDocuments, or enclose your Visa orMaster Card number and expirationdate. Credit card orders can also beplaced by calling the order desk at (202)512–1800 or by faxing to (202) 512–2250. The cost for each copy is $8. Asan alternative, you can view andphotocopy the Federal Registerdocument at most libraries designatedas Federal Depository Libraries and atmany other public and academiclibraries throughout the country thatreceive the Federal Register.

This Federal Register document isalso available from the Federal Registeronline database through GPO Access, aservice of the U.S. Government PrintingOffice. Free public access is available ona Wide Area Information Server (WAIS)through the Internet and viaasynchronous dial-in. Internet users canaccess the database by using the WorldWide Web; the Superintendent ofDocuments home page address is http://www.access.gpo.gov/suldocs/, byusing local WAIS client software, or bytelnet to swais.access.gpo.gov, thenlogin as guest (no password required).Dial-in users should use

communications software and modemto call 202–512–1661; type swais, thenlogin as guest (no password required).FOR FURTHER INFORMATION CONTACT:Patricia Peyton, (410) 786–1812.SUPPLEMENTARY INFORMATION:

I. Background

[Please label written and e-mailed commentsabout this section with the subject:Background.]

In order to administer their programs,the Department of Health and HumanServices, other Federal agencies, StateMedicaid agencies, and private healthplans assign identification numbers tothe providers of health care services andsupplies with which they transactbusiness. These various agencies andhealth plans, all of which we will referto as health plans in this proposed rule,routinely, and independently of eachother, assign identifiers to health careproviders for program management andoperations purposes. The identifiers arefrequently not standardized within asingle health plan or across plans. Thislack of uniformity results in a singlehealth care provider having differentnumbers for each program and oftenmultiple billing numbers issued withinthe same program, significantlycomplicating providers’ claimssubmission processes. In addition,nonstandard enumeration contributes tothe unintentional issuance of the sameidentification number to different healthcare providers.

Most health plans have to be able tocoordinate benefits with other healthplans to ensure appropriate payment.The lack of a single and uniqueidentifier for each health care providerwithin each health plan and acrosshealth plans, based on the same coredata, makes exchanging data bothexpensive and difficult.

All of these factors indicate thecomplexities of exchanging informationon health care providers within andamong organizations and result inincreasing numbers of claims-relatedproblems and increasing costs of dataprocessing. As we become moredependent on data automation andproceed in planning for health care inthe future, the need for a universal,standard health care provider identifierbecomes more and more evident.

In addition to overcomingcommunication and coordinationdifficulties, use of a standard, uniqueprovider identifier would enhance ourability to eliminate fraud and abuse inhealth care programs.

• Payments for excessive orfraudulent claims can be reduced bystandardizing enumeration, which

would facilitate sharing informationacross programs or across different partsof the same program.

• A health care provider’s identifierwould not change with moves orchanges in specialty. This facilitatestracking of fraudulent health careproviders over time and acrossgeographic areas.

• A health care provider wouldreceive only one identifier and wouldnot be able to receive duplicatepayments from a program by submittingclaims under multiple provideridentifiers.

• A standard identifier wouldfacilitate access to sanction information.

A. National Provider Identifier InitiativeIn July 1993, the Health Care

Financing Administration (HCFA)undertook a project to develop aprovider identification system to meetMedicare and Medicaid needs andultimately a national identificationsystem for all health care providers tomeet the needs of other users andprograms. Representatives from theprivate sector and Federal and Stateagencies were invited to participate.Active participants included:

• Department of Defense, Office ofCivilian Health and Medical Program ofthe Uniformed Services.

• Assistant Secretary for Planningand Evaluation, HHS.

• Department of Labor.• Department of Veterans Affairs.• Office of Personnel Management.• Public Health Service, HHS.• Drug Enforcement Administration• State Medicaid agencies and health

departments including those ofAlabama, California, Maryland,Minnesota and Virginia.

• Medicare carriers and fiscalintermediaries.

• Professional and medicalassociations, including the NationalCouncil for Prescription Drug Programs.

One of the group’s first tasks was todecide whether to use an existingidentifier or to develop a new one. Theybegan by adopting criteriarecommended for a unique provideridentifier by the Workgroup forElectronic Data Interchange (WEDI),Technical Advisory Group in October1993, and recommended by theAmerican National Standards Institute(ANSI), Healthcare InformaticsStandards Planning Panel, Task Groupon Provider Identifiers in February1994. The workgroup then examinedexisting identifiers and concluded thatno existing identifier met all the criteriathat had been recommended by theWEDI and ANSI workgroups.

Because of the limitations of existingidentifiers, the workgroup designed a


new identifier that would be in thepublic domain and that wouldincorporate the recommendations of theWEDI and ANSI workgroups. Thisidentifier, which we call the nationalprovider identifier, or NPI, is an 8-position alphanumeric identifier.

B. The Results of the NPI Initiative

As a result of the project on the NPI,and before legislation required the useof the standard identifier for all healthcare providers (see section I.C.Legislation, below), HCFA and otherparticipants accepted the workgroup’srecommendation, and HCFA decidedthat this new identifier would beimplemented in the Medicare program.HCFA began work on developing anational provider system (NPS) thatwould contain provider data and beequipped with the technology necessaryto maintain and manage the data. Plansfor the NPS included assigning the NPIand storing the data necessary toidentify each health care provideruniquely. The NPI was designed to haveno embedded intelligence. (That is,information about the health careprovider, such as the type of health careprovider or State where the health careprovider is located, would not beconveyed by the NPI. This informationwas to have been recorded by the NPSin each health care provider’s record butwould not be part of the identifier.)

The NPS was designed so that it couldalso be used by other Federal and Stateagencies and private health plans toenumerate their health care providersthat do not participate in Medicare.

C. Legislation

The Congress included provisions toaddress the need for a standardidentifier and other administrativesimplification issues in the HealthInsurance Portability andAccountability Act of 1996 (HIPAA),Public Law 104–191, which was enactedon August 21, 1996. Through subtitle Fof title II of that law, the Congress addedto title XI of the Social Security Act anew part C, entitled ‘‘AdministrativeSimplification.’’ (Public Law 104–191affects several titles in the United StatesCode. Hereafter, we refer to the SocialSecurity Act as the Act; we refer to theother laws cited in this document bytheir names.) The purpose of this part isto improve the Medicare and Medicaidprograms in particular and theefficiency and effectiveness of thehealth care system in general byencouraging the development of ahealth information system through theestablishment of standards andrequirements to facilitate the electronic

transmission of certain healthinformation.

Part C of title XI consists of sections1171 through 1179 of the Act. Thesesections define various terms andimpose several requirements on HHS,health plans, health care clearinghouses,and certain health care providersconcerning electronic transmission ofhealth information.

The first section, section 1171 of theAct, establishes definitions for purposesof part C of title XI for the followingterms: code set, health careclearinghouse, health care provider,health information, health plan,individually identifiable healthinformation, standard, and standardsetting organization.

Section 1172 of the Act makes anystandard adopted under part Capplicable to (1) all health plans, (2) allhealth care clearinghouses, and (3) anyhealth care providers that transmit anyhealth information in electronic form inconnection with the transactionsreferred to in section 1173(a)(1) of theAct.

This section also containsrequirements concerning standardsetting.

• The Secretary may adopt a standarddeveloped, adopted, or modified by astandard setting organization (that is, anorganization accredited by the AmericanNational Standards Institute (ANSI))that has consulted with the NationalUniform Billing Committee (NUBC), theNational Uniform Claim Committee(NUCC), WEDI, and the AmericanDental Association (ADA).

• The Secretary may also adopt astandard other than one established bya standard setting organization, if thedifferent standard will reduce costs forhealth care providers and health plans,the different standard is promulgatedthrough negotiated rulemakingprocedures, and the Secretary consultswith each of the above-named groups.

• If no standard has been adopted byany standard setting organization, theSecretary is to rely on therecommendations of the NationalCommittee on Vital and HealthStatistics (NCVHS) and consult witheach of the above-named groups.

In complying with the requirementsof part C of title XI, the Secretary mustrely on the recommendations of theNCVHS, consult with appropriate State,Federal, and private agencies ororganizations, and publish therecommendations of the NCVHS in theFederal Register.

Paragraph (a) of section 1173 of theAct requires that the Secretary adoptstandards for financial andadministrative transactions, and data

elements for those transactions, toenable health information to beexchanged electronically. Standards arerequired for the following transactions:health claims, health encounterinformation, health claims attachments,health plan enrollments anddisenrollments, health plan eligibility,health care payment and remittanceadvice, health plan premium payments,first report of injury, health claim status,and referral certification andauthorization. In addition, the Secretaryis required to adopt standards for anyother financial and administrativetransactions that are determined to beappropriate by the Secretary.

Paragraph (b) of section 1173 of theAct requires the Secretary to adoptstandards for unique health identifiersfor all individuals, employers, healthplans, and health care providers andrequires further that the adoptedstandards specify for what purposesunique health identifiers may be used.

Paragraphs (c) through (f) of section1173 of the Act require the Secretary toestablish standards for code sets foreach data element for each health caretransaction listed above, securitystandards for health care informationsystems, standards for electronicsignatures (established together with theSecretary of Commerce), and standardsfor the transmission of data elementsneeded for the coordination of benefitsand sequential processing of claims.Compliance with electronic signaturestandards will be deemed to satisfy bothState and Federal requirements forwritten signatures with respect to thetransactions listed in paragraph (a) ofsection 1173 of the Act.

In section 1174 of the Act, theSecretary is required to adopt standardsfor all of the above transactions, exceptclaims attachments, within 18 monthsof enactment. The standards for claimsattachments must be adopted within 30months of enactment. Generally, after astandard is established it cannot bechanged during the first year except forchanges that are necessary to permitcompliance with the standard.Modifications to any of these standardsmay be made after the first year, but notmore frequently than once every 12months. The Secretary must also ensurethat procedures exist for the routinemaintenance, testing, enhancement, andexpansion of code sets and that there arecrosswalks from prior versions.

Section 1175 of the Act prohibitshealth plans from refusing to process ordelaying the processing of a transactionthat is presented in standard format.The Act’s requirements are not limitedto health plans; however, each person towhom a standard or implementation


specification applies is required tocomply with the standard within 24months (or 36 months for small healthplans) of its adoption. A health plan orother entity may, of course, complyvoluntarily before the effective date.Entities may comply by using a healthcare clearinghouse to transmit or receivethe standard transactions. Compliancewith modifications and implementationspecifications to standards must beaccomplished by a date designated bythe Secretary. This date may not beearlier than 180 days after the notice ofchange.

Section 1176 of the Act establishes acivil monetary penalty for violation ofthe provisions in part C of title XI of theAct, subject to several limitations. TheSecretary is required by statute toimpose penalties of not more than $100per violation on any person who fails tocomply with a standard, except that thetotal amount imposed on any oneperson in each calendar year may notexceed $25,000 for violations of onerequirement. The procedural provisionsin section 1128A of the Act, ‘‘CivilMonetary Penalties,’’ are applicable.

Section 1177 of the Act establishespenalties for a knowing misuse ofunique health identifiers andindividually identifiable healthinformation: (1) A fine of not more than$50,000 and/or imprisonment of notmore than 1 year; (2) if misuse is ‘‘underfalse pretenses,’’ a fine of not more than$100,000 and/or imprisonment of notmore than 5 years; and (3) if misuse iswith intent to sell, transfer, or useindividually identifiable healthinformation for commercial advantage,personal gain, or malicious harm, a fineof not more than $250,000 and/orimprisonment of not more than 10years.

Under section 1178 of the Act, theprovisions of part C of title XI of theAct, as well as any standardsestablished under them, supersede anyState law that is contrary to them.However, the Secretary may, forstatutorily specified reasons, waive thisprovision.

Finally, section 1179 of the Act makesthe above provisions inapplicable tofinancial institutions or anyone actingon behalf of a financial institution when‘‘authorizing, processing, clearing,settling, billing, transferring,reconciling, or collecting payments for afinancial institution.’’

(Concerning this last provision, theconference report, in its discussion onsection 1178, states:

‘‘The conferees do not intend to excludethe activities of financial institutions or theircontractors from compliance with thestandards adopted under this part if such

activities would be subject to this part.However, conferees intend that this part doesnot apply to use or disclosure of informationwhen an individual utilizes a paymentsystem to make a payment for, or related to,health plan premiums or health care. Forexample, the exchange of informationbetween participants in a credit card systemin connection with processing a credit cardpayment for health care would not becovered by this part. Similarly sending achecking account statement to an accountholder who uses a credit or debit card to payfor health care services, would not becovered by this part. However, this part doesapply if a company clears health care claims,the health care claims activities remainsubject to the requirements of this part.’’)(H.R. Rep. No. 736, 104th Cong., 2nd Sess.268–269 (1996))

D. Process for Developing NationalStandards

The Secretary has formulated a 5-partstrategy for developing andimplementing the standards mandatedunder Part C of title XI of the Act:

1. To ensure necessary interagencycoordination and required interactionwith other Federal departments and theprivate sector, establishinterdepartmental implementationteams to identify and assess potentialstandards for adoption. The subjectmatter of the teams includes claims/encounters, identifiers, enrollment/eligibility, systems security, andmedical coding/classification. Anotherteam addresses cross-cutting issues andcoordinates the subject matter teams.The teams consult with external groupssuch as the NCVHS’ Workgroup on DataStandards, WEDI, ANSI’s HealthInformatics Standards Board, the NUCC,the NUBC, and the ADA. The teams arecharged with developing regulationsand other necessary documents andmaking recommendations for thevarious standards to the HHS’ DataCouncil through its Committee onHealth Data Standards. (The HHS DataCouncil is the focal point forconsideration of data policy issues. Itreports directly to the Secretary andadvises the Secretary on data standardsand privacy issues.)

2. Develop recommendations forstandards to be adopted.

3. Publish proposed rules in theFederal Register describing thestandards. Each proposed rule providesthe public with a 60-day commentperiod.

4. Analyze public comments andpublish the final rules in the FederalRegister.

5. Distribute standards and coordinatepreparation and distribution ofimplementation guides.

This strategy affords manyopportunities for involvement of

interested and affected parties instandards development and adoption:

• Participate with standardsdevelopment organizations.

• Provide written input to theNCVHS.

• Provide written input to theSecretary of HHS.

• Provide testimony at NCVHS’public meetings.

• Comment on the proposed rules foreach of the proposed standards.

• Invite HHS staff to meetings withpublic and private sector organizationsor meet directly with senior HHS staffinvolved in the implementation process.

The implementation teams chargedwith reviewing standards fordesignation as required nationalstandards under the statute havedefined, with significant input from thehealth care industry, a set of principlesfor guiding choices for the standards tobe adopted by the Secretary. Theseprinciples are based on directspecifications in HIPAA and thepurpose of the law, principles that areconsistent with the regulatoryphilosophy set forth in Executive Order12866 and the Paperwork Reduction Actof 1995. To be designated as a HIPAAstandard, each standard should:

1. Improve the efficiency andeffectiveness of the health care systemby leading to cost reductions for orimprovements in benefits fromelectronic health care transactions.

2. Meet the needs of the health datastandards user community, particularlyhealth care providers, health plans, andhealth care clearinghouses.

3. Be consistent and uniform with theother HIPAA standards—their dataelement definitions and codes and theirprivacy and security requirements—and, secondarily, with other private andpublic sector health data standards.

4. Have low additional developmentand implementation costs relative to thebenefits of using the standard.

5. Be supported by an ANSI-accredited standards developingorganization or other private or publicorganization that will ensure continuityand efficient updating of the standardover time.

6. Have timely development, testing,implementation, and updatingprocedures to achieve administrativesimplification benefits faster.

7. Be technologically independent ofthe computer platforms andtransmission protocols used inelectronic transactions, except whenthey are explicitly part of the standard.

8. Be precise and unambiguous, but assimple as possible.

9. Keep data collection andpaperwork burdens on users as low asis feasible.


10. Incorporate flexibility to adaptmore easily to changes in the health careinfrastructure (such as new services,organizations, and provider types) andinformation technology.

A master data dictionary providing forcommon data definitions across thestandards selected for implementationunder HIPAA will be developed andmaintained. We intend for the dataelement definitions to be precise,unambiguous, and consistently applied.The transaction-specific reports andgeneral reports from the master datadictionary will be readily available tothe public. At a minimum, theinformation presented will include dataelement names, definitions, andappropriate references to thetransactions where they are used.

This proposed rule would establishthe standard health care provideridentifier and is the first proposedstandard under HIPAA. The remainingstandards will be grouped, to the extentpossible, by subject matter and audiencein future regulations. We anticipatepublishing several more separatedocuments to promulgate the remainingstandards required under HIPAA.

II. Provisions of the ProposedRegulations

[Please label written and e-mailed commentsabout this section with the subject:Provisions.]

In this proposed rule, we propose astandard health care provider identifierand requirements concerning itsimplementation. This rule wouldestablish requirements that health plans,health care providers, and health careclearinghouses would have to meet tocomply with the statutory requirementto use a unique identifier in electronictransactions.

We propose to add a new part to title45 of the Code of Federal Regulationsfor health plans, health care providers,and health care clearinghouses ingeneral. The new part would be part 142of title 45 and would be titled‘‘Administrative Requirements.’’Subpart D would contain provisionsspecific to the NPI.

A. ApplicabilitySection 262 of HIPAA applies to all

health plans, all health careclearinghouses, and any health careproviders that transmit any healthinformation in electronic form inconnection with transactions referred toin section 1173(a)(1) of the Act. Ourproposed rules (at 45 CFR 142.102)would apply to the health plans andhealth care clearinghouses as well, butwe would clarify the statutory languagein our regulations for health care

providers: we would have theregulations apply to any health careprovider only when electronicallytransmitting any of the transactions towhich section 1173(a)(1) of the Actrefers.

Electronic transmissions wouldinclude transmissions using all media,even when the transmission isphysically moved from one location toanother using magnetic tape, disk, or CDmedia. Transmissions over the Internet(wide-open), Extranet (using Internettechnology to link a business withinformation only accessible tocollaborating parties), leased lines, dial-up lines, and private networks are allincluded. Telephone voice response and‘‘faxback’’ systems would not beincluded. The ‘‘HTML’’ interactionbetween a server and a browser bywhich the elements of a transaction aresolicited from a user would not beincluded, but once assembled into atransaction by the server, transmissionof the full transaction to anothercorporate entity, such as a health plan,would be required to comply.

Our regulations would apply to healthcare clearinghouses when transmittingtransactions to, and receivingtransactions from, a health care provideror health plan that transmits andreceives standard transactions (asdefined under ‘‘transaction’’) and at alltimes when transmitting to or receivingelectronic transactions from anotherhealth care clearinghouse. The lawwould apply to each health careprovider when transmitting or receivingany electronic transaction.

The law applies to health plans for alltransactions.

Section 142.104 would contain thefollowing provisions (from section 1175of the Act):

If a person desires to conduct atransaction (as defined in § 142.103)with a health plan as a standardtransaction, the following apply:

(1) The health plan may not refuse toconduct the transaction as a standardtransaction.

(2) The health plan may not delay thetransaction or otherwise adverselyaffect, or attempt to adversely affect, theperson or the transaction on the groundthat the transaction is a standardtransaction.

(3) The information transmitted andreceived in connection with thetransaction must be in the form ofstandard data elements of healthinformation.

As a further requirement, we wouldrequire that a health plan that conductstransactions through an agent assurethat the agent meets all the requirementsof part 142 that apply to the health plan.

Section 142.105 would state that aperson or other entity may meet therequirements of § 142.104 by either—

(1) Transmitting and receivingstandard data elements, or

(2) Submitting nonstandard dataelements to a health care clearinghousefor processing into standard dataelements and transmission by the healthcare clearinghouse and receivingstandard data elements through theclearinghouse.

Health care clearinghouses would beable to accept nonstandard transactionsfor the sole purpose of translating theminto standard transactions for sendingcustomers and would be able to acceptstandard transactions and translate theminto nonstandard formats for receivingcustomers. We would state in § 142.105that the transmission of nonstandardtransactions, under contract, between ahealth plan or a health care providerand a health care clearinghouse wouldnot violate the law.

Transmissions within a corporateentity would not be required to complywith the standards. A hospital that iswholly owned by a managed carecompany would not have to use thestandards to pass encounter informationback to the home office, but it wouldhave to use the standard claimstransaction to submit a claim to anotherhealth plan. Another example might betransactions within Federal agenciesand their contractors and between Stateagencies within the same State. Forexample, Medicare enters into contractswith insurance companies and commonworking file sites that process Medicareclaims using government furnishedsoftware. There is constantcommunication, on a private network,between HCFA Central Office and theMedicare carriers, intermediaries andcommon working file sites. Thiscommunication may continue innonstandard mode. However, thesecontractors must comply with thestandards when exchanging any of thetransactions covered by HIPAA with anentity outside these ‘‘corporate’’boundaries.

B. DefinitionsSection 1171 of the Act defines

several terms and our proposed ruleswould, for the most part, simply restatethe law. The terms that we are definingin this proposed rule follow:

1. Code set.We would define ‘‘code set’’ as

section 1171(1) of the Act does: ‘‘codeset’’ means any set of codes used forencoding data elements, such as tablesof terms, medical concepts, medicaldiagnostic codes, or medical procedurecodes.


2. Health care clearinghouse.We would define ‘‘health care

clearinghouse’’ as section 1171(2) of theAct does, but we are adding a further,clarifying sentence. The statute definesa ‘‘health care clearinghouse’’ as apublic or private entity that processes orfacilitates the processing of nonstandarddata elements of health information intostandard data elements. We wouldfurther explain that such an entity isone that currently receives health caretransactions from health care providersand other entities, translates the datafrom a given format into one acceptableto the intended recipient and forwardsthe processed transaction to appropriatehealth plans and other clearinghouses,as necessary, for further action.

There are currently a number ofprivate clearinghouses that performthese functions for health careproviders. For purposes of this rule, wewould consider billing services,repricing companies, community healthmanagement information systems orcommunity health information systems,value-added networks, and switchesperforming these functions to be healthcare clearinghouses.

3. Health care provider.As defined by section 1171(3) of the

Act, a ‘‘health care provider’’ is aprovider of services as defined insection 1861(u) of the Act, a provider ofmedical or other health services asdefined in section 1861(s) of the Act,and any other person who furnisheshealth care services or supplies. Ourregulations would define ‘‘health careprovider’’ as the statute does and clarifythat the definition of a health careprovider is limited to those entities thatfurnish, or bill and are paid for, healthcare services in the normal course ofbusiness.

The statutory definition of a healthcare provider is broad. Section 1861(u)contains the Medicare definition of aprovider, which encompassesinstitutional providers such ashospitals, skilled nursing facilities,home health agencies, andcomprehensive outpatient rehabilitationfacilities. Section 1861(s) defines otherMedicare facilities and practitioners,including assorted clinics and centers,physicians, clinical laboratories, variouslicensed/certified health carepractitioners, and suppliers of durablemedical equipment. The last portion ofthe definition encompasses anyappropriately licensed or certifiedhealth care practitioners ororganizations, including pharmaciesand nursing homes and many types oftherapists, technicians, and aides. It alsoincludes any other individual ororganization that furnishes health care

services or supplies. We believe that anindividual or organization that bills andis paid for health care services orsupplies is also a health care providerfor purposes of the statute.

Section 1173(b)(1) of the Act requiresthe Secretary to adopt standards forunique identifiers for all health careproviders. The definition of a ‘‘healthcare provider’’ at section 1171(3)includes all Medicare providers and‘‘any other person furnishing health careservices and supplies.’’ These twoprovisions require that provideridentifiers may not be limited to onlythose health care providers that billelectronically or those that bill in theirown right. Instead provider identifierswill eventually be available to all thosethat provide health services. Penaltiesfor failure to use the correct identifiers,however, are limited to those that fail touse the identifiers or other standards inthe nine designated electronictransactions. As we discuss under alater section in this preamble, III.Implementation of the NPI, we do notexpect to be able to assign identifiersimmediately to all health care providersthat do not participate in electronictransactions.

Our proposed definition of a healthcare provider would not include healthindustry workers who support theprovision of health care but who do notprovide health services, such asadmissions and billing personnel,housekeeping staff, and orderlies.

We describe two alternatives fordefining general categories of healthcare providers for enumerationpurposes. In the first, we wouldcategorize health care providers asindividuals, organizations, or groups. Inthe second, we would categorize healthcare providers as individuals ororganizations, which would includegroups. The data to be collected for eachcategory of health care provider aredescribed in the preamble in section IV.B. Data Elements. We welcome yourcomments on whether group providersneed to be distinguished fromorganization providers.

Individuals are treated differentlythan organizations and groups becausethe data available to search forduplicates (for example, date and placeof birth) are different. Organizations andgroups may need to be treateddifferently from each other because it ispossible that a group is not specificallylicensed or certified to provide healthcare, whereas an organization usually is.It may, therefore, be important to be ableto link the individual members to thegroup. It would not be possible todistinguish one category from anotherby looking at the NPI. The NPS would

contain the kinds of data necessary toadequately categorize each health careprovider.

The categories are described asfollows:

Individual—A human being who islicensed, certified or otherwiseauthorized to perform medical servicesor provide medical care, equipmentand/or supplies in the normal course ofbusiness. Examples of individuals arephysicians, nurses, dentists,pharmacists, and physical therapists.

Organization—An entity, other thanan individual, that is licensed, certifiedor otherwise authorized to providemedical services, care, equipment orsupplies in the normal course ofbusiness. The licensure, certification, orother recognition is granted to theorganization entity. Individual owners,managers, or employees of theorganization may also be certified,licensed, or otherwise recognized asindividual health care providers in theirown right. Each separate physicallocation of an organization, eachmember of an organization chain, andeach subpart of an organization thatneeds to be identified would receive itsown NPI. NPIs of organization providerswould not be linked within the NPS toNPIs of other health care providers.Examples of organizations are hospitals,laboratories, ambulance companies,health maintenance organizations, andpharmacies.

In the first alternative for categorizinghealth care providers, as describedabove, we would distinguish a groupfrom an organization. We would definea group as follows:

Group—An entity composed of one ormore individuals (as defined above),generally created to provide coverage ofpatients’ needs in terms of office hours,professional backup and support, orrange of services resulting in specificbilling or payment arrangements. It ispossible that the group itself is notlicensed or certified, but theindividual(s) who compose the groupare licensed, certified or otherwiseauthorized to provide health careservices. The NPIs of the groupmember(s) would be linked within theNPS to the NPI of the group. Anindividual can be a member of multiplegroups. Examples of groups are (1) twophysicians practicing as a group wherethey bill and receive payment for theirservices as a group and (2) anincorporated individual billing andreceiving payment as a corporation.

The ownership of a group ororganization can change if it is sold,consolidated, or merged, or if controlchanges due to stock acquisition. Inmany cases, the nature of the provider


itself (for example, its location, staff ortypes of services provided) is notaffected. In general, the NPI of theprovider should not change in thesesituations unless the change ofownership affects the nature of theprovider. (Example: If a hospital isacquired and then converted to arehabilitation center, it would need toobtain a new NPI.) There may also becircumstances where a new NPI shouldbe issued. (Example: a physicians’ grouppractice operating as a partnershipdissolves that partnership and anotherpartnership of physicians acquires andoperates the practice.) We solicitcomments on rules to be applied.

We discuss the enumeration of healthcare providers in more detail, in III.Implementation of the NPI, later in thispreamble.

4. Health information.‘‘Health information,’’ as defined in

section 1171 of the Act, means anyinformation, whether oral or recorded inany form or medium, that—

• Is created or received by a healthcare provider, health plan, public healthauthority, employer, life insurer, schoolor university, or health careclearinghouse; and

• Relates to the past, present, orfuture physical or mental health orcondition of an individual; theprovision of health care to anindividual; or the past, present, orfuture payment for the provision ofhealth care to an individual.

We propose the same definition forour regulations.

5. Health plan.We propose that a ‘‘health plan’’ be

defined essentially as section 1171 ofthe Act defines it. Section 1171 of theAct cross refers to definitions in section2791 of the Public Health Service Act(as added by Public Law 104–191, 42U.S.C. 300gg-91); we would incorporatethose definitions as currently stated intoour proposed definitions for theconvenience of the public. We note thatmany of these terms are defined in otherstatutes, such as the EmployeeRetirement Income Security Act of 1974(ERISA), Public Law 93–406, 29 U.S.C.1002(7) and the Public Health ServiceAct. Our definitions are based on theroles of plans in conductingadministrative transactions, and anydifferences should not be construed toaffect other statutes.

For purposes of implementing theprovisions of administrativesimplification, a ‘‘health plan’’ would bean individual or group health plan thatprovides, or pays the cost of, medicalcare. This definition includes, but is notlimited to, the 13 types of plans listedin the statute. On the other hand, plans

such as property and casualty insuranceplans and workers compensation plans,which may pay health care costs in thecourse of administering nonhealth carebenefits, are not considered to be healthplans in the proposed definition ofhealth plan. Of course, these plans mayvoluntarily adopt these standards fortheir own business needs. At somefuture time, the Congress may choose toexpressly include some or all of theseplans in the list of health plans thatmust comply with the standards.

Health plans often carry out theirbusiness functions through agents, suchas plan administrators (including thirdparty administrators), entities that areunder ‘‘administrative services only’’(ASO) contracts, claims processors, andfiscal agents. These agents may or maynot be health plans in their own right;for example, a health plan may act asanother health plan’s agent as anotherline of business. As stated earlier, ahealth plan that conducts HIPAAtransactions through an agent isrequired to assure that the agent meetsall HIPAA requirements that apply tothe plan itself.

‘‘Health plan’’ includes the following,singly or in combination:

a. ‘‘Group health plan’’ (as currentlydefined by section 2791(a) of the PublicHealth Service Act). A group healthplan is a plan that has 50 or moreparticipants (as the term ‘‘participant’’ iscurrently defined by section 3(7) ofERISA) or is administered by an entityother than the employer that establishedand maintains the plan. This definitionincludes both insured and self-insuredplans. We define ‘‘participant’’separately below.

Section 2791(a)(1) of the PublicHealth Service Act defines ‘‘grouphealth plan’’ as an employee welfarebenefit plan (as currently defined insection 3(1) of ERISA) to the extent thatthe plan provides medical care,including items and services paid for asmedical care, to employees or theirdependents directly or throughinsurance, or otherwise.

It should be noted that group healthplans that have fewer than 50participants and that are administeredby the employer would be excludedfrom this definition and would not besubject to the administrativesimplification provisions of HIPAA.

b. ‘‘Health insurance issuer’’ (ascurrently defined by section 2791(b) ofthe Public Health Service Act).

Section 2791(b)(2) of the PublicHealth Service Act currently defines a‘‘health insurance issuer’’ as aninsurance company, insurance service,or insurance organization that islicensed to engage in the business of

insurance in a State and is subject toState law that regulates insurance.

c. ‘‘Health maintenance organization’’(as currently defined by section 2791(b)of the Public Health Service Act).

Section 2791(b) of the Public HealthService Act currently defines a ‘‘healthmaintenance organization’’ as aFederally qualified health maintenanceorganization, an organization recognizedas such under State law, or a similarorganization regulated for solvencyunder State law in the same manner andto the same extent as such a healthmaintenance organization. Theseorganizations may include preferredprovider organizations, providersponsored organizations, independentpractice associations, competitivemedical plans, exclusive providerorganizations, and foundations formedical care.

d. Part A or Part B of the Medicareprogram (title XVIII of the Act).

e. The Medicaid program (title XIX ofthe Act).

f. A ‘‘Medicare supplemental policy’’as defined under section 1882(g)(1) ofthe Act.

Section 1882(g)(1) of the Act definesa ‘‘Medicare supplemental policy’’ as ahealth insurance policy that a privateentity offers a Medicare beneficiary toprovide payment for expenses incurredfor services and items that are notreimbursed by Medicare because ofdeductible, coinsurance, or otherlimitations under Medicare. Thestatutory definition of a Medicaresupplemental policy excludes a numberof plans that are generally considered tobe Medicare supplemental plans, suchas health plans for employees andformer employees and for members andformer members of trade associationsand unions. A number of these healthplans may be included under thedefinitions of ‘‘group health plan’’ or‘‘health insurance issuer’’, as defined ina. and b. above.

g. A ‘‘long-term care policy,’’including a nursing home fixed-indemnity policy. A ‘‘long-term carepolicy’’ is considered to be a health planregardless of how comprehensive it is.We recognize the long-term careinsurance segment of the industry islargely unautomated and we welcomecomments regarding the impact ofHIPAA on the long-term care segment.

h. An employee welfare benefit planor any other arrangement that isestablished or maintained for thepurpose of offering or providing healthbenefits to the employees of two or moreemployers. This includes plans andother arrangements that are referred toas multiple employer welfare


arrangements (‘‘MEWAs’’) as defined insection 3(40) of ERISA.

i. The health care program for activemilitary personnel under title 10 of theUnited States Code.

j. The veterans health care programunder chapter 17 of title 38 of theUnited States Code.

This health plan primarily furnishesmedical care through hospitals andclinics administered by the Departmentof Veterans Affairs for veterans with aservice-connected disability that iscompensable. Veterans with non-service-connected disabilities (and noother health benefit plan) may receivehealth care under this health plan to theextent resources and facilities areavailable.

k. The Civilian Health and MedicalProgram of the Uniformed Services(CHAMPUS), as defined in 10 U.S.C.1072(4).

CHAMPUS primarily covers servicesfurnished by civilian medical providersto dependents of active duty members ofthe uniformed services and retirees andtheir dependents under age 65.

l. The Indian Health Service programunder the Indian Health CareImprovement Act (25 U.S.C. 1601 etseq.).

This program furnishes services,generally through its own health careproviders, primarily to persons who areeligible to receive services because theyare of American Indian or AlaskanNative descent.

m. The Federal Employees HealthBenefits Program under 5 U.S.C. chapter89.

This program consists of healthinsurance plans offered to active andretired Federal employees and theirdependents. Depending on the healthplan, the services may be furnished ona fee-for-service basis or through ahealth maintenance organization.

(Note: Although section 1171(5)(M) ofthe Act refers to the ‘‘Federal EmployeesHealth Benefit Plan,’’ this and any otherrules adopting administrativesimplification standards will use thecorrect name, the Federal EmployeesHealth Benefits Program. One healthplan does not cover all Federalemployees; there are over 350 healthplans that provide health benefitscoverage to Federal employees, retirees,and their eligible family members.Therefore, we will use the correct name,the Federal Employees Health BenefitsProgram, to make clear that theadministrative simplification standardsapply to all health plans that participatein the Program.)

n. Any other individual or grouphealth plan, or combination thereof, that

provides or pays for the cost of medicalcare.

We would include a fourteenthcategory of health plan in addition tothose specifically named in HIPAA, asthere are health plans that do notreadily fit into the other categories butwhose major purpose is providinghealth benefits. The Secretary woulddetermine which of these plans arehealth plans for purposes of title II ofHIPAA. This category would includethe Medicare Plus Choice plans that willbecome available as a result of section1855 of the Act as amended by section4001 of the Balanced Budget Act of 1997(Public Law 105–33) to the extent thatthese health plans do not fall under anyother category.

6. Medical care.‘‘Medical care,’’ which is used in the

definition of health plan, would bedefined as current section 2791 of thePublic Health Service Act defines it: thediagnosis, cure, mitigation, treatment, orprevention of disease, or amounts paidfor the purpose of affecting any bodystructure or function of the body;amounts paid for transportationprimarily for and essential to theseitems; and amounts paid for insurancecovering the items and thetransportation specified in thisdefinition.

7. Participant.We would define the term

‘‘participant’’ as section 3(7) of ERISAcurrently defines it: a ‘‘participant’’ isany employee or former employee of anemployer, or any member or formermember of an employee organization,who is or may become eligible to receivea benefit of any type from an employeebenefit plan that covers employees ofsuch an employer or members of suchorganizations, or whose beneficiariesmay be eligible to receive any suchbenefits. An ‘‘employee’’ would includean individual who is treated as anemployee under section 401(c)(1) of theInternal Revenue Code of 1986 (26U.S.C. 401(c)(1)).

8. Small health plan.We would define a ‘‘small health

plan’’ as a group health plan with fewerthan 50 participants.

The HIPAA does not define a ‘‘smallhealth plan’’ but instead leaves thedefinition to be determined by theSecretary. The Conference Reportsuggests that the appropriate definitionof a ‘‘small health plan’’ is found incurrent section 2791(a) of the PublicHealth Service Act, which is a grouphealth plan with fewer than 50participants. We would also definesmall individual health plans as thosewith fewer than 50 participants.

9. Standard.

Section 1171 of the Act defines‘‘standard,’’ when used with referenceto a data element of health informationor a transaction referred to in section1173(a)(1) of the Act, as any such dataelement or transaction that meets eachof the standards and implementationspecifications adopted or established bythe Secretary with respect to the dataelement or transaction under sections1172 through 1174 of the Act.

Under our definition, a standardwould be a set of rules for a set of codes,data elements, transactions, oridentifiers promulgated either by anorganization accredited by the AmericanNational Standards Institute or HHS forthe electronic transmission of healthinformation.

10. Transaction.‘‘Transaction’’ would mean the

exchange of information between twoparties to carry out financial andadministrative activities related tohealth care. A transaction would be anyof the transactions listed in section1173(a)(2) of the Act and anydetermined appropriate by the Secretaryin accordance with section 1173(a)(1)(B)of the Act. We present them below inthe order in which we propose to listthem in the regulations text to thisdocument and in the regulationsdocument for proposed standards forthese transactions that we will publishlater.

A ‘‘transaction’’ would mean any ofthe following:

a. Health claims or equivalentencounter information.

This transaction may be used tosubmit health care claim billinginformation, encounter information, orboth, from health care providers tohealth plans, either directly or viaintermediary billers and claimsclearinghouses.

b. Health care payment andremittance advice.

This transaction may be used by ahealth plan to make a payment to afinancial institution for a health careprovider (sending payment only), tosend an explanation of benefits or aremittance advice directly to a healthcare provider (sending data only), or tomake payment and send an explanationof benefits remittance advice to a healthcare provider via a financial institution(sending both payment and data).

c. Coordination of benefits.This transaction can be used to

transmit health care claims and billingpayment information between healthplans with different paymentresponsibilities where coordination ofbenefits is required or between healthplans and regulatory agencies tomonitor the rendering, billing, and/or


payment of health care services withina specific health care/insuranceindustry segment.

In addition to the nine electronictransactions specified in section1173(a)(2) of the Act, section 1173(f)directs the Secretary to adopt standardsfor transferring standard data elementsamong health plans for coordination ofbenefits and sequential processing ofclaims. This particular provision doesnot state that these should be standardsfor electronic transfer of standard dataelements among health plans. However,we believe that the Congress, whenwriting this provision, intended forthese standards to apply to theelectronic form of transactions forcoordination of benefits and sequentialprocessing of claims. The Congressexpressed its intent on these mattersgenerally in section 1173(a)(1)(B), wherethe Secretary is directed to adopt ‘‘otherfinancial and administrativetransactions . . . consistent with thegoals of improving the operation of thehealth care system and reducingadministrative costs’’. Adoption of astandard for electronic transmission ofstandard data elements among healthplans for coordination of benefits andsequential processing of claims wouldserve these goals expressed by theCongress.

d. Health claim status.This transaction may be used by

health care providers and recipients ofhealth care products or services (or theirauthorized agents) to request the statusof a health care claim or encounter froma health plan.

e. Enrollment and disenrollment in ahealth plan.

This transaction may be used toestablish communication between thesponsor of a health benefit and thehealth plan. It provides enrollment data,such as subscriber and dependents,employer information, and primary carehealth care provider information. Thesponsor is the backer of the coverage,benefit, or product. A sponsor can be anemployer, union, government agency,association, or insurance company. Thehealth plan refers to an entity that paysclaims, administers the insuranceproduct or benefit, or both.

f. Eligibility for a health plan.This transaction may be used to

inquire about the eligibility, coverage, orbenefits associated with a benefit plan,employer, plan sponsor, subscriber, or adependent under the subscriber’spolicy. It also can be used tocommunicate information about orchanges to eligibility, coverage, orbenefits from information sources (suchas insurers, sponsors, and health plans)to information receivers (such as

physicians, hospitals, third partyadministrators, and governmentagencies).

g. Health plan premium payments.This transaction may be used by, for

example, employers, employees, unions,and associations to make and keep trackof payments of health plan premiums totheir health insurers. This transactionmay also be used by a health careprovider, acting as liaison for thebeneficiary, to make payment to a healthinsurer for coinsurance, copayments,and deductibles.

h. Referral certification andauthorization.

This transaction may be used totransmit health care service referralinformation between primary carehealth care providers, health careproviders furnishing services, andhealth plans. It can also be used toobtain authorization for certain healthcare services from a health plan.

i. First report of injury.This transaction may be used to report

information pertaining to an injury,illness, or incident to entities interestedin the information for statistical, legal,claims, and risk management processingrequirements.

j. Health claims attachments.This transaction may be used to

transmit health care service information,such as subscriber, patient,demographic, diagnosis, or treatmentdata for the purpose of a request forreview, certification, notification, orreporting the outcome of a health careservices review.

k. Other transactions as the Secretarymay prescribe by regulation.

Under section 1173(a)(1)(B) of theAct, the Secretary shall adopt standards,and data elements for those standards,for other financial and administrativetransactions deemed appropriate by theSecretary. These transactions would beconsistent with the goals of improvingthe operation of the health care systemand reducing administrative costs.

C. Effective Dates—General

In general, any given standard wouldbe effective 24 months after the effectivedate (36 months for small health plans)of the final rule for that standard.Because there are other standards to beestablished than those in this proposedrule, we specify the date for a givenstandard under the subpart for thatstandard.

If HHS adopts a modification to animplementation specification or astandard, the implementation date ofthe modification would be no earlierthan the 180th day following theadoption of the modification. HHSwould determine the actual date, taking

into account the time needed to complydue to the nature and extent of themodification. HHS would be able toextend the time for compliance for smallhealth plans. This provision would be at§ 142.106.

The law does not address schedulingof implementation of the standards; itgives only a date by which allconcerned must comply. As a result,any of the health plans, health careclearinghouses, and health careproviders may implement a givenstandard earlier than the date specifiedin the subpart created for that standard.We realize that this may create someproblems temporarily, as earlyimplementers would have to be able tocontinue using old standards until thenew ones must, by law, be in place.

At the WEDI Healthcare LeadershipSummit held on August 15, 1997, it wasrecommended that health care providersnot be required to use any of thestandards during the first year after theadoption of the standard. However,willing trading partners couldimplement any or all of the standards bymutual agreement at any time duringthe 2-year implementation phase (3-yearimplementation phase for small healthplans). In addition, it was recommendedthat a health plan give its health careproviders at least 6 months notice beforerequiring them to use a given standard.

We welcome comments specificallyon early implementation as to the extentto which it would cause problems andhow any problems might be alleviated.

D. NPI Standard

[Please label written and e-mailed commentsabout this section with the subject: NPISTANDARD.]

Section 142.402, Provider identifierstandard, would contain the nationalhealth care provider identifier standard.There is no recognized standard forhealth care provider identification asdefined in the law. (That is, there is nostandard that has been developed,adopted, or modified by a standardsetting organization after consultationwith the NUBC, NUCC, WEDI, and theADA.) Therefore, we would designate anew standard.

We are proposing as the standard thenational provider identifier (NPI), whichwould be maintained by HCFA. Asdiscussed under the Background sectionearlier in this preamble, the NPI is an 8-position alphanumeric identifier. Itincludes as the 8th position a numericcheck digit to assist in identifyingerroneous or invalid NPIs. The checkdigit is a recognized InternationalStandards Organization [ISO] standard.The check digit algorithm must becomputed from an all-numeric base


number. Therefore, any alpha charactersthat may be part of the NPI aretranslated to specific numerics beforethe calculation of the check digit. TheNPI format would allow for the creationof approximately 20 billion uniqueidentifiers.

The 8-position alphanumeric formatwas chosen over a longer numeric-onlyformat in order to keep the identifier asshort as possible while providing for anidentifier pool that would serve theindustry’s needs for a long time.However, we recognize that some healthcare providers and health plans mighthave difficulty in the short term inaccommodating alphabetic characters.Therefore, we propose to issue numeric-only identifiers first and to introducealphabetic characters starting with thefirst position of the NPI. This wouldafford additional time for health careproviders and health plans toaccommodate the alphabetic characters.

1. Selection criteria.Each individual implementation team

weighted the criteria described insection I.D., Process for DevelopingNational Standards, in terms of thestandard it was addressing. As weassessed the various options for aprovider identifier against the criteria, itbecame apparent that many of thecriteria would be satisfied by all of theprovider identifier candidates.Consequently, we concentrated on thefour criteria (1, 2, 3, and 10) that werenot satisfied by all of the options. Thesecriteria are described below in thespecific context of the provideridentifier.

#1. Improve the efficiency andeffectiveness of the health care system.

In order to be integrated intoelectronic transactions efficiently,standard provider identifiers must beeasily accessible. Health plans must beable to obtain identifiers and other keydata easily in order to use the identifierin electronic transactions. Existinghealth care provider files have to beconverted to the new standard. Inaddition, health care providers willneed to know other health careproviders’ identifiers (for example, ahospital needs the identifiers of allphysicians who perform services in thefacility). To meet this criterion, webelieve the identifier should not beproprietary; that is, it should be possibleto communicate identifiers freely asneeded. Moreover, the issuer must beable to reliably issue each health careprovider only one identifier and to issueeach identifier only once.

#2. Meet the needs of the health datastandards user community.

The identifier must becomprehensive. It must accommodate

all health care provider types or must becapable of being expanded to do so.Based on our definition of ‘‘health careprovider’’, this includes individualhealth care providers who are employedby other health care providers andalternative practitioners who may not becurrently recognized by health plans.The identifier must have the capacity toenumerate health care providers formany years without reuse of previously-assigned identifiers. To meet thiscriterion, we believe that, over time, theidentifier must be capable of uniquelyidentifying at least 100 million entities.

#3. Be consistent and uniform withother HIPAA and other private andpublic sector health data standards inproviding for privacy andconfidentiality.

Confidentiality of certain health careprovider data must be maintained.Certain data elements (for example,social security number and date of birth)needed to enumerate an individualhealth care provider reliably should notbe made available to the public.

#10. Incorporate flexibility to adaptmore easily to changes.

To meet this criterion, the identifiermust be intelligence-free (the identifieritself should not contain anyinformation about the health careprovider). Intelligence in the identifierwould require issuing a new identifierif there is a change in that information.For example, an identifier containing aState code would no longer be accurateif the health care provider moves toanother State.

2. Candidate identifiers.We assessed a number of candidate

identifiers to see if they met the fourspecific criteria discussed above. Wefirst assessed the identifiers listed in theinventory of standards prepared for theSecretary by the Health InformaticsStandards Board. Those standards arethe unique physician identificationnumber (UPIN), which is issued byHCFA; the health industry number(HIN), which is issued by the HealthIndustry Business CommunicationsCouncil; the National Association ofBoards of Pharmacy (NABP) number,which is issued by the National Councilfor Prescription Drug Programs incooperation with the NABP; and thenational provider identifier (NPI), whichis being developed by HCFA.

Unique physician identificationnumbers are currently issued tophysicians, limited licensepractitioners, group practices, andcertain noninstitutional providers (forexample, ambulance companies). Thesenumbers are issued to health careproviders through Medicare carriers,and generally only Medicare providers

have them. The unique physicianidentification number is used to identifyordering, performing, referring, andattending health care providers inMedicare claims processing. Thecomputer system that generates thenumbers is maintained by HCFA and isable to detect duplicate health careproviders. The unique physicianidentification number is in the publicdomain and could be made widelyaccessible to health care providers andhealth plans. These numbers do containintelligence (the first position designatesa provider type, e.g., physician) and areonly six positions long, which wouldnot be able to accommodate a sufficientnumber of future health care providers.The unique physician identificationnumber does not meet criteria 2 and 10.

The health industry number is usedfor contract administration in the healthindustry supply chain, as a prescriberidentifier for claims processing, and formarket analysis. It consists of a base 7-position alpha-numeric identifier and a2-position alpha-numeric suffixidentifying the location of theprescriber. The suffix containsintelligence. Health industry numberscan enumerate individual prescribers aswell as institutional providers. They areissued via a proprietary systemmaintained by the Health IndustryBusiness Communications Council,which permits subscriptions to thedatabase by data re-sellers and others. Inaddition, it does not collect sufficientdata for thorough duplicate checking ofindividuals. The health industrynumber does not meet criteria 1, 3, and10.

The National Association of Boards ofPharmacy number is a 7-digit numericidentifier assigned to licensedpharmacies. It is used to identifypharmacies to various payers. Its firsttwo digits denote the State, the next fourpositions are assigned sequentially, andthe last position is a check digit. Wecannot assess data accessibility orprivacy and confidentiality at this timebecause of the very limited applicabilityof the number. A 7-digit numericidentifier would not yield a sufficientquantity of identifiers, and there isintelligence in the number. This numberdoes not meet criteria 2 and 10.

The NPI is intended to be a universalidentifier, which can be used toenumerate all types of health careproviders, and the supporting datastructure incorporates a comprehensivelist of provider types developed by anANSI Accredited Standards CommitteeX12N workgroup. It is an intelligence-free 8-position alpha-numeric identifier,with the eighth position being a checkdigit, allowing for approximately 20


billion possible identifiers. The NPIwould not be proprietary and would bewidely available to the industry. Thesystem that would enumerate healthcare providers would be maintained byHCFA, and data would therefore besafeguarded under the Privacy Act (5U.S.C 552a). The system would alsoincorporate extensive search andduplicate checking routines into theenumeration process. The NPI meets allfour of these criteria.

In addition, we examined the socialsecurity number issued by the SocialSecurity Administration, the DEAnumber issued by the Drug EnforcementAdministration, the employeridentification number issued by theInternal Revenue Service, and thenational supplier clearinghouse numberissued by the Medicare program andused to identify suppliers of durablemedical equipment and other suppliers.Neither the social security number northe DEA number meets the accessibilitytest. The use of the social securitynumber by Federal agencies is protectedby the Privacy Act, and the DEA numbermust remain confidential in order tofulfill its intended function ofmonitoring controlled substances. Theemployer identification number doesnot meet the comprehensiveness test,because some individual health careproviders do not qualify for one. Thelength of the national supplierclearinghouse number is 10 positions; toexpand it would make it too long. Also,it is not intelligence-free, since the firstportion of the identifier links healthcare providers together into businessentities. The last four positions arereserved for subentities, leaving only thefirst six positions to enumerate uniquehealth care provider entities.

Based on this analysis, werecommend the NPI be designated as thestandard identifier for health careproviders. It is the only candidateidentifier that meets all four of thecriteria above. In addition, the NPIwould be supported by HCFA to assurecontinuity. As discussed in section VII.of this preamble, on collection ofinformation requirements, the datacollection and paperwork burdens onusers would be minimal, and the NPIcan be used in other standardtransactions under the HIPAA. Inaddition, as discussed in sections III.B.,Enumerators, and IX., Impact Analysis,implementation costs per health careprovider and per health plan would berelatively low, and we would developimplementation procedures. The NPIwould be platform and protocolindependent, and the structure of theidentifier has been precisely stated. TheNPI is not fully operational, but it is

undergoing testing at this time, andcomprehensive testing will becompleted before the identifier isimplemented.

3. Consultations.In the development of the NPI, we

consulted with many organizations,including those that the legislationrequires (section 1172(c)(3)(B) of theAct). Subsequently, the NPI has beenendorsed by several government andprivate organizations:

a. The NCVHS endorsed the NPI in aFederal Register notice on July 24, 1997(62 FR 39844).

b. The NUBC endorsed the NPI inAugust 1996.

c. The ADA indicated its support, inconcept, of the development of aunique, singular, national provideridentifier for all health care providers inDecember 1996.

d. The NUCC supported theestablishment of the NPI in January1997, subject to the following issuesbeing fully addressed:

• The business needs and rationalefor each identifier be clearly establishedfor health care, in both the private andgovernment sectors, as part of theidentifier definition process.

• The scope and nature of, and therationale for, the entities subject toenumeration be clearly defined.

• All issues arising out of the healthcare industry’s review of the proposedidentifier, including any ambiguities inthe law or proposed rule, beacknowledged and addressed.

• Distribution of identifier products/maintenance to health care providers,payers and employers be low cost andefficient. There should be no cost tohave a number assigned to an individualhealth care provider or business.

e. WEDI indicated support for ‘‘thegeneral concept of the NPI as satisfyingthe national provider identifierrequirement of HIPAA’’ in a May 1997letter to the Secretary. WEDI furtherstated that the NPI is equal to or betterthan alternative identifiers, but notedthat it cannot provide an unqualifiedopinion until operational and technicaldetails are disclosed in this regulation.

f. The State of Minnesota endorsedthe NPI in Minnesota Statutes Section62J.54, dated February 1996.

g. The Massachusetts Health DataConsortium’s Affiliated HealthInformation Networks of New Englandendorsed the NPI as the standardprovider locator for electronic datainterchange in March 1996.

h. The USA Registration Committeeapproved the NPI as an InternationalStandards Organization card issueridentifier in August 1996, for use onmagnetic cards.

i. The National Council forPrescription Drug Programs indicatedsupport for the NPI effort in an October1996 letter to the Secretary.

E. Requirements

[Please label written and e-mailed commentsabout this section with the subject:Requirements.]

1. Health plans.In § 142.404, Requirements: Health

plans, we would require health plans toaccept and transmit, directly or via ahealth care clearinghouse, the NPI on allstandard transactions whereverrequired. Federal agencies and Statesmay place additional requirements ontheir health plans.

2. Health care clearinghouses.We would require in § 142.406,

Requirements: Health careclearinghouses, that each health careclearinghouse use the NPI wherever anelectronic transaction requires it.

3. Health care providers.In § 142.408, Requirements: Health

care providers, we would require eachhealth care provider that needs an NPIfor HIPAA transactions to obtain, byapplication if necessary, an NPI and touse the NPI wherever required on allstandard transactions that it directlytransmits or accepts. The process bywhich health care providers will applyfor and obtain NPIs has not yet beenestablished. This proposed rule (insection III., Implementation of the NPI)presents implementation options bywhich health care providers will applyfor and obtain NPIs. We are seekingcomments on the options, and welcomeother options for consideration. In oneof the options we are presenting, weanticipate that the initial enumeration ofhealth care providers that are alreadyenrolled in Medicare, other Federalprograms named as health plans, andMedicaid would be done by thosehealth plans. Those health careproviders would not have to apply forNPIs but would instead have their NPIsissued automatically. Non-Federal andnon-Medicaid providers would need toapply for NPIs to a Federally-directedregistry for initial enumeration. Theinformation that will be needed in orderto issue an NPI to a health care provideris discussed in this preamble in sectionIV. Data. Depending on theimplementation option selected, Federaland Medicaid health care providers maynot need to provide this informationbecause it would already be available tothe entities that would be enumeratingthem. In one of the options, health careproviders would be assigned their NPIsin the course of enrolling in the Federalhealth plan or in Medicaid. Bothoptions may require, to some degree, the


development of an application to beused in applying for an NPI.

We would require each health careprovider that has an NPI to forwardupdates to the data in the database to anNPI enumerator within 60 days of thedate the change occurs. We aresoliciting comments on whether theseupdates should be applicable to all thedata elements proposed to be includedin the national provider file (NPF) oronly to those data elements that arecritical for enumeration. For example,we would like to know whether theaddition of a credential should berequired to be reported within the 60-day period, or whether such updatesshould be limited to name or addresschanges or other data elements that arerequired to enumerate a health careprovider.

F. Effective Dates of the NPI

Health plans would be required tocomply with our requirements asfollows:

1. Each health plan that is not a smallhealth plan would have to comply withthe requirements of §§ 142.104 and142.404 no later than 24 months afterthe effective date of the final rule.

2. Each small health plan would haveto comply with the requirements of§§ 142.104 and 142.404 no later than 36months after the effective date of thefinal rule.

3. If HHS adopts a modification to astandard or implementationspecification, the implementation dateof the modification would be no earlierthan the 180th day following theadoption of the modification. HHSwould determine the actual date, takinginto account the time needed to complydue to the nature and extent of themodification. HHS would be able toextend the time for compliance for smallhealth plans.

Health care clearinghouses andaffected health care providers wouldhave to begin using the NPI no laterthan 24 months after the effective dateof the final rule.

Failure to comply with standards mayresult in monetary penalties. TheSecretary is required by statute toimpose penalties of not more than $100per violation on any person who fails tocomply with a standard, except that thetotal amount imposed on any oneperson in each calendar year may notexceed $25,000 for violations of onerequirement. We will proposeenforcement procedures in a futureFederal Register document once theindustry has more experience withusing the standards.

III. Implementation of the NPI

[Please label written and e-mailed commentsabout this section with the subject:Implementation.]

A. The National Provider SystemWe would implement the NPI through

a central electronic enumerating system,the national provider system (NPS).This system would be a comprehensive,uniform system for identifying anduniquely enumerating health careproviders at the national level, notunlike the process now used to issuesocial security numbers. HCFA wouldexercise overall responsibility foroversight and management of thesystem. Health care providers would notinteract directly with the NPS.

The process of identifying anduniquely enumerating health careproviders is separate from the processhealth plans follow in enrolling healthcare providers in their health programs.Even with the advent of assignment ofNPIs by the NPS, health plans wouldstill have to follow their ownprocedures for receiving and verifyinginformation from health care providersthat apply to them for enrollment intheir health programs. Uniqueenumeration is less expensive than planenrollment because it does not requireas much information to be collected,edited, and verified. We welcomecomments on the cost of providerenrollment in a health plan.

NPIs would be issued by one or moreorganizations to which we refer in thispreamble as ‘‘enumerators.’’ Thefunctions we foresee being carried outby enumerators are presented in sectionB. Enumerators in this preamble. TheNPS would edit the data, checking forconsistency, formatting addresses, andvalidating the social security number. Itwould then search the database todetermine whether the health careprovider already has an NPI. If so, thatNPI would be displayed. If not, an NPIwould be assigned. If the health careprovider is similar (but not identical) toan already-enumerated health careprovider, the information would bepassed back to the enumerator forfurther analysis. Enumerators wouldalso communicate NPIs back to thehealth care providers and maintain theNPS database. The number ofenumerators would be limited in theinterest of data quality and consistency.

Because the Medicare programmaintains files on more health careproviders than any other health careprogram in the country, we envisionusing data from those files to initiallypopulate the NPF that is being built bythe NPS and would be accessed by theenumerator(s). The data we are

considering for inclusion in this file aredescribed in section IV. Data in thispreamble.

B. Enumerators

The enumerator(s) would carry outthe following functions: assist healthcare providers and answer questions;accept the application for an NPI;validate as many of the data elements aspossible at the point of application toassure the submitted data are accurateand the application is authentic; enterthe data into the NPS to obtain an NPIfor the health care provider; researchcases where there is a possible match toa health care provider alreadyenumerated; notify the health careprovider of the assigned NPI; and enterupdated data into the NPS whennotified by the health care provider.Some of these functions would not benecessary if the enumerator(s) is anentity that enrolls health care providersin its own health plan and would beenumerating health care providers at thetime they are enrolling in the entity’shealth plan. For example, if a Federalhealth plan is an enumerator, some ofthe functions listed above would nothave to be performed separately fromwhat the health plan would do in itsregular business.

The major issue related to theoperation of this process is determiningwho the enumerator(s) will be.

1. Possible enumerators.We had several choices in deciding

who should enumerate health careproviders. There are advantages anddisadvantages to each of these choices:

• A registry:A central registry operated under

Federal direction would enumerate allhealth care providers. The Federally-directed registry could be a singlephysical entity or could be a number ofagents controlled by a single entity andoperating under common proceduresand oversight.

For: The process would be consistent;centralized operation would assureconsistent data quality; the concept of aregistry is easy to understand (singlesource for identifiers).

Against: The cost of creating a newentity rather than enumerating as part ofexisting functions (for example, planenrollment) would be greater thanhaving existing entities enumerate; therewould be redundant data required forenumeration and enrollment in a healthplan.

• Private organization(s):A private organization(s) that meets

certain selection criteria andperformance standards, which wouldpost a surety bond related to the number


of health care providers enumeratedcould enumerate health care providers.

For: The organization(s) wouldoperate in a consistent manner underuniform requirements and standards;failure to maintain prescribedrequirements and standards could resultin penalties which could includesuspension or debarment from being anenumerator.

Against: A large number of privateenumerators would compromise thequality of work and be difficult tomanage; the administrative workrequired to set up arrangements for aprivate enumerator(s) may besignificant; the cost of creating a newentity rather than enumerating as part ofexisting functions (for example, planenrollment) would be greater thanhaving existing entities enumerate; theremight be redundant data required forenumeration and enrollment in a healthplan; the legality of privatization wouldneed to be researched.

• Federal health plans and MedicaidState agencies:

Federal programs named as healthplans and Medicaid State agencieswould enumerate all health careproviders. (As stated earlier under thedefinition of ‘‘health plan’’, the FederalEmployees Health Benefits Program iscomprised of numerous health plans,rather than just one, and does not dealdirectly with health care providers thatare not also health plans. Thus, theprogram would not enumerate healthcare providers but would still requirethe NPI to be used.)

For: These health plans already assignnumbers to their health care providers;a large percentage of health careproviders do business with Federalhealth plans and Medicaid Stateagencies; there would be no appreciablecosts for these health plans toenumerate as part of their enrollmentprocess; a small number of enumeratorswould assure consistent data quality.

Against: Not all health care providersdo business with any of these healthplans; there would be the question ofwhich health plan would enumerate thehealth care provider that participates inmore than one; we estimate thatapproximately 5 percent of the StateMedicaid agencies may decline to takeon this additional task.

• Designated State agency:The Governor of each State would

designate an agency to be responsiblefor enumerating health care providerswithin the State. The agency might bethe State Medicaid agency, Statelicensing board, health department, orsome other organization. Each Statewould have the flexibility to develop itsmost workable approach.

For: This choice would cover allhealth care providers; there would be asingle source of enumeration in eachState; States could devise the leastexpensive mechanisms (for example,assign NPI during licensing); licenserenewal cycles would assure periodicchecks on data accuracy.

Against: This choice would place anunfunded workload on States; Statesmay decline to designate an agency;there may be insufficient funding tosupport the costs the States wouldincur; State licensing agencies may notcollect enough information duringlicensing to ensure uniqueness acrossStates; States may not be uniform intheir definitions of ‘‘providers.’’

• Professional organizations ortraining programs:

We would enlist professionalorganizations to enumerate theirmembers and/or enable professionalschools to enumerate their students.

For: Individuals could be enumeratedat the beginning of their careers; mosthealth care providers either attend aprofessional school or belong to anorganization.

Against: Not all health care providersare affiliated with an organization orschool; this choice would result inmany enumerators and thus potentiallylower the data quality; schools wouldnot be in a position to update data oncethe health care provider has graduated;the choice would place an unfundedworkload on schools and/ororganizations.

• Health plans:Health plans in general would have

access to the NPS to enumerate any oftheir health care providers.

For: Most health care providers dobusiness with one or more health plans;there would be a relatively low cost forhealth plans to enumerate as part ofenrollment; this choice would eliminatethe need for redundant data.

Against: Not all health care providersare affiliated with a health plan; thischoice would be confusing for thehealth care provider in determiningwhich health plan would enumeratewhen the health care provider isenrolled in multiple health plans; therewould be a very large number ofenumerators and thus potentiallyserious data quality problems; thechoice would place unfunded workloadon health plans.

• Combinations:We also considered using

combinations of these choices tomaximize advantages and minimizedisadvantages.

2. Options:If private organizations, as

enumerators, could charge health care

providers a fee for obtaining NPIs, thisenumeration option would be attractiveand more preferable than the otherchoices or combinations, as it wouldoffer a way to fund the enumerationfunction. In researching the legality ofthis approach, however, we wereadvised that we do not have theauthority to (1) charge health careproviders a fee for obtaining NPIs, or (2)license private organizations that couldcharge health care providers for NPIs.For these reasons, we chose not torecommend private organizations asenumerators.

The two most viable options aredescribed below. We solicit input onthese options, as well as on alternatesolutions.

Option 1: Registry enumeration of allhealth care providers.

All health care providers would applydirectly to a Federally-directed registryfor an identifier. The registry, whileunder Federal direction, wouldprobably be operated by an agent orcontractor. This option is favored bysome health plans, which believe that asingle entity should be given the task ofenumerating health care providers andmaintaining the database for the sake ofconsistency. It would also be thesimplest option for health careproviders, since enumeration activitieswould be carried out for all health careproviders by a single entity. The majordrawback to this option is the high costof establishing a registry large enough toprocess enumeration and updaterequests for the 1.2 million current and30,000 new (annually) health careproviders that conduct HIPAAtransactions. The costs of this option arediscussed in section J.2.d., Enumerators,in the impact analysis in this FederalRegister document. The statute did notprovide a funding mechanism for theenumeration/update process. Federalfunds, if available, could support theregistry. We seek comments on fundingmechanisms for the registry.

This option does not offer a clearpossibility for funding some of the costsassociated with the operation andmaintenance of the NPS as it becomesnational in scope (that is, as the NPSenumerates health care providers thatare not Medicare providers). We solicitcomments on appropriate methods forfunding the NPS under this option.

Option 2: A combination of Federalprograms named as health plans,Medicaid State agencies, and aFederally-directed registry.

Federal health plans and MedicaidState agencies would enumerate theirown health care providers. Each healthcare provider participating in more thanone health plan could choose the health


plan by which it wishes to beenumerated. All other health careproviders would be enumerated by aFederally-directed registry. These latterhealth care providers would applydirectly to the registry for an identifier.

The number of enumerators, and thenumber of health care providers perenumerator, would be small enough thateach enumerator would be able tocarefully validate data received fromand about each of its health careproviders. Moreover, enumerators (asidefrom the registry) would be dealing withtheir own health care providers, anadvantage both in terms of cost equityand data quality. This option recognizesthe fact that Federal plans and MedicaidState agencies already assign identifiersto their health care providers for theirown programmatic purposes. It wouldstandardize those existing processesand, in some cases, may increase theamount of data collected or validationperformed. We have concluded that thecost of concurrently enumerating andenrolling a Medicare or Medicaidprovider is essentially the same as thecost of enrollment alone because of thehigh degree of redundancy between theprocesses. While there would probablybe additional costs initially, they wouldbe offset by savings in other areas (e.g.,there would be a simplified, moreefficient coordination of benefits; ahealth care provider would only have tobe enumerated once; there would be noneed to maintain more than oneprovider number for each health careprovider; and there would be no need tomaintain more than one enumerationsystem).

The Federal Government isresponsible for 75 percent of MedicaidState agency costs to enumerate andupdate health care providers. Becausewe believe that, on average, the costsincurred by Medicaid State agencies inenumerating and updating their ownhealth care providers to be relativelylow and offset by savings, there are notangible costs involved.

Allowing these health plans tocontinue to enumerate their health careproviders would reduce the registryworkload and its operating costs. Weestimate that approximately 85 percentof billing health care providers transactbusiness with a Medicaid State agencyor a Federal health plan. We estimatethat 5 percent of Medicaid Stateagencies may decline to enumerate theirhealth care providers. If so, that workwould have to be absorbed by theregistry. This expense could be offset bythe discontinuation of the UPIN registry,which is currently maintained withFederal funds. The costs of this option

are discussed in section J.2.d.,Enumerators, of the impact analysis.

We welcome comments on thenumber of health care providers thatwould deal directly with a registryunder this option and on alternativeways to enumerate them.

This option does not offer a clearpossibility for funding some of the costsassociated with the operation andmaintenance of the NPS as it becomesnational in scope (that is, as the NPSenumerates health care providers thatare not Medicare providers). We solicitcomments on appropriate methods forfunding the NPS under this option.

We believe that option 2 is the mostadvantageous and the least costly.Option 1 is the simplest for health careproviders to understand but has asignificant Federal budgetary impact.Option 2 takes advantage of existingexpertise and processes to enumeratethe majority of health care providers.This reduces the cost of the registry inoption 2 to a point where it would belargely offset by savings fromeliminating redundant enumerationprocesses.

3. Fees and costs.Because the statute did not provide a

funding mechanism for the enumerationprocess, Federal funds, if available,would be required to finance thisfunction. We seek comment on anyburden that various financing optionsmight impose on the industry.

We welcome comments on possibleways to reduce the costs ofenumeration.

While the NPS has been developed todate by HCFA with Federal funds,issues remain as to sources of futurefunding as the NPS becomes national inuse. We welcome your comments onsources for this funding.

4. Enumeration phases.We intend to implement the NPI in

phases because the number of potentialhealth care providers to be enumeratedis too large to enumerate at one time,regardless of the number ofenumerators. We describe in a., b., andc. below how the process would workif option 2 were selected and in d.below how implementation of option 1would differ.

a. Health care providers thatparticipate in Medicare (includingphysicians and other suppliers thatfurnish items and services covered byMedicare) would be enumerated firstbecause, as the managing entity, HCFAhas data readily available for allMedicare providers. Health careproviders that are already enrolled inMedicare at the time of implementationwould be enumerated based on existingMedicare provider databases that have

already been reviewed and validated.These health care providers would nothave to request an NPI—they wouldautomatically receive one. After thisinitial enumeration, new and non-Medicare health care providers not yetenumerated that wish to participate inMedicare would receive an NPI as a partof the enrollment process.

b. Medicaid and non-MedicareFederal health plans that need toenumerate their health care providerswould follow a similar process, basedon a mutually agreed-upon timetable.Those health plans’ existingprevalidated databases could be used toavoid requiring large numbers of healthcare providers to apply for NPIs. If ahealth care provider were alreadyenumerated by Medicare, that NPIwould be communicated to the secondprogram. After the initial enumeration,new health care providers that wish toparticipate in Medicaid or a Federalhealth plan other than Medicare wouldreceive an NPI as a part of thatenrollment process. Health careproviders that transact business withmore than one such health plan couldbe enumerated by any one of thosehealth plans. This phase would becompleted within 2 years after theeffective date of the final rule.

c. A health care provider that does nottransact any business with Federalhealth plans or Medicaid but that doesconduct electronically any of thetransactions stipulated in HIPAA (forexample, submits claims electronicallyto a private health plan) would beenumerated via a Federally-directedregistry. This enumeration would bedone concurrently with the enumerationdescribed in b., above. Health careproviders would apply to the registry foran NPI.

After the first two phases ofenumeration (that is, enumeration ofhealth care providers enrolled orenrolling in Federal health plans orMedicaid or health care providers thatdo not conduct business with any ofthose plans but that conduct any of theHIPAA transactions electronically), thehealth care providers remaining wouldbe those that do not conductelectronically any of the transactionsspecified in HIPAA. We refer to thesehealth care providers as ‘‘non-HIPAA-transaction health care providers.’’ Thenon-HIPAA-transaction health careproviders would not be enumerated inthe first two phases of enumeration. Wedo not intend to enumerate these healthcare providers until all health careproviders requiring NPIs by statute areenumerated and funds are available. Insome cases, these health care providersmay wish to be enumerated even though


they do not conduct electronictransactions. Health plans may prefer touse the NPI for all health care providers,whether or not they submit transactionselectronically, for the sake of processingefficiency. In addition, some health careproviders may wish to be enumeratedeven though they conduct no designatedtransactions and are not affiliated withany health plan. Additional research isrequired on the time table and methodby which non-HIPAA-transaction healthcare providers would be enumerated.

d. If option 1 were selected, theFederally-directed registry wouldenumerate all health care providers.With a single enumeration point(although it could consist of severalagents controlled by a single entity, asstated earlier), we would envisionenumeration taking place in thefollowing phases: Medicare providers;Medicaid providers and other non-Medicare Federal providers; health careproviders that do not transact anybusiness with the aforementioned plansbut that process electronically any of thetransactions stipulated in HIPAA; andall other health care providers (i.e., non-HIPAA-transaction health careproviders).

C. Approved Uses of the NPIThe law requires that we specify the

appropriate uses of the NPI.Two years after adoption of this

standard (3 years for small health plans)the NPI must be used in the health caresystem in connection with the health-related financial and administrativetransactions identified in section1173(a). The NPI may also be used as across reference in health care providerfraud and abuse files and other programintegrity files (for example, the HHSOffice of the Inspector General sanctionfile). The NPI may be used to identifyhealth care providers for debt collectionunder the provisions of the DebtCollection Information Act of 1996 andthe Balanced Budget Act of 1997, andfor any other lawful activity requiringindividual identification of health careproviders. It may not be used in anyactivity otherwise prohibited by law.

Other examples of approved useswould include:

• Health care providers may use theirown NPIs to identify themselves inhealth care transactions or relatedcorrespondence.

• Health care providers may use otherhealth care providers’ NPIs as necessaryto complete health care transactions andon related correspondence.

• Health care providers may use theirown NPIs on prescriptions (however,the NPI could not replace the DEAnumber or State license number where

either of those numbers is required onprescriptions).

• Health plans may use NPIs in theirinternal provider files to processtransactions and may use them ontransactions and in communicationswith health care providers.

• Health plans may communicateNPIs to other health plans forcoordination of benefits.

• Health care clearinghouses may useNPIs in their internal files to create andprocess standard transactions and incommunications with health careproviders and health plans.

• NPIs may be used to identifytreating health care providers in patientmedical records.

D. Summary of Effects on VariousEntities

We summarize here how theimplementation of the NPI would affecthealth care providers, health plans, andhealth care clearinghouses, if option 2were selected. Differences that wouldresult from selection of option 1 arenoted parenthetically.

1. Health care providers.a. Health care providers interacting

with Medicare, another Federal plan, ora Medicaid State agency would receivetheir NPIs from the NPS via one of thoseprograms and would be required to usetheir NPIs on all the specified electronictransactions. Each plan would establishits own schedule for adopting the NPI,within the time period specified by thelaw. Whether a given plan wouldautomatically issue the NPIs or requirethe health care providers to apply forthem would be up to the plan. (Forexample, the Medicare program wouldissue NPIs automatically to its currentlyenrolled Medicare providers andsuppliers; data on its future health careproviders and suppliers would becollected on the Medicare enrollmentapplication.) The Federal or State planmay impose requirements other thanthose stated in the regulations.

The health care providers would berequired to update any data collectedfrom them by submitting changes to theplan within 60 days of the change.Health care providers that transactbusiness with multiple plans couldreport changes to any one of them.(Selection of option 1 would mean thatthe health care provider would obtainthe NPI from, and report changes to, theFederally-directed registry.)

b. Health care providers that conductelectronic transactions but do not do sowith Federal health plans or Medicaidwould receive their NPIs from the NPSvia the Federally-directed registry andwould be required to use their NPIs onall the specified electronic transactions.

Each health plan would establish itsown schedule for adopting the NPI,within the time period specified by thelaw. The health care providers would berequired to update any data originallycollected from them by submittingchanges within 60 days of the date ofthe change to the Federally-directedregistry.

c. Health care providers that are notcovered by the above categories wouldnot be required to obtain an NPI. (Thesehealth care providers are the non-HIPAA-transaction health careproviders as described in section 4.c. ofsection B. Enumerators earlier in thispreamble.) They may be enumerated ifthey wish, depending on availability offunds, but they would not be issuedNPIs until those health care providersthat currently conduct electronictransactions have received their NPIs.As stated earlier, the timetable andmethod by which the non-HIPAA-transaction health care providers wouldbe enumerated must be determined.After the non-HIPAA-transaction healthcare providers are enumerated, theywould be required to update any dataoriginally collected from them bysubmitting changes within 60 days ofthe date of the change. Those providerswould report their changes to theregistry or to a Federal plan or MedicaidState agency with which they transactbusiness at the time of the change.

2. Health plans.a. Medicare, other Federal health

plans, and Medicaid would beresponsible for obtaining NPIs from theNPS and issuing them to their healthcare providers. They would beresponsible for updating the data basewith data supplied by their health careproviders. (Selection of option 1 wouldmean that Medicare, other Federalhealth plans, and Medicaid would notenumerate health care providers orupdate their data.)

These government health plans wouldestablish their own schedule foradopting the NPI, within the timeperiod specified by the law. They wouldbe able to impose requirements on theirhealth care providers in addition to, butnot inconsistent with, those in ourregulations.

b. Each remaining health plan wouldbe required to use the NPI to identifyhealth care providers in electronictransactions as provided by the statute.Each health plan would establish itsown schedule for adopting the NPI,within the time period specified by thelaw. They would be able to imposerequirements on their health careproviders in addition to, but notinconsistent with, those in ourregulations.


3. Health care clearinghouses.Health care clearinghouses would be

required to use a health care provider’sNPI on electronic standard transactionsrequiring an NPI that are submitted onthe health care provider’s behalf.

IV. Data

[Please label written and e-mailed commentsabout this section with the subject: DATA.]

A. Data Elements

The NPS would collect and store inthe NPF a variety of information abouta health care provider, as shown in thetable below. We believe the majority ofthis information is used to uniquelyidentify a health care provider; otherinformation is used for administrativepurposes. A few of the data elements arecollected at the request of potentialusers that have been working withHCFA in designing the database prior to

the passage of HIPAA. All of these dataelements represent only a fraction of theinformation that would comprise aprovider enrollment file. The dataelements in the table, plus cease/effective/termination dates, switches(yes/no), indicators, and history, arebeing considered as those that wouldform the NPF. We have includedcomments, as appropriate. The tabledoes not display systems maintenanceor similar fields, or health care providercease/effective/termination dates.

NATIONAL PROVIDER FILE DATA ELEMENTS

Data elements Comments Purpose

National Provider Identifier (NPI) ................. 8-position alpha-numeric NPI assigned by the NPS .......................................................... IProvider’s current name ............................... For Individuals only. Includes first, middle, and last names ............................................... IProvider’s other name .................................. For Individuals only. Includes first, middle, and last names. Other names might include

maiden and professional names.I

Provider’s legal business name ................... For Groups and Organizations only .................................................................................... IProvider’s name suffix .................................. For Individuals only. Includes Jr., Sr., II, III, IV, and V ....................................................... IProvider’s credential designation ................. For Individuals only. Examples are MD, DDS, CSW, CNA, AA, NP, RNA, PSY .............. IProvider’s Social Security Number (SSN) .... For Individuals only ............................................................................................................. IProvider’s Employer Identification Number

(EIN).Employer Identification Number .......................................................................................... I

Provider’s birth date ..................................... For Individuals only ............................................................................................................. IProvider’s birth State code ........................... For Individuals only ............................................................................................................. IProvider’s birth county name ........................ For Individuals only ............................................................................................................. IProvider’s birth country name ...................... For Individuals only ............................................................................................................. IProvider’s sex ............................................... For Individuals only ............................................................................................................. IProvider’s race .............................................. For Individuals only ............................................................................................................. UProvider’s date of death ............................... For Individuals only ............................................................................................................. IProvider’s mailing address ........................... Includes 2 lines of street address, plus city, State, county, country, 5- or 9-position ZIP

code.A

Provider’s mailing address telephone num-ber.

.............................................................................................................................................. A

Provider’s mailing address fax number ........ .............................................................................................................................................. AProvider’s mailing address e-mail address .. .............................................................................................................................................. AResident/Intern code .................................... For certain Individuals only ................................................................................................. UProvider enumerate date .............................. Date provider was enumerated (assigned an NPI). Assigned by the NPS ....................... AProvider update date .................................... Last date provider data was updated. Assigned by the NPS ............................................ AEstablishing enumerator/agent number ....... Identification number of the establishing enumerator ......................................................... AProvider practice location identifier (location

code).2-position alpha-numeric code (location code) assigned by the NPS ............................... I

Provider practice location name ................... Title (e.g., ‘‘doing business as’’ name) of practice location ................................................ IProvider practice location address ............... Includes 2 lines of street address, plus city, State, county, country, 5- or 9-position ZIP

code.I

Provider’s practice location telephone num-ber.

.............................................................................................................................................. A

Provider’s practice location fax number ....... .............................................................................................................................................. AProvider’s practice location e-mail address .............................................................................................................................................. AProvider classification ................................... From Accredited Standards Committee X12N taxonomy. Includes type(s), classifica-

tion(s), area(s) of specialization.I

Provider certification code ............................ For certain Individuals only ................................................................................................. UProvider certification (certificate) number ..... For certain Individuals only ................................................................................................. UProvider license number ............................... For certain Individuals only ................................................................................................. IProvider license State .................................. For certain Individuals only ................................................................................................. ISchool code .................................................. For certain Individuals only ................................................................................................. ISchool name ................................................. For certain Individuals only ................................................................................................. ISchool city, State, country ............................ For certain Individuals only ................................................................................................. USchool graduation year ................................ For certain Individuals only ................................................................................................. IOther provider number type ......................... Type of provider identification number also/formerly used by provider: UPIN, NSC,

OSCAR, DEA, Medicaid State, PIN, Payer ID.I

Other provider number ................................. Other provider identification number also/formerly used by provider ................................. IGroup member name ................................... For Groups only. Name of Individual member of group. Includes first, middle, and last

names.I

Group member name suffix .......................... For Groups only. This is the Individual member’s name suffix. Includes Jr., Sr., II, III, IV,and V.

I


NATIONAL PROVIDER FILE DATA ELEMENTS—Continued

Data elements Comments Purpose

Organization type control code .................... For certain Organizations only. Includes Government—Federal (Military), Government—Federal (Veterans), Government—Federal (Other), Government—State/County, Gov-ernment—Local, Government—Combined Control, Non-Government—Non-profit,Non-Government—For Profit, and Non-Government—Not for Profit.

U

Key:I—Used for the unique identification of a provider.A—Used for administrative purposes.U—Included at the request of potential users (optional).

We need to consider the benefits ofretaining all of the data elements shownin the table versus lowering the cost ofmaintaining the database by keepingonly the minimum number of dataelements needed for unique provideridentification. We solicit input on thecomposition of the minimum set of dataelements needed to uniquely identifyeach type of provider. In order toconsider the inclusion or exclusion ofdata elements, we need to assess theirpurpose and use.

The data elements with a purpose of‘‘I’’ are needed to identify a health careprovider, either in the search process(which is electronic) or in theinvestigation of health care providersdesignated as possible matches by thesearch process. These data elements arecritical because unique identification isthe keystone of the NPS.

The data elements with a purpose of‘‘A’’ are not essential to theidentification processes mentionedabove, but nonetheless are valuable.Certain ‘‘A’’ data elements can be usedto contact a health care provider forclarification of information or resolutionof issues encountered in theenumeration process and for sendingwritten communications; other ‘‘A’’ dataelements (e.g., Provider Enumerate Date,Provider Update Date, EstablishingEnumerator/Agent Number) are used toorganize and manage the data.

Data elements with a purpose of ‘‘U’’are collected at the request of potentialusers of the information in the system.While not used by the system’s searchprocess to uniquely identify a healthcare provider, Race is neverthelessvaluable in the investigation of healthcare providers designated as possiblematches as a result of that process. Inaddition, Race is important to the utilityof the NPS as a statistical samplingframe. We solicit comments on thestatistical validity of Race data. Race iscollected ‘‘as reported’’; that is, it is notvalidated. It is not maintained, onlystored. The cost of keeping this dataelement is virtually nil. Other dataelements (Resident/Intern Code,Provider Certification Code and

Number, and Organization Type ControlCode) with a purpose of ‘‘U’’, while notused for enumeration of a health careprovider, have been requested to beincluded by some members of the healthcare industry for reports and statistics.These data elements are optional and donot require validation; many remainconstant by their nature; and the cost tostore them is negligible.

The data elements that we judge willbe expensive to either validate ormaintain (or both) are the licenseinformation, provider practice locationaddresses, and membership in groups.We solicit comments on whether thesedata elements are necessary for theunique enumeration of health careproviders and whether validation ormaintenance is required for thatpurpose.

Licenses may be critical indetermining uniqueness of a health careprovider (particularly in resolvingidentities involving compoundsurnames) and are, therefore, consideredto be essential by some. Licenseinformation is expensive to validateinitially, but not expensive to maintainbecause it does not change frequently.

The practice location addresses can beused to aid in investigating possibleprovider matches, in converting existingprovider numbers to NPIs, and inresearch involving fraud orepidemiology. Location codes, whichare discussed in detail in section B.Practice Addresses and Group/Organization Options below, could beassigned by the NPS to point to andidentify practice locations ofindividuals and groups. Some potentialusers felt that practice addresseschanged too frequently to be maintainedefficiently at the national level. Theaverage Medicare physician has two tothree addresses at which he/shepractices. Group providers may havemany more practice locations. Weestimate that 5 percent of health careproviders require updates annually, andthat addresses are one of the mostfrequently changing attributes. As aresult, maintaining more than onepractice address for an individual

provider on a national scale could beburdensome and time consuming. Manypotential users believe that practiceaddresses could more adequately bemaintained at local, health-plan specificlevels.

Some potential users felt thatmembership in groups was useful inidentifying health care providers. Manyothers, however, felt that these data arehighly volatile and costly to maintain.These users felt it was unlikely thatmembership in groups could besatisfactorily maintained at the nationallevel.

We welcome your comments on thedata elements proposed for the NPF andinput as to the potential usefulness andtradeoffs for these elements such asthose discussed above.

We specifically invite comments andsuggestions on how the enumerationprocess might be improved to preventissuance of multiple NPIs to a healthcare provider.

B. Practice Addresses and Group/Organization Options

We have had extensive consultationswith health care providers, health plans,and members of health data standardsorganizations on the requirements forprovider practice addresses and on thegroup and organization data in the NPS.(It is important to note that the NPS isdesigned to capture a health careprovider’s mailing address. The mailingaddress is a data element separate fromthe practice address, and, as such, is notthe subject of the discussion below.)Following are the major questionsrelating to these issues:

• Should the NPS capture practiceaddresses of health care providers?

For: Practice addresses could aid innon-electronic matching of health careproviders and in conversion of existingprovider number systems to NPIs. Theycould be useful for research specific topractice location; for example, involvingfraud or epidemiology.

Against: Practice addresses would beof limited use in the electronicidentification and matching of healthcare providers. The large number ofpractice locations of some group


providers, the frequent relocation ofprovider offices, and the temporarysituations under which a health careprovider may practice at a particularlocation would make maintenance ofpractice addresses burdensome andexpensive.

• Should the NPS assign a locationcode to each practice address in a healthcare provider’s record? The locationcode would be a 2-positionalphanumeric data element. It would bea data element in the NPS but would notbe part of the NPI. It would point to acertain practice address in the healthcare provider’s record and would beusable only in conjunction with thathealth care provider’s NPI. It would notstand alone as a unique identifier for theaddress.

For: The location code could be usedto designate a specific practice addressfor the health care provider, eliminatingthe need to perform an address matcheach time the address is retrieved. Thelocation code might be usable, inconjunction with a health careprovider’s NPI, as a designation forservice location in electronic healthtransactions.

Against: Location codes should not becreated and assigned nationally unlessrequired to support standard electronichealth transactions; this requirementhas not been demonstrated. The formatof the location code would allow for alifetime maximum of 900 location codesper health care provider; this numbermay not be adequate for groups withmany locations. The location codewould not uniquely identify an address;different health care providerspracticing at the same address wouldhave different location codes for thataddress, causing confusion for businessoffices that maintain data for largenumbers of health care providers.

• Should the NPS link the NPI of agroup provider to the NPIs of theindividual providers who are membersof the group?

For: Linkage of the group NPI toindividual members’ NPIs wouldprovide a connection from the groupprovider, which is possibly not licensedor certified, to the individual memberswho are licensed, certified or otherwiseauthorized to provide health careservices.

Against: The large number ofmembers of some groups and thefrequent moves of individuals amonggroups would make nationalmaintenance of group membershipburdensome and expensive.Organizations that need to know groupmembership prefer to maintain thisinformation locally, so that they canensure its accuracy for their purposes.

• Should the NPS collect the samedata for organization and groupproviders? There would be nodistinction between organization andgroup providers. Each health careprovider would be categorized in theNPS either as an individual or as anorganization. Each separate physicallocation or subpart of an organizationthat needed to be identified wouldreceive its own NPI. The NPS would notlink the NPI of an organization providerto the NPI of any other health careprovider, although all organizationswith the same employer identificationnumber (EIN) or same name would beretrievable via a query on that EIN orname.

For: The categorization of health careproviders as individuals ororganizations would provide flexibilityfor enumeration of integrated providerorganizations. Eliminating the separatecategory of group providers wouldeliminate an artificial distinctionbetween groups and organizations. Itwould eliminate the possibility that thesame entity would be enumerated asboth a group and an organization. Itwould eliminate any need for locationcodes for groups. It would allowenumeration at the lowest level thatneeds to be identified, offeringflexibility for enumerators, health plansor other users of NPS data to linkorganization NPIs as they require intheir own systems.

Against: A single business entitycould have multiple NPIs,corresponding to its physical locationsor subparts.

Possible Approaches:We present two alternatives to

illustrate how answers to the questionsposed above would affect enumerationand health care provider data in theNPS. Since the results would dependupon whether the health care provideris an individual, organization, or group,we refer the reader to section II.B.3.,Definitions, of this preamble.

Alternative 1:The NPS would capture practice

addresses. It would assign a locationcode for each practice address of anindividual or group provider.Organization and group providerswould be distinguished and would havedifferent associated data in the NPS.Organization providers could have onlyone location per NPI and could not haveindividuals listed as members. Groupproviders could have multiple locationswith location codes per NPI and wouldhave individuals listed as members.

For individual providers, the NPSwould capture each practice addressand assign a corresponding locationcode. The NPS would link the NPIs of

individuals who are listed as membersof a group with the NPI of their group.

For organization providers, the NPSwould capture the single active practiceaddress. It would not assign acorresponding location code.

For group providers, the NPS wouldcapture each practice address and assigna corresponding location code. The NPSwould link the NPI of a group with theNPIs of all individuals who are listed asmembers of the group. A group locationwould have a different location code inthe members’ individual records and thegroup record.

Alternative 2:The NPS would capture only one

practice address for an individual ororganization provider. It would notassign location codes. The NPS wouldnot link the NPI of a group provider tothe NPIs of individuals who aremembers of the group. Organization andgroup providers would not bedistinguished from each other in theNPS. Each health care provider wouldbe categorized as either an individual oran organization.

For individual providers, the NPSwould capture a single practice address.It would not assign a correspondinglocation code.

For organization providers, eachseparate physical location or subpartthat needed to be identified wouldreceive its own NPI. The NPS wouldcapture the single active practiceaddress of the organization. It would notassign a corresponding location code.

Recent consultations with health careproviders, health plans, and members ofhealth data standards organizationshave indicated a growing consensus forAlternative 2 discussed above.Representatives of these organizationsfeel that Alternative 2 will provide thedata needed to identify the health careprovider at the national level, whilereducing burdensome data maintenanceassociated with provider practicelocation addresses and groupmembership. We welcome comments onthese and other alternatives forcollection of practice location addressesand assignment of location codes, andon the group and organization providerdata within the NPS.

V. Data Dissemination

[Please label written and e-mailed commentsabout this section with the subject:Dissemination.]

We are making information from theNPS available so that the administrativesimplification provisions of the law canbe implemented smoothly andefficiently. In addition to the health careprovider’s name and NPI, it is importantto make available other information


about the health care provider so thatpeople with existing health careprovider files can associate their healthcare providers with the appropriateNPIs. The data elements we areproposing to disseminate are the onesthat our research has shown will bemost beneficial in this matchingprocess. The information needs to bedisseminated to the widest possibleaudience because the NPIs would beused in a vast number of applicationsthroughout the health care industry.

We propose to charge fees for thedissemination of such items as data filesand directories, but the fees would notexceed the costs of the dissemination.

We would establish two levels ofusers of the data in the NPS forpurposes of disseminating information.Some of the data that would be

collected in order to assign NPIs wouldbe confidential and not be disclosed tothose without a legitimate right ofaccess to the confidential data.

Level I—EnumeratorsAccess to the NPS would be limited

to approved enumerators for the systemthat would be specifically listed in 45CFR part 142. We would publish‘‘routine uses’’ for the data concerningindividuals in a Privacy Act systems ofrecords notice. The notice is beingdeveloped and will be available duringthe comment period for this proposedrule.

Enumerators would have access to alldata elements for all health careproviders in order to accurately resolvepotential duplicate situations (that is,the health care provider may already

have been enumerated). Enumeratorswould be required to protect the privacyof the data in accordance with thePrivacy Act.

Enumerators would have access to theon-line NPS and would also receiveperiodic batch update files from HCFA.

Level II—The Public

The public (which includesindividuals, health care providers,software vendors, health plans that arenot enumerators, and health careclearinghouses) would have access toselected data elements.

The table below lists the datacomprising the NPF, as described insection IV. A. Data Elements, andindicates the dissemination level (LevelI or Level II).

DISSEMINATION OF INFORMATION FROM THE NATIONAL PROVIDER FILE

Data elements Disseminationlevel Comments

National Provider Identifier (NPI) ............... I and II .......... 8-position alpha-numeric NPI assigned by the NPS.Provider’s current name ............................ I and II .......... For Individuals only. Includes first, middle, and last names.Provider’s other name ............................... I and II .......... For Individuals only. Includes first, middle, and last names. Other names might in-

clude maiden and professional names.Provider’s legal business name ................. I and II .......... For Groups and Organizations only.Provider’s name suffix ............................... I and II .......... For Individuals only. Includes Jr., Sr., II, III, IV, and V.Provider’s credential designation ............... I and II .......... For Individuals only. Examples are MD, DDS, CSW, CNA, AA, NP, RNA, PSY.Provider’s Social Security Number (SSN) I only ............. For Individuals only.Provider’s Employer Identification Number

(EIN).I only ............. Employer Identification Number.

Provider’s birth date ................................... I only ............. For Individuals only.Provider’s birth State code ........................ I only ............. For Individuals only.Provider’s birth county name ..................... I only ............. For Individuals only.Provider’s birth country name .................... I only ............. For Individuals only.Provider’s sex ............................................ I only ............. For Individuals only.Provider’s race ........................................... I only ............. For Individuals only.Provider’s date of death ............................ I only ............. For Individuals only.Provider’s mailing address ........................ I and II .......... Includes 2 lines of street address, plus city, State, county, country, 5- or 9-position

ZIP code.Provider’s mailing address telephone

number.I only.

Provider’s mailing address fax number ..... I only.Provider’s mailing address e-mail address I only.Resident/Intern code .................................. I and II .......... For certain Individuals only.Provider enumerate date ........................... I and II .......... Date provider was enumerated (assigned an NPI). Assigned by the NPS.Provider update date ................................. I and II .......... Last date provider data was updated. Assigned by the NPS.Establishing enumerator/agent number ..... I only ............. Identification number of the establishing enumerator.Provider practice location identifier (loca-

tion code).I and II .......... 2-position alpha-numeric code (location code) assigned by the NPS.

Provider practice location name ................ I and II .......... Title (e.g., ‘‘doing business as’’ name) of practice location.Provider practice location address ............ I and II .......... Includes 2 lines of street address, plus city, State, county, country, 5- or 9-position

ZIP code.Provider’s practice location telephone

number.I only.

Provider’s practice location fax number .... I only.Provider’s practice location e-mail address I only.Provider classification ................................ I and II .......... From Accredited Standards Committee X12N taxonomy. Includes type(s), classi-

fication(s), area(s) of specialization.Provider certification code ......................... I only ............. For certain Individuals only.Provider certification (certificate) number .. I only ............. For certain Individuals only.Provider license number ............................ I only ............. For certain Individuals only.Provider license State ................................ I only ............. For certain Individuals only.School code ............................................... I only ............. For certain Individuals only.School name .............................................. I only ............. For certain Individuals only.School city, State, country ......................... I only ............. For certain Individuals only.School graduation year .............................. I only ............. For certain Individuals only.


DISSEMINATION OF INFORMATION FROM THE NATIONAL PROVIDER FILE—Continued

Data elements Disseminationlevel Comments

Other provider number type ...................... I and II .......... Type of provider identification number also/formerly used by provider: UPIN, NSC,OSCAR, DEA, Medicaid State, PIN, Payer ID.

Other provider number .............................. I and II .......... Other provider identification number also/formerly used by provider.Group member name ................................ I and II .......... For Groups only. Name of Individual member of group. Includes first, middle, and

last names.Group member name suffix ....................... I and II .......... For Groups only. This is the Individual member’s name suffix. Includes Jr., Sr., II,

III, IV, and V.Organization type control code .................. I and II .......... For certain Organizations only. Includes Government—Federal (Military), Govern-

ment—Federal (Veterans), Government—Federal (Other), Government—State/County, Government—Local, Government—Combined Control, Non-Govern-ment—Non-profit, Non-Government—For Profit, and Non-Government—Not forProfit.

Clearly, the access to the public datawould have to be electronic in order tosupport the more frequent users. We areasking for comments on exactly whatshould be available in hardcopy, whattypes of electronic formats are necessary(for example, diskette, CD ROM, tape,cartridge, and via Internet), andfrequency of update. We anticipatemaking these data as widely available asfeasible. We note that the UPINDirectory (currently available to thepublic) would be discontinued andreplaced with a similar document orelectronic file once the NPS is in place.

We initially envisioned limitingaccess to the second level to healthplans and other entities involved inelectronic transactions and adding athird level of access, which would makea more abbreviated data set available tothe general public. This was in keepingwith the past policy of not disclosingphysicians’ practice addresses. Recentcourt decisions and our broader goal ofbeneficiary education caused us tochoose a broader data disseminationstrategy. We welcome comments on thispoint.

VI. New and Revised Standards

[Please label written and e-mailed commentsabout this section with the subject:Revisions.]

To encourage innovation and promotedevelopment, we intend to develop aprocess that would allow anorganization to request a revision orreplacement to any adopted standard orstandards.

An organization could request arevision or replacement to an adoptedstandard by requesting a waiver fromthe Secretary of Health and HumanServices to test a revised or newstandard. The organization must, at aminimum, demonstrate that the revisedor new standard offers an improvementover the adopted standard. If theorganization presents sufficientdocumentation that supports testing of a

revised or new standard, we want to beable to grant the organization atemporary waiver to test whileremaining in compliance with the law.The waiver would be applicable tostandards that could change over time;for example, transaction standards. Wedo not intend to establish a process thatwould allow an organization to avoidusing any adopted standard.

We would welcome comments on thefollowing: (1) How we should establishthis process, (2) the length of time aproposed standard should be testedbefore we decide whether to adopt it, (3)whether we should solicit publiccomments before implementing achange in a standard, and (4) otherissues and recommendations we shouldconsider in developing this process.

Following is one possible process:• Any organization that wishes to

revise or replace an adopted standardmust submit its waiver request to anHHS evaluation committee (notcurrently established or defined). Theorganization must do the following foreach standard it wishes to revise orreplace:

+ Provide a detailed explanation, nomore than 10 pages in length, of howthe revision or replacement would be aclear improvement over the currentstandard in terms of the principleslisted in section I.D., Process fordeveloping national standards, of thispreamble.

+ Provide specifications andtechnical capabilities on the revised ornew standard, including any additionalsystem requirements.

+ An explanation, no more than 5pages in length, of how the organizationintends to test the standard.

• The committee’s evaluation would,at a minimum, be based on thefollowing:

+ A cost-benefit analysis.+ An assessment of whether the

proposed revision or replacement

demonstrates a clear improvement to anexisting standard.

+ The extent and length of time of thewaiver.

• The evaluation committee wouldinform the organization requesting thewaiver within 30 working days of thecommittee’s decision on the waiverrequest. If the committee decides togrant a waiver, the notification mayinclude the following:

+ Committee comments such as thefollowing:

—The length of time for which thewaiver applies if it differs from thewaiver request.

—The sites the committee believes areappropriate for testing if they differfrom the waiver request.

—Any pertinent information regardingthe conditions of an approved waiver.

• Any organization that receives awaiver would be required to submit areport containing the results of thestudy, no later than 3 months after thestudy is completed.

• The committee would evaluate thereport and determine whether thebenefits of the proposed revision or newstandard significantly outweigh thedisadvantages of implementing it andmake a recommendation to theSecretary.

VII. Collection of InformationRequirements

Under the Paperwork Reduction Actof 1995, we are required to provide 60-day notice in the Federal Register andsolicit public comment before acollection of information requirement issubmitted to the Office of Managementand Budget (OMB) for review andapproval. In order to fairly evaluatewhether an information collectionshould be approved by OMB, section3506(c)(2)(A) of the PaperworkReduction Act of 1995 requires that wesolicit comment on the following issues:


• The need for the informationcollection and its usefulness in carryingout the proper functions of our agency.

• The accuracy of our estimate of theinformation collection burden.

• The quality, utility, and clarity ofthe information to be collected.

• Recommendations to minimize theinformation collection burden on theaffected public, including automatedcollection techniques.

Section 142.408(a), (c) Requirements:Health Care Providers

In summary, each health careprovider would be required to obtain, byapplication if necessary, a nationalprovider identifier and communicateany changes to the data elements in itsfile in the national provider system toan enumerator of national provideridentifiers within 60 days of the change.

Discussion:We are especially interested in

receiving comments on the possiblemethods of managing the providerenumeration process. Given themultitude of possible methodsassociated with managing theenumeration process, we are unable toprovide an accurate burden estimate atthis time. Below is the repeatedprovider identifier enumerationdiscussion, from section II., Provisionsof Proposed Regulations, E.Requirements, 3. Health care providers,of this preamble.

The process by which health careproviders will apply for and obtain NPIshas not yet been established. Thisproposed rule (in section III.,Implementation of the NPI) presentsimplementation options by whichhealth care providers would apply forand obtain NPIs. We are seekingcomments on the options and welcomeother options for consideration.

In one of the options we arepresenting, we anticipate that the initialenumeration of health care providersthat are already enrolled in Medicare,other Federal programs named as healthplans, and Medicaid would be done bythose health plans. Those health careproviders would not have to apply forNPIs but would instead have their NPIsissued automatically. Non-Federal andnon-Medicaid providers would need toapply for NPIs to a Federally-directedregistry for initial enumeration. Theinformation that would be needed inorder to issue an NPI to a health careprovider is discussed in this preamblein section IV., Data. Depending on theimplementation option selected, Federaland Medicaid health care providers maynot need to provide this informationbecause it would already be available tothe entities that would be enumerating

them. In one of the options, health careproviders would be assigned their NPIsin the course of enrolling in the Federalhealth plan or in Medicaid. Bothoptions may require, to some degree, thedevelopment of an application to beused in applying for an NPI.

We would require each health careprovider that has an NPI to forwardupdates to the data in the database to anNPI enumerator within 60 days of thedate the change occurs. We aresoliciting comments on whether theseupdates should be applicable to all thedata elements proposed to be includedin the NPF or only to those dataelements that are critical forenumeration. For example, we wouldlike to know whether the addition of acredential should be required to bereported within the 60-day period orwhether such updates should be limitedto name or address changes or otherdata elements that are required toenumerate a health care provider.

Given the multitude of possiblemethods of implementing theenumeration process we are solicitingpublic comment on each of thefollowing issues, before we submit acopy of this document to the Office ofManagement and Budget (OMB) for itsreview of these information collectionrequirements.

Sections 142.404 and 142.408(b)Requirements: Health Plans andRequirements: Health Care Providers

In summary, each health plan wouldbe required to accept and transmit,either directly or via a health careclearinghouse, the NPI of any healthcare provider required in any standardtransaction. Also, each health careprovider must use NPIs whereverrequired on all standard transactions itaccepts or transmits directly.

Discussion:The emerging and increasing use of

health care EDI standards andtransactions raises the issue of theapplicability of the PRA. The questionarises whether a regulation that adoptsan EDI standard used to exchangecertain information constitutes aninformation collection subject to thePRA. However, for the purpose ofsoliciting useful public comment weprovide the following burden estimates.

In particular, the initial burden on theestimated 4 million health plans and 1.2million health care providers to modifytheir current computer systems softwarewould be 2 hours/$60 per entity, for atotal burden of 10.4 million hours/$312million. While this burden estimate mayappear low, on average, we believe it tobe accurate. This is based on theassumption that these and the other

burden calculations associated withHIPAA administrative simplificationsystems modifications may overlap.This average also takes intoconsideration that (1) this standard maynot be used by several of the entitiesincluded in the estimate, (2) thisstandard may already be in use byseveral of the entities included in theestimate, (3) modifications may beperformed in an aggregate mannerduring the course of routine businessand/or, (4) modifications may be madeby contractors, such as practicemanagement vendors, in a single effortfor a multitude of affected entities.

We invite public comment on theissues discussed above. If you commenton these information collection andrecordkeeping requirements, please e-mail comments to [email protected](Attn:HCFA–0045) or mail copiesdirectly to the following:Health Care Financing Administration,

Office of Information Services,Information Technology InvestmentManagement Group, Division ofHCFA Enterprise Standards, RoomC2–26–17, 7500 Security Boulevard,Baltimore, MD 21244–1850. Attn:John Burke HCFA–0045.

and,Office of Information and Regulatory

Affairs, Office of Management andBudget, Room 10235, New ExecutiveOffice Building, Washington, DC20503, Attn: Allison Herron Eydt,HCFA Desk Officer.

VIII. Response to Comments

Because of the large number of itemsof correspondence we normally receiveon Federal Register documentspublished for comment, we are not ableto acknowledge or respond to themindividually. We will consider allcomments we receive by the date andtime specified in the DATES section ofthis preamble, and, if we proceed witha subsequent document, we willrespond to the comments in thepreamble to that document.

IX. Impact Analysis

A. Executive Summary

The costs of implementing thestandards specified in the statute areprimarily one-time or short-term costsrelated to conversion. These costsinclude system conversion/upgradecosts, start-up costs of automation,training costs, and costs associated withimplementation problems. These costswill be incurred during the first threeyears of implementation. The benefits ofEDI include reduction in manual dataentry, elimination of postal servicedelays, elimination of the costs


associated with the use of paper forms,and the enhanced ability of participantsin the market to interact with eachother.

In our analysis, we have used themost conservative figures available andhave taken into account the effects ofthe existing trend toward electronichealth care transactions. Based on thisanalysis, we have determined that thebenefits attributable to theimplementation of administrativesimplification will accrue almostimmediately but will not exceed costsfor health care providers and healthplans until after the third year ofimplementation. After the third year,the benefits will continue to accrue intofourth year and beyond. The total netsavings for the period 1998–2002 will be$1.5 billion (a net savings of $1.7 billionfor health plans, and a net cost of $.2billion for health care providers). Thesingle year net savings for the year 2002will be $3.1 billion ($1.6 billion forplans and $1.5 billion for providers).

B. IntroductionWe assessed several strategies for

determining the impact of the variousstandards that the Secretary willdesignate under the statute. We couldattempt to analyze the costs and savingsof each individual standardindependently or we could analyze thecosts and savings of all the standards inthe aggregate. We chose to base ouranalysis on the aggregate impact of allthe standards. Assessing the cost ofimplementing each standardindependently would yield inflatedcosts. The statute gives health careproviders and health plans 24 months(36 months for small health plans) toimplement each standard after it isdesignated. This will give the industryflexibility in determining the most cost-effective way of implementing thestandards. A health plan may decide toimplement more than one standard at atime or to combine implementation of astandard with other system changesdictated by its own business needs. Asa result, overall estimates will be moreaccurate than individual estimates.

Assessing the benefits ofimplementing each standardindependently would also beinaccurate. While each individualstandard is beneficial, the standards asa whole have a synergistic effect onsavings. For example, the combinationof the standard health plan identifierand standard claim format wouldimprove the coordination of benefitsprocess to a much greater extent thaneither standard individually. Clearly,the costs and benefits described in thisimpact analysis are dependent upon all

of the rules being published at roughlythe same time.

It is difficult to assess the costs andbenefits of such a sweeping change withno historical experience. Moreover, wedo not yet know enough about theissues and options related to thestandards that are still being developedto be able to discuss them here. Ouranalysis, as a result, will be primarilyqualitative and somewhat general. Inorder to address that shortcoming, wehave added a section discussing specificissues related to the provider identifierstandard. In each subsequent regulation,we will, if appropriate, include a sectiondiscussing the specifics of the standardor standards being designated in theregulation. In addition, we will updatethis analysis to reflect any additionalcost/benefit information that we receivefrom the public during the commentperiod for the proposed rule. We solicitcomments on this approach and on ourassumptions and conclusions.

C. Overall Cost/Benefit AnalysisIn order to assess the impact of the

HIPAA administrative simplificationprovisions, it is important to understandcurrent industry practices. A 1993 studyby Lewin–VHI (1, p. 4) estimated thatadministrative costs comprised 17percent of total health expenditures.Paperwork inefficiencies are acomponent of those costs, as are theinefficiencies caused by the more than400 different data transmission formatscurrently in use. Industry groups suchas ANSI ASC X12N have developedstandards for EDI transactions, whichare used by some health plans andhealth care providers. However,migration to these recognized standardshas been hampered by the inability todevelop a concerted approach, and even‘‘standard’’ formats such as the UniformBill (UB–92), the standard Medicarehospital claim form (which is used bymost hospitals, skilled nursing facilities,and home health agencies for inpatientand outpatient claims) are customizedby plans and health care providers.

Several reports have made estimatesof the costs and/or benefits ofimplementing electronic datainterchange (EDI) standards. Inassessing the impact of the HIPAAadministrative simplificationprovisions, the Congressional BudgetOffice reported that:

‘‘The direct cost of the mandates in TitleII of the bill would be negligible. Healthplans (and those providers who choose tosubmit claims electronically) would berequired to modify their computer softwareto incorporate new standards as they areadopted or modified. . . . Uniformstandards would generate offsetting savings

for plans and providers by simplifying theclaims process and coordination of benefits.’’(page 4 of the Estimate of Costs of PrivateSector Mandates)

The most extensive industry analysisof the effects of EDI standards wasdeveloped by WEDI in 1993, whichbuilt upon a similar 1992 report. TheWEDI report used an extensive amountof information and analysis to developits estimates, including data from anumber of EDI pilot projects. The reportincluded a number of electronictransactions that are not covered byHIPAA, such as materials management.The report projected implementationcosts ranging between $5.3 billion and$17.3 billion (3, p. 9–4) and annualsavings for the transactions covered byHIPAA ranging from $8.9 billion and$20.5 billion (3, pp. 9–5 and 9–6).Lewin estimated that the data standardsproposed in the HealthcareSimplification and Uniformity Act of1993 would save from 2.0 to 3.9 percentof administrative costs annually ($2.6 to$5.2 billion based on 1991 costs) (1, p.12). A 1995 study commissioned by theNew Jersey Legislature estimated yearlysavings of $760 million in New Jerseyalone, related to EDI claims processing,reducing claims rejection, performingeligibility checks, decreasing accountsreceivable, and other potential EDIapplications (4, p. 316)

We have drawn heavily on the WEDIreport for many of our estimates.However, our conclusions differ,especially in the area of savings, for anumber of reasons. The WEDI reportwas intended to assess the savings froma totally EDI environment, whichHIPAA does not mandate. Health careproviders may still choose to conductHIPAA transactions on paper. Inaddition, a significant amount ofmovement toward EDI has been made(especially in the claims area) since1993, and it is reasonable to assume thatEDI would have continued to grow atsome rate even without HIPAA. In orderto assess the true impact of thelegislation and these regulations, wecannot claim that all subsequentbenefits are attributable to HIPAA.

D. Implementation CostsThe costs of implementing the

standards specified in the statute areprimarily one-time or short-term costsrelated to conversion. They can becharacterized as follows:

1. System Conversion/Upgrade—Health care providers and health planswill incur costs to convert existingsoftware to utilize the standards. Healthplans and large health care providersgenerally have their own informationsystems, which they maintain with in-


house or contract support. Small healthcare providers are more likely to use off-the-shelf software developed andmaintained by a vendor. Examples ofsoftware changes include the ability togenerate and accept transactions usingthe standard (for example, claims,remittance advices) and converting orcrosswalking current provider files andmedical code sets to chosen standards.However, health care providers haveconsiderable flexibility in determininghow and when to accomplish thesechanges. One alternative to a completesystem redesign would be to purchase atranslator that reformats existing systemoutputs into standard transactionformats. A health plan or health careprovider could also decide toimplement two or more relatedstandards at once or to implement oneor more standards during a softwareupgrade. We expect that each healthcare provider’s and health plan’ssituation will differ and that each willselect a cost-effective implementationscheme. Many health care providers usebilling agents or claims clearinghousesto facilitate EDI. (Although we discussbilling agents and claims clearinghousesas separate entities in this impactanalysis, billing agents are considered tobe the same as clearinghouses forpurposes of administrativesimplification.) Those entities wouldalso have to reprogram to accommodatestandards. We would expect these coststo be passed on to health care providersin the form of fee increases or to beabsorbed as a cost of doing business.

2. Start-up Cost of Automation—Thelegislation does not require health careproviders to conduct transactionselectronically. Those who do notcurrently have electronic capabilitieswould have to purchase and implementhardware and software and train staff touse it in order to benefit from EDI.However, this is likely to be less costlyonce standards are in place, becausethere will be more vendors supportingthe standard.

3. Training—Health care provider andhealth plan personnel will requiretraining on use of the various standardidentifiers, formats, and code sets. Forthe most part this will be directedtoward administrative personnel, buttraining in new code sets would berequired for clinical staff as well.

4. Implementation problems—Theimplementation of any industry-widestandards will inevitably introduceadditional complexity as health plansand health care providers struggle to re-establish communication and processtransactions using the new formats,identifiers, and code sets. This is likelyto result in a temporary increase in

rejected transactions, manual exceptionprocessing, payment delays, andrequests for additional information.

While the majority of costs are one-time costs related to implementation,there are also on-going costs associatedwith administrative simplification.Health care providers and health plansmay incur on-going costs to subscribe toor purchase documentation andimplementation guides related to codesets and standard formats as well ashealth plan and provider identifierdirectories or data files. These entitiesmay already be incurring some of thesecosts, and the costs under HIPAA wouldbe incremental. We will be pursuinglow-cost distribution options to keepthese costs as low as possible.

In addition, EDI could affect cash flowthroughout the health insuranceindustry. Electronic claims reach thehealth plan faster and can be processedfaster. This has the potential to improvehealth care providers’ cash flowsituations while decreasing healthplans’ earnings on cash reserves.

The only known impact onindividuals and employers (other thanthose that function as health plans) isthe need to obtain an identifier.

E. Benefits of Increased Use of EDI forHealth Care Transactions

Some of the benefits attributable toincreased EDI can be readily quantified,while others are more intangible. Forexample, it is easy to compute thesavings in postage from EDI claims, butattributing a dollar value to processingefficiencies is difficult. In fact, the lattermay not result in lower costs to healthcare providers or health plans but maybe categorized as cost avoidance, ratherthan savings. For example, a health careprovider may find that its billing officestaff can be reduced from four clerks tothree after standards are implemented.The health care provider could decideto reduce the staff size, to reduce thebilling office staff and hire additionalclinical personnel, or to retain the staffand assign new duties to them. Only thefirst option results in a ‘‘savings’’ (i.e.,fewer total dollars spent) for the healthcare provider or the health careindustry. However, all three optionsallow health care providers to reduceadministrative costs associated withbilling. We are considering these to bebenefits for purposes of this analysisbecause it is consistent with the way theindustry views them.

The benefits of EDI to industry ingeneral are well documented in theliterature. One of the most significantbenefits of EDI is the reduction inmanual data entry. The paperprocessing of business transactions

requires manual data entry at the pointin which the data are received andentered into a system. For example, thedata on a paper health care transactionfrom a health care provider to a healthplan have to be manually entered intothe health plan’s business system. If thepatient has more than one health plan,the second health plan would also haveto manually enter the data into itssystem if it cannot receive theinformation electronically. Thepotential for repeated keying ofinformation transmitted via paperresults in increased labor as well assignificant opportunities for keyingerrors. EDI allows for direct datatransmission between computersystems, which reduces the need torekey data.

Another problem with paper-basedtransactions is that these documents aremostly mailed. Normal delivery times ofmailings can vary anywhere from one toseveral days for normal first class mail.To ship paper documents more quicklycan be expensive. While bulk mailingscan reduce some costs, paper mailingsremain costly. Using postal services canalso lead to some uncertainty as towhether the transaction was received,unless more expensive certified mailoptions are pursued. A benefit of EDI isthat the capability exists for the senderof the transaction to receive anelectronic acknowledgment once thedata is opened by the recipient. Also,because EDI involves direct computer tocomputer data transmission, theassociated delays with postal servicesare eliminated. With EDI,communication service providers suchas value added networks function aselectronic post offices and provide 24-hour service. Value added networksdeliver data instantaneously to thereceiver’s electronic mailbox.

In addition to mailing time delays,there are other significant costs in usingpaper forms. These include the costs ofmaintaining an inventory of forms,typing data onto forms, addressingenvelopes, and the cost of postage. Theuse of paper also requires significantstaff resources to receive and store thepaper during normal processing. Thepaper must be organized to permit easyretrieval if necessary.

F. The Role of Standards in Increasingthe Efficiency of EDI

There has been a steady increase inuse of EDI in the health care marketsince 1993, and we predict that therewould be some continued growth, evenwithout national standards. However,we believe the upward trend in EDIhealth care transactions will beenhanced by having national standards


in place. Because national standards arenot in place today, there continues to bea proliferation of proprietary formats inthe health care industry. Proprietaryformats are those that are unique to anindividual business. Due to proprietaryformats, business partners that wish toexchange information via EDI mustagree on which formats to use. Sincemost health care providers do businesswith a number of plans, they mustproduce EDI transactions in manydifferent formats. For small health careproviders, this is a significantdisincentive for converting to EDI.

National standards would allow forcommon formats and translations ofelectronic information that would beunderstandable to both the sender andreceiver. If national standards were inplace, there would be no need todetermine what format a trading partnerwas using. Standards also reducesoftware development and maintenancecosts that are required for convertingproprietary formats. The basic costs ofmaintaining unique formats are thehuman resources spent converting dataor in personally contacting entities togather the data because of incompatibleformats. These costs are reflected inincreased office overhead, and areliance on paper and third partyvendors as well as communicationdelays and general administrativehassle. Health care transactionstandards will improve the efficiency ofthe EDI market and will help furtherpersuade reluctant industry partners tochoose EDI over traditional mailservices.

The statute directs the Secretary toestablish standards and sets out thetimetable for doing so. The Secretarymust designate a standard for each ofthe specified transactions andidentifiers but does have the discretionto designate alternate standards (forexample, both a flat file and X12Nformat for a particular transaction). Wehave chosen to designate a singlestandard for each identifier andtransaction. On the surface, allowingalternate standards would seem to be amore flexible approach, permittinghealth care providers and health plansto choose which standard best fits theirbusiness needs. In reality, health plansand health care providers generallyconduct EDI with multiple partners.Since the choice of a standardtransaction format is a bilateral decisionbetween the sender and receiver, mosthealth plans and health care providerswould need to support all of thedesignated standards for the transactionin order to meet the needs of all of theirtrading partners. Single standards will

maximize net benefits and minimizeongoing confusion.

Health care providers and healthplans have a great deal of flexibility inhow and when they will implementstandards. The statute specifies dates bywhich health plans will have adoptedstandards, but within that time periodhealth plans can determine when and inwhich order they will implementstandards. Health care providers havethe flexibility to determine when it iscost-effective for them to convert to EDI.Health plans and health care providershave a wide range of vendors andtechnologies from which to choose inimplementing standards and can chooseto utilize a health care clearinghouse toproduce standard transactions.Implementation options for transactionswill be the subject of more detailedanalysis in a subsequent regulation.

G. Cost/Benefit TablesThe tables below illustrate the costs

for health plans and health careproviders to implement the standardsand the savings that will occur overtime as a result of the HIPAAadministrative simplificationprovisions. All estimates are stated in1998 dollars—no adjustment has beenmade for present value.

The tables are extracted from a reportprepared by our actuaries, who analyzedthe impact of the HIPAA administrativesimplification provisions. Usingstandard actuarial principles, theyutilized data from a wide range ofindustry sources as a base for theirestimates but revised them as needed toprecisely reflect the impact of thelegislation. For example, the number ofhealth care providers and percentage ofEDI transactions were adjusted to reflectexpected 1998 levels. Where data werenot available (for example, thepercentage of EDI billing for hospices),estimates were developed based onassumptions. Where data from multiplesources were in conflict, the varioussources were considered in developingan independent estimate. Theseprocesses are complex and are describedin detail in the actuaries’ report, both innarrative form and in footnotes to tables.The report is too voluminous to publishhere, and it is not feasible to describethe processes used to arrive at each andevery number. We are presenting herethe data that are most critical toassessing the impact of HIPAAadministrative simplification provisionsand a general description of theprocesses used to develop those data.The full actuarial report is available forinspection at the HCFA document roomand at the following web site: http://aspe.os.dhhs.gov/admnsimp/.

The costs are based on estimates forthe cost of a moderately complex set ofsoftware upgrades. The range of coststhat health plans and health careproviders will incur is quite large andis based on such factors as the size andcomplexity of the existing systems,ability to implement using existing low-cost translator software, and reliance onhealth care clearinghouses to createstandard transactions. The cost of amoderately complex upgrade representsa reasonable midpoint in this range. Inaddition, we assume that health plansand health care providers with existingEDI systems will incur implementationcosts related to manual operations tomake those processes compatible withthe EDI systems. For example, manualprocesses may be converted to recognizestandard identifiers or to produce paperremittance advices that contain thesame data elements as the EDI standardtransaction. We have estimated thosecosts to equal 50 percent of the upgradecost. Health care providers that do nothave existing EDI systems will alsoincur some costs due to HIPAA, even ifthey choose not to implement EDI for allof the HIPAA transactions. For example,a health care provider may have tochange accounting practices in order toprocess the revised paper remittanceadvice discussed above. Health plansmust accept HIPAA transactions viaEDI, but not all health plans will becalled upon to accept all HIPAAtransactions. For example, some healthplans process only dental claims, whileothers process claims for institutionaland noninstitutional services. We haveassumed the average cost for non-EDIhealth care providers and health plansto be half that of already-automatedhealth care providers and health plans.

Savings are based on the estimatedincrease in EDI attributable to theHIPAA administrative simplificationprovisions, multiplied by a pertransaction savings for each type oftransaction. Our estimates are muchlower than those included in the WEDIreport, primarily because we onlyrecognize savings that would not haveoccurred without the legislation. Whilesome industry estimates of gross savings(not net of costs) have been as high as$32.8 billion over five years, webelieved it was important to utilize themost conservative assumptions possible.It is important to view these estimatesas an attempt to furnish a realisticcontext rather than as precise budgetarypredictions. Our estimates also do notinclude any benefits attributable toqualitative aspects of Administrativesimplification, because of the lack ofreliable data. (For example, we do not


attempt to put a dollar value onimproved public health practices thatwill result from implementation ofstandard identifiers.) We stronglyencourage comments on how toquantitatively and qualitatively measurethe efficiencies realized as a result of theHIPAA administrative simplificationstandards.

More detailed information regardingdata sources and assumptions isprovided in the explanations for thespecific tables.

Table 1 below shows estimated costsand savings for health plans. Thenumber of entities is based on the WEDIreport, Department of Labor data, andvarious trade publications trendedforward to 1998. The cost per healthplan for software upgrades is based onthe WEDI report, which estimated arange of costs required to implement afully capable EDI environment. Thehigh-end estimates ranged from two toten times higher than the low-end

estimates. We have used the lower endof the estimates in most cases because,as explained above, HIPAA does notrequire as extensive changes asenvisioned by WEDI. The estimatedpercentages of health plans that acceptelectronic billing are based on reports inthe 1997 edition of Faulkner & Gray’sHealth Data Directory (5). The total costfor each type of health plan is the sumof the cost for EDI and non-EDI plans.Cost for EDI plans is computed asfollows:Total Entities × EDI % × Average

Upgrade Cost × 1.5(Note: As described above, the cost ofchanging manual processes is estimated to behalf the cost of system changes.)

Cost for non-EDI plans is computed asfollows:Total entities × (1×EDI %) × Average

Upgrade Cost × .5(Note: As described above, cost to non-EDIhealth care providers is assumed to be halfthe cost of systems changes.)

The $3.9 billion in savings is derivedfrom Table 4, and represents savings tohealth plans for the first five years ofimplementation. The assumptionsrelated to these savings are contained inthe explanation to Table 4. The savingshave been apportioned to each type ofhealth plan based on the ratio of thathealth plan type’s cost to the cost to allhealth plans. For example, a plan typethat incurs ten percent of the costswould be assigned ten percent of thesavings. We acknowledge that this is animprecise method for allocating savings.We have not been able to identify areliable method for allocating savings tospecific types of health plans butnonetheless believed that it wasimportant to present costs and savingstogether in order to provide a sense ofhow the HIPAA administrativesimplification provisions would affectvarious entities.

Table 1.—Health Plan Implementation Costs and Savings[in Millions—1998–2002]

Type of plan Number ofplans Average cost Percent

EDITotal cost

(in millions)Savings

(in millions)

Large commercials ....................................................................... 250 $1,000,000 .90 $350 $620Smaller commercials .................................................................... 400 500,000 .50 200 354Blue Cross/Blue Shield ................................................................. 75 1,000,000 .90 106 188Third-party administered ............................................................... 750 500,000 .50 375 665HMO/PPO ..................................................................................... 1,500 250,000 .50 375 665Self-administered .......................................................................... 16,000 50,000 .25 600 1,063Other employer plans ................................................................... 3,900,000 100 .00 195 345

Total ....................................................................................... ........................ ........................ ................ $2,201 $3,900

Table 2 illustrates the costs andsavings attributable to various types ofhealth care providers.

The number of entities (practices, notindividual health care providers) isbased on the 1992 Census of Services,the 1996 Statistical Abstract of theUnited States, and the AmericanMedical Association survey of grouppractices trended forward to 1998.Estimated percentages of EDI billing arebased on the 1997 edition of Faulkner& Gray’s Health Data Directory or areactuarial estimates.

The cost of software upgrades forpersonal computers (PCS) is based on

reports on the cost of software upgradesto translate and communicatestandardized claims forms. The low endis used for smaller practices and thehigh end for larger practices with PCS.The estimate for mainframe upgradepackages is twice the upper end for PCS.The cost per upgrade for facilities isours after considering estimates byWEDI and estimates of the cost of newsoftware packages in the literature. Theestimates fall within the range of theWEDI estimates, but that range is quitelarge. For example, WEDI estimates thecost for a large hospital upgrade wouldbe from $50,000 to $500,000. For an

explanation of the method forcomputing Total Cost, see theexplanation for Table 1.

The $3.4 billion in savings is derivedfrom Table 4 and represents savings tohealth care providers for the first fiveyears of implementation. We haveincluded them here to provide a senseof how the HIPAA administrativesimplification provisions would affectvarious entities. As in Table 1, thesavings have been apportioned to eachtype of health care provider based onthe ratio of that health care providertype’s cost to the cost to all health careproviders.

TABLE 2.—HEALTH CARE PROVIDER IMPLEMENTATION COSTS AND SAVINGS

[In millions—1998–2002]

Type of provider Number ofproviders Average cost Percent

EDITotal cost


(in millions)

Hospitals <100 beds ..................................................................... 2,850 $100,000 .86 $388 $369Hospitals 100+ beds ..................................................................... 3,150 250,000 .86 1,071 1,019Nursing facility <100 beds ............................................................ 27,351 10,000 .50 274 260Nursing facility 100+ beds ............................................................ 8,369 20,000 .50 167 159


TABLE 2.—HEALTH CARE PROVIDER IMPLEMENTATION COSTS AND SAVINGS—Continued[In millions—1998–2002]

Type of provider Number ofproviders Average cost Percent

EDITotal cost


(in millions)

Home health agency ..................................................................... 10,608 10,000 .75 133 126Hospice ......................................................................................... 1,191 10,000 .10 7 7Dialysis facility .............................................................................. 1,211 10,000 .75 15 14Specialty outpatient ...................................................................... 7,175 10,000 .75 90 85Pharmacy ...................................................................................... 70,100 4,000 .85 379 360Medical labs .................................................................................. 9,000 4,000 .85 49 46Dental labs .................................................................................... 8,000 1,500 .50 12 11DME .............................................................................................. 116,800 1,500 .50 175 167Physicians solo and groups <3 .................................................... 337,000 1,500 .20 354 337Physicians groups 3+ with mainframe .......................................... 17,000 8,000 .75 170 162Physicians groups 3+ with PCS ................................................... 15,000 4,000 .40 54 51Physicians groups 3+ no automation ........................................... 2,000 0 .00 0 0Osteopaths .................................................................................... 35,600 1,500 .10 32 30Dentists ......................................................................................... 147,000 1,500 .14 141 134Podiatrists ..................................................................................... 8,400 1,500 .05 7 6Chiropractors ................................................................................ 29,000 1,500 .05 24 23Optometrists .................................................................................. 18,200 1,500 .05 14 14Other professionals ....................................................................... 23,600 1,500 .05 20 19

Total ....................................................................................... ........................ ........................ ................ 3,574 3,400

Table 3 shows the estimates we usedto determine the portion of EDI increaseattributable to the HIPAA administrativesimplification provisions. Theproportion of claims that would beprocessed electronically even withoutHIPAA is assumed to grow at the samerate from 1998 through 2002 as it didfrom 1992 to 1996, except that the ratefor hospitals, which is already high, isassumed to grow at one percent

annually instead of the two percent thatwas observed from 1992–1996. Theproportion of ‘‘other’’ provider claims ishigh because it includes pharmaciesthat generate large volumes of claimsand have a high rate of electronicbilling.

The increase attributable to HIPAA ishighly uncertain and is critical to thesavings estimate. Our actuary arrived atthese estimates based on an analysis of

the current EDI environment. Becausethe rate of growth in electronic billingis already high, there is not much roomfor added growth. On the other hand,much of the increase that has alreadyoccurred is attributable to Medicare andMedicaid; private insurers and thirdparty administrators still have fairly lowrates of electronic billing and maybenefit significantly fromstandardization.

TABLE 3.—PERCENT GROWTH IN EDI CLAIMS ATTRIBUTABLE TO HIPAA AS PROVISIONS

[Cumulative]

Type of Provider 1998(percent)

1999(percent)

2000(percent)

2001(percent)

2002(percent)

Physician:Percent before HIPAA ....................................................................... 45 50 55 60 65Percent after HIPAA .......................................................................... 45 52 59 66 73

Difference .......................................................................................... .................... 2 4 6 8

Hospital:Percent before HIPAA ....................................................................... 86 87 88 89 90Percent after HIPAA .......................................................................... 86 88 89 91 92

Difference .......................................................................................... .................... 1 1 2 2

Other:Percent before HIPAA ....................................................................... 75 76 77 78 79Percent after HIPAA .......................................................................... 75 78 81 84 87Difference .......................................................................................... .................... 2 4 6 8

Table 4 shows the annual costs,savings, and net savings over a five-yearimplementation period. We assume thatthe costs will be incurred within thefirst three years, since the statuterequires health plans other than smallhealth plans to implement within 24months and small health plans to

implement within 36 months. As eachhealth plan implements a standard,health care providers that conductelectronic transactions with that healthplan would also implement thestandard. We assume that no savingswould accrue in the first year, becausenot enough health plans and health care

providers would have implemented thestandards. Savings would increase asmore health plans and health careproviders implement, exceeding costs inthe fourth year. At that point, themajority of health plans and health careproviders will have implemented the


standards, and costs will decrease andbenefits will increase as a result.

The savings per claim processedelectronically instead of manually isbased on the lower end of the rangeestimated by WEDI. We have used $1per claim for health plans andphysicians, and $.75 per claim forhospitals and other health careproviders. These estimates are based onsurveys of health care providers andhealth plans. Savings per EDI claim arecomputed by multiplying the per claimsavings times the number of EDI claimsattributed to HIPAA. The total numberof EDI claims is used in computing thesavings to health plans, while thesavings for specific health care providergroups is computed using only thenumber of EDI claims generated by thatgroup (for example, savings to

physicians is computed using onlyphysician EDI claims).

WEDI also estimated savings resultingfrom other HIPAA transactions. Thesavings per transaction was higher thanthe savings from electronic billing, butthe number of transactions was muchsmaller. Our estimates for transactionsother than claims were derived byassuming a number of transactions anda savings per transaction relative tothose assumed for the savings forelectronic billing (see table 4a). Ingeneral our assumptions are close tothose used by WEDI. One majordifference is that we derived the numberof enrollment/disenrollmenttransactions from Department of Laborstatistics. We used their estimate of thenumber of events requiring a certificateto be issued, which includes such

actions as starting or leaving a firm,children ‘‘aging out’’ of coverage anddeath of policyholder. That estimate isabout 45 million events. We usedWEDI’s estimate that the savings pertransaction is about half that of billingtransactions.

We also assumed that savings couldbe expected from simplifications inmanual claims. The basic assumption isthat the savings are ten percent (pertransaction) of those that are projectedfor conversion to electronic billing.However, it is also assumed that thestandards only gradually allow healthcare providers and health plans toabandon old forms and identifiersbecause of the many relationships thathave been established with otherentities that will require a period ofoverlap.

TABLE 4.—FIVE-YEAR NET SAVINGS

[in billions of dollars]

Costs and savings 1998 1999 2000 2001 2002 Total

Costs:Provider ...................................................................................... 1.3 1.3 1.1 0.0 0.0 3.6Plan ............................................................................................ 0.8 0.8 0.7 0.0 0.0 2.2

Total .................................................................................... 2.0 2.0 1.7 0.0 0.0 5.8

Savings From Claims Processing:Provider ...................................................................................... 0.0 0.1 0.3 0.4 0.6 1.4Plan ............................................................................................ 0.0 0.1 0.2 0.4 0.5 1.2

Total .................................................................................... 0.0 0.2 0.5 0.8 1.1 2.6

Savings from Other Transactions:Provider ...................................................................................... 0.0 0.2 0.4 0.7 1.1 2.4Plan ............................................................................................ 0.0 0.2 0.4 0.6 0.8 2.0

Total .................................................................................... 0.0 0.3 0.8 1.2 1.8 4.1

Savings From Manual Transactions:Provider ...................................................................................... 0.0 0.0 0.1 0.1 0.1 0.3Plan ............................................................................................ 0.0 0.0 0.1 0.1 0.1 0.3

Total .................................................................................... 0.0 0.1 0.1 0.2 0.2 0.6

Total Savings:Provider ...................................................................................... (1.3) (1.0) (0.5) 1.0 1.5 (0.2)Plan ............................................................................................ (0.8) (0.5) 0.0 1.2 1.6 1.7

Total .................................................................................... (2.0) (1.4) (0.3) 2.2 3.1 1.5

Note: Figures do not total due to rounding.

Table 4a shows the savings pernonclaim transaction as a multiple ofclaims savings per transaction and theratio of transactions to number ofclaims. These values were used todetermine the savings for nonclaimstransactions.

TABLE 4A.—RELATIVE SAVINGS ANDVOLUME OF OTHER TRANSACTIONS

Transaction Savings Volume

Claim ....................... 1.0 1.0Claims inquiry ......... 4.0 0.5Remittance advice .. 1.5 0.10Coordination of ben-

efits ...................... 0.5 0.10Eligibility inquiry ...... 0.5 0.05Enrollment/

disenrollment ....... 0.5 0.01

TABLE 4A.—RELATIVE SAVINGS ANDVOLUME OF OTHERTRANSACTIONS—Continued

Transaction Savings Volume

Referral ................... 0.1 0.10

H. Qualitative Impacts ofAdministrative Simplification

Administration simplificationproduces more than hard-dollar savings.There are also qualitative benefits that


are less tangible, but neverthelessimportant. These changes becomepossible when data can be more easilyintegrated across entities. WEDI suggestsin its 1993 report that there will be a‘‘ripple-effect’’ of implementing an EDIinfrastructure on the whole health caredelivery system in that there would bea reduction in duplicate medicalprocedures and processes as a patient ishandled by a continuum of health careproviders during an episode of care.WEDI also suggests that there will be areduction in the exposure to health carefraud as security controls on electronictransactions will prevent unauthorizedaccess to financial data.

We also believe that having standardsin place would reduce administrativeburden and improve job satisfaction. Forexample, fewer administrative staffwould be required to translateprocedural codes, since a common set ofcodes would be used. All codes used inthese transactions will be standardized,eliminating different values for dataelements (for example, place of service).

Administrative simplification wouldpromote the accuracy, reliability andusefulness of the information shared.For example, today there are anynumber of claims formats andidentifiers in use. We estimate that thereare over 400 variations of electronicformats for claims transactions alone. Aswe noted earlier, these variations makeit difficult for parties to exchangeinformation electronically. At aminimum, it requires data to betranslated from the sender’s own formatto the different formats specified byeach intended receiver. Also, sinceindustry has taken different approachesto uniquely identifying patients, healthcare providers and health plans (basedon their individual business needs andpreferences), it has become difficult todevelop methods to compare servicesacross health care providers and healthplans. This mixed approach toenumeration has made it extremelydifficult for health care researchers to docomparative analysis across settings andover time, and complicatesidentification of individuals for publichealth and epidemiologic purposes.

Administrative simplification greatlyenhances the sharing of data bothwithin entities and across entities. Itfacilitates the coordination of benefitinformation by having in place astandardized set of data that is knownto all parties, along with standardizedname and address information that tellswhere to route transactions. Today,health care providers are reluctant tofile claims to multiple health plans onthe behalf of the patient becauseinformation about a patient’s eligibility

in a health plan is difficult to verify.Additionally, identifying informationabout health plans is not standardizedor centralized for easy access. Mostclaims filed by patients today aresubmitted in hardcopy. We anticipatethat more health care providers will fileclaims and coordinate benefits on thepatient’s behalf once standardidentifiers are adopted and thisinformation is made availableelectronically.

I. Regulatory Flexibility AnalysisThe Regulatory Flexibility Act (RFA)

of 1980, Public Law 96–354, requires usto prepare a regulatory flexibilityanalysis if the Secretary certifies that aproposed regulation would have asignificant economic impact on asubstantial number of small entities. Inthe health care sector, a small entity isone with less than $5 million in annualrevenues. Nonprofit organizations areconsidered small entities; however,individuals and States are not includedin the definition of a small entity. Wehave attempted to estimate the numberof small entities and provide a generaldiscussion of the effects of the statute.We request comments and additionalinformation about our estimates anddiscussion.

All nonprofit Blue Cross-Blue ShieldPlans are considered small entities. Twopercent of the approximately 3.9 millionemployer health plans are consideredsmall businesses. All doctors ofosteopathy, dentists, podiatrists,chiropractors, and solo and groupphysicians’ offices with fewer than threephysicians are considered small entities.Forty percent of group practices with 3or more physicians and 90 percent ofoptometrist practices are consideredsmall entities. Seventy-five percent ofall pharmacies, medical laboratories,dental laboratories and durable medicalequipment suppliers are assumed to besmall entities.

We found the best source forinformation about the health datainformation industry to be Faulkner &Gray’s Health Data Dictionary. Thispublication is the most comprehensivewe found of its kind. The information inthis directory is gathered by Faulkner &Gray editors and researchers who calledall of the more than 3,000 organizationsthat are listed in the book to elicitinformation about their operations. It isimportant to note that some businessesare listed as more than one type ofbusiness entity. That is because inreporting the information, companiescould list themselves as up to threedifferent types of entities. For example,some businesses listed themselves asboth practice management vendors as

well as claims software vendors becausetheir practice management software was‘‘EDI enabled.’’

All the statistics referencing Faulkner& Gray’s come from the 1996 edition ofits Health Data Dictionary. It lists 100third party claims processors, whichincludes health care clearinghouses (5–33). Faulkner & Gray define third partyclaims processors as entities undercontract that take electronic and paperhealth care claims data from health careproviders and billing companies thatprepare bills on a health care provider’sbehalf. The third party claims processoracts as a conduit to health plans; itbatches claims and routes transactionsto the appropriate health plan in a formthat expedites payment.

Of the 100 third party processors/clearinghouses listed in thispublication, seven processed more that20 million electronic transactions permonth. Another 14 handled 2 million ormore transactions per month andanother 29 handled over a millionelectronic transactions per month. Theremaining 50 entities listed processedless than a million electronictransactions per month. We believe thatalmost all of these entities have annualrevenues of under $5 million and wouldtherefore be considered small entities byour definition.

Another entity that is involved in theelectronic transmission of health caretransactions is the value added network.Value added networks are involved inthe electronic transmission of data overtelecommunication lines. We includevalue added networks in the definitionof a health care clearinghouse. Faulkner& Gray list 23 value added networks thathandle health care transactions (5, p.544). After further discussion, theeditors clarified that only 8 of the 23would be considered ‘‘pure’’ valueadded networks. We believe that all ofthese companies have annual revenuesof over $5 million.

A billing company is another entityinvolved in the electronic routing ofhealth care transactions. It worksprimarily with physicians either inoffice or hospital-based settings. Billingcompanies, in effect, take over the officeadministrative functions for a physician;they take information such as copies ofmedical notes and records and prepareclaim forms that are then forwarded toan insurer for payment. Billingcompanies may also handle the receiptof payments, including posting paymentto the patient’s record on behalf of thehealth care provider. They can belocated within or outside of thephysician’s practice setting.

The International Billing Associationis a trade association representing


billing companies. The InternationalBilling Association estimated that thereare approximately 4500 billingcompanies currently in business in theUnited States. The International BillingAssociation’s estimates are based on thename and address of actual billingcompanies that it compiled indeveloping its mailing list. We believeall of the 4500 billing companies knownto be in business have revenues under$5 million annually.

Software system vendors providecomputer software applications supportto health care clearinghouses, billingcompanies, and health care providers.They particularly work with health careproviders’ practice management andhealth information systems. Thesebusinesses provide integrated softwareapplications for such services asaccounts receivable management,electronic claims submission (patientbilling), record keeping, patientcharting, practice analysis and patientscheduling. Some software vendors arealso involved in providing applicationsfor translating paper and nonstandardcomputer documents into standardizedformats that are acceptable to healthplans.

Faulkner & Gray list 104 physicianpractice management vendors andsuppliers (5, p. 520), 105 hospitalinformation systems vendors andsuppliers (5, p. 444), 134 softwarevendors and suppliers for claims-relatedtransactions (5, p. 486), and 28translation vendors (5, p. 534). We wereunable to determine the number of theseentities with revenues over $5 million,but we assume most of these businesseswould be considered small entitiesunder our definition.

As discussed earlier in this analysis,the cost of implementing the standardsspecified in the statute are primarilyone-time or short-term costs related toconversion. They were characterized asfollows: software conversion, cost ofautomation, training, implementationproblems, and cost of documentationand implementation guides. Rather thanrepeat that information here, we referyou to the beginning of this impactanalysis.

1. Health care Providers and HealthPlans

As a result of standard data formatand content, health care providers andhealth plans that wish to do businesselectronically could do so knowing thatwhatever capital outlays they make areworthwhile, with some certainty ofreturn on investment. This is becauseentities that exchange electronic healthcare transactions would be required toreceive and send transactions in the

same standard formats using the samehealth care provider and health planidentifiers. We believe this will be anincentive to small physicians’ offices toconvert from paper to EDI. In a 1996Office of the Inspector General studyentitled ‘‘Encouraging Physicians to UsePaperless Claims,’’ the Office of theInspector General and HCFA agreed thatover $36 million in annual Medicareclaims processing savings could beachieved if all health care providerssubmitting 50 or more Medicare claimsper month submitted themelectronically. Establishment of EDIstandards will make it financiallybeneficial for many small health careproviders to convert to electronic claimsubmissions, because all health planswould accept the same formats.

Additionally, we believe that thosehealth care providers that currently usehealth care clearinghouses and billingagencies will see costs stabilize andpotentially some cost reduction. Thiswould result from the increasedefficiency that health careclearinghouses and billing companieswill realize from being able to moreeasily link with health care industrybusiness partners.

2. Third Party VendorsThird party vendors include third

party processors/clearinghouses(including value added networks),billing companies, and software systemvendors. While the market for thirdparty vendors will change as a result ofstandardization, these changes will bepositive to the industry and itscustomers over the long term. However,the short term/one time costs discussedabove will apply to the third partyvendor community.

a. Clearinghouses and BillingCompanies

As noted above, health careclearinghouses are entities that takehealth care transactions, convert theminto standardized formats acceptable tothe receiver, and forward them on to theinsurer. Billing companies take on theadministrative functions of aphysician’s office. The market forclearinghouse and billing companyservices will definitely be affected bythe HIPAA administrative simplificationprovisions; however there appears to besome debate on how the market forthese services will be affected.

It is likely that competition amonghealth care clearinghouses and billingcompanies will increase over time. Thisis because standards would reduce someof the technical limitations thatcurrently inhibit health care providersfrom conducting their own EDI. For

example, by eliminating therequirement to maintain severaldifferent claims standards for differenttrading partners, health care providerswill be able to more easily linkthemselves directly to health plans. Thiscould negatively affect the market forhealth care clearinghouses and systemvendors that do translation services;however, standards should increase theefficiency in which health careclearinghouses operate by allowingthem to more easily link to multiplehealth plans. The increased efficiency inoperations resulting from standardscould, in effect, lower their overheadcosts as well as attract new health careclearinghouse customers to offset anyloss in market share that they mightexperience.

Another potential area of change isthat brought about through standardizedcode sets. Standards would lower costsand break down logistical barriers thatdiscouraged some health care providersfrom doing their own coding andbilling. As a result, some health careproviders may choose an in-housetransaction system rather than using abilling company as a means ofexercising more control overinformation. Conversely, health careclearinghouses may acquire some short-term increase in business from thosehealth care providers that are automatedbut do not use the selected standards.These health care providers would hirehealth care clearinghouses to take datafrom the nonstandard formats they areusing and convert them into theappropriate standards. Generally, wewould also expect health careclearinghouses to identify opportunitiesto add value to transaction processingand to find new business opportunities,either in marketing promotionalmaterials or in training health careproviders on the new transaction sets.Standards would increase the efficiencyof health care clearinghouses, whichcould in turn drive costs for theseservices down. Health careclearinghouses may be able to operatemore efficiently or at a lower cost basedon their ability to gain market share.Some small billing companies may beconsumed by health care clearinghousesthat may begin offering billing servicesto augment their health careclearinghouse activities. However, mosthealth care providers that use billingcompanies would probably continue todo so because of the comprehensive andpersonalized services these companiesoffer.

Value added networks do notmanipulate data but rather transmit datain its native form overtelecommunication lines. We anticipate


that the demand for value addednetwork services would increase asadditional health care providers andhealth plans move to electronic dataexchange. Standards would eliminatethe need for data to be reformatted,which would allow health careproviders to purchase value addednetwork services individually ratherthan as a component of the full range ofclearinghouse services.

b. Software VendorsAs noted above, software vendors

provide computer software applicationssupport to health care clearinghousesand health care providers. Theyparticularly work with health careproviders’ practice management andhealth information systems. We believethese entities would be affectedpositively, at least in the short term. Theimplementation of administrativesimplification would enhance theirbusiness opportunities as they would beinvolved in developing computerizedsoftware solutions that would allow forhealth care providers and other entitiesthat exchange health care data tointegrate the new transaction set intotheir existing systems. They may also beinvolved in developing softwaresolutions to manage the crosswalk ofexisting health care provider and healthplan identifiers to the national provideridentifier and health plan identifier(PAYERID) until such time as allentities have implemented theidentifiers.

J. Unfunded MandatesWe have identified costs to the private

sector to implement these standards.Although these costs are unfunded, weexpect that they will be offset bysubsequent savings as detailed in thisimpact analysis.

Most costs will occur in the first 3years following the adoption of theHIPAA standards, with savings to healthcare providers and health plansexceeding costs in the fourth year. Five-year costs of implementing the HIPAAstandards are estimated at $ 5.8 billionfor health care providers and healthplans combined. Savings to theseentities over the same period inelectronic claims processing, otherelectronic transactions (e.g., enrollmentsand disenrollments), and manualtransactions are estimated at $ 7.3billion, for a net savings of $ 1.5 billionin 5 years.

The costs to State and localgovernments and tribal organizationsare also unfunded, but we do not havesufficient information to provideestimates of the impact of thesestandards on those entities. Several

State Medicaid agencies have estimatedthat it would cost $1 million per stateto implement all the HIPAA standards.However, the Congressional BudgetOffice analysis stated that ‘‘States arealready in the forefront in administeringthe Medicaid program electronically;the only costs—which should not besignificant—would involve bringing thesoftware and computer systems for theMedicaid programs into compliancewith the new standards.’’ The reportwent on to point out that Medicaid Stateagencies have the option to compensateby reducing other expenditures and thatother State and local governmentagencies are likely to incur less in theway of costs since most of them willhave fewer enrollees. Moreover, theFederal government pays a portion ofthe cost of converting State MedicaidManagement Information Systems(MMIS) as Federal FinancialParticipation—75 percent for systemmaintenance changes and 90 percent fornew software (if approved). Many Statesare in the process of changing systemsas they convert many of the currentfunctions in the move to enrollMedicaid beneficiaries in managed care.

K. Specific Impact of Provider IdentifierThis is the portion of the impact

analysis that relates specifically to thestandard that is the subject of thisregulation—the health care provideridentifier. This section describesspecific impacts that relate to theprovider identifiers. However, as weindicated in the introduction to thisimpact analysis, we do not intend toassociate costs and savings to specificstandards. In addition, this sectionassesses the relative cost impact of thevarious identifier options andimplementation options set out in theregulation.

Although we cannot determine thespecific economic impact of thestandard being proposed in this rule(and individually each standard maynot have a significant impact), theoverall impact analysis makes clear that,collectively, all the standards will havea significant impact of over $100 millionon the economy. Also, while eachstandard may not have a significantimpact on a substantial number of smallentities, the combined effects of all theproposed standards may have asignificant effect on a substantialnumber of small entities. Therefore, thefollowing impact analysis should beread in conjunction with the overallimpact analysis.

In accordance with the provisions ofExecutive Order 12866, this proposedrule was reviewed by the Office ofManagement and Budget.

1. Affected entities.a. Health care providers.Health care providers that conduct

electronic transactions with healthplans would have to begin to use theNPI in those transactions. Health careproviders that are indirectly involved inelectronic transactions (for example, bysubmitting a paper claim that the healthplan transmits electronically to asecondary payer) may also use the NPI.Any negative impact on these healthcare providers generally would berelated to the initial implementationperiod. They would incurimplementation costs for convertingsystems, especially those that generateelectronic claims, from current provideridentifiers to the NPI. Some health careproviders would incur those costsdirectly and others would incur them inthe form of fee increases from billingagents and health care clearinghouses.

Health care providers not only wouldhave to include their own NPI onclaims, but they would also have toobtain and use NPIs of other health careproviders (for example, for referring andordering). This would be a moresignificant implementation workload forlarger institutional health careproviders, such as hospitals, that wouldhave to obtain the NPIs for eachphysician practicing in the hospital.However, these health care providersare accustomed to maintaining thesetypes of data. There would also be apotential for disruption of claimsprocesses and timely payments during aparticular health plan’s transition to theNPI. Some health care providers that donot do business with governmentprograms may be resistant to obtainingan NPI and providing data aboutthemselves that would be stored in anational database.

Health care providers would also haveto obtain an NPI and report changes inpertinent data. Under one of theenumeration options presented in thispreamble, current Medicare providerswill receive their NPIs automatically,and other health care providers may beenumerated in this manner to the extentthat appropriate valid data files areavailable. New health care providerswould have to apply for an NPI. Thisdoes not impose a new burden on healthcare providers. The vast majority ofhealth plans issue identifiers to thehealth care providers with whom theytransact business in order to facilitatethe electronic processing of claims andother transactions. The information thathealth care providers must supply inorder to receive an NPI is significantlyless than the information most healthplans require to enroll a health careprovider. There would be no new cost


burden; the statute does not support ourcharging health care providers to receivean NPI.

After implementation, health careproviders would no longer have to keeptrack of and use different identifiers fordifferent insurers. This would simplifyprovider billing systems and processesand reduce administrative expenses. Astandard identifier would facilitate andsimplify coordination of benefits,resulting in faster, more accuratepayments. Under option 2 of theenumeration options, (see sectionIX.K.2.d. of this preamble, onenumerators), many health careproviders (all those doing business withMedicare) would receive their NPIsautomatically and would be able toreport changes in the data contained inthe NPS to a single place and have thechanges made available to many healthplans.

b. Health plans.Health plans that engage in electronic

commerce would have to modify theirsystems to use the NPI. This conversionwould have a one-time cost impact onFederal, State, and private health plansalike and is likely to be more costly forhealth plans with complex systems thatrely on intelligent provider numbers.Disruption of claims processing andpayment delays could result. However,health plans would be able to scheduletheir implementation of the NPI andother standards in a manner that bestfits their needs, as long as they meet thedeadlines specified in the legislation.

Once the NPI has been implemented,health plans’ coordination of benefitsactivities would be greatly simplifiedbecause all health plans would use thesame health care provider identifier. Inaddition, utilization review and otherpayment safeguard activities would befacilitated, since health care providerswould not be able to use multipleidentifiers and could be easily trackedover time and across geographic areas.Health plans currently assign their ownidentification numbers to health careproviders as part of their enrollmentprocedures, and this would no longer benecessary. Existing enumerationsystems maintained by Federal healthprograms would be phased out, andsavings would result.

c. Health care clearinghouses.Health care clearinghouses would face

impacts (both positive and negative)similar to those experienced by healthplans. However, implementation wouldlikely be more complex, because healthcare clearinghouses deal with manyhealth care providers and health plansand would have to accommodate bothold and new health care provider

identifiers until all health plans withwhich they deal have converted.

2. Effects of Various Options.a. Guiding Principles for Standard

Selection.The implementation teams charged

with designating standards under thestatute have defined, with significantinput from the health care industry, aset of common criteria for evaluatingpotential standards. These criteria arebased on direct specifications in theHIPAA, the purpose of the law, andprinciples that support the regulatoryphilosophy set forth in Executive Order12866 of September 30, 1993, and thePaperwork Reduction Act of 1995.These criteria also support and areconsistent with the principles of thePaperwork Reduction Act of 1995. Inorder to be designated as a standard, aproposed standard should:

• Improve the efficiency andeffectiveness of the health care systemby leading to cost reductions for orimprovements in benefits fromelectronic HIPAA health caretransactions. This principle supports theregulatory goals of cost-effectivenessand avoidance of burden.

• Meet the needs of the health datastandards user community, particularlyhealth care providers, health plans, andhealth care clearinghouses. Thisprinciple supports the regulatory goal ofcost-effectiveness.

• Be consistent and uniform with theother HIPAA standards—their dataelement definitions and codes and theirprivacy and security requirements—and, secondarily, with other private andpublic sector health data standards. Thisprinciple supports the regulatory goalsof consistency and avoidance ofincompatibility, and it establishes aperformance objective for the standard.

• Have low additional developmentand implementation costs relative to thebenefits of using the standard. Thisprinciple supports the regulatory goalsof cost-effectiveness and avoidance ofburden.

• Be supported by an ANSI-accredited standards developingorganization or other private or publicorganization that will ensure continuityand efficient updating of the standardover time. This principle supports theregulatory goal of predictability.

• Have timely development, testing,implementation, and updatingprocedures to achieve administrativesimplification benefits faster. Thisprinciple establishes a performanceobjective for the standard.

• Be technologically independent ofthe computer platforms andtransmission protocols used in HIPAAhealth transactions, except when they

are explicitly part of the standard. Thisprinciple establishes a performanceobjective for the standard and supportsthe regulatory goal of flexibility.

• Be precise and unambiguous, but assimple as possible. This principlesupports the regulatory goals ofpredictability and simplicity.

• Keep data collection and paperworkburdens on users as low as is feasible.This principle supports the regulatorygoals of cost-effectiveness andavoidance of duplication and burden.

• Incorporate flexibility to adapt moreeasily to changes in the health careinfrastructure (such as new services,organizations, and provider types) andinformation technology. This principlesupports the regulatory goals offlexibility and encouragement ofinnovation.

We assessed the various candidatesfor a provider identifier against theprinciples listed above, with the overallgoal of achieving the maximum benefitfor the least cost. We found that the NPImet all the principles, but no othercandidate identifier met all theprinciples, or even those principlessupporting the regulatory goal of cost-effectiveness. We are assessing the costsand benefits of the NPI, but we did notassess the costs and benefits of otheridentifier candidates, because they didnot meet the guiding principles. Weinvite your comments on the costs andbenefits of the alternative candidate NPIoptions for the various market segments.

b. Need To ConvertBecause there is no standard provider

identifier in widespread use throughoutthe industry, adopting any of thecandidate identifiers would requiremost health care providers, health plansand health care clearinghouses toconvert to the new standard. In the caseof the NPI, all health care providerswould have to convert because thisidentifier is not in use presently. As wepointed out in our analysis of thecandidates, even the identifiers that arein use are not used for all purposes orfor all provider types. The selection ofthe NPI does not impose a greaterburden on the industry than thenonselected candidates, and presentssignificant advantages in terms of cost-effectiveness, universality, uniquenessand flexibility.

c. Complexity of ConversionSome existing provider identifier

systems assign multiple identifiers to asingle health care provider in order todistinguish the multiple identities thehealth care provider has in the system.For example, in these systems, thehealth care provider may have a


different identifier to represent each‘‘pay-to’’ identity, contract or provideragreement, practice location, andspecialty or provider type. Since the NPIis a unique identifier for each healthcare provider, it would not distinguishthese multiple identities. Systems thatneed to distinguish these identitieswould need to use data other than theNPI to do so. The change to use otherdata would add complexity to theconversion to the NPI or to any otherstandard provider identifier, but it isnecessary in order to achieve the goal ofunique identification of the health careprovider.

The complexity of the conversionwould also be significantly affected bythe degree to which health plans’processing systems currently rely onintelligent identifiers. For example, ahealth plan may route claims todifferent processing routines based onthe type of health care provider bykeying on a provider type code includedin the identifier. Converting from oneunintelligent identifier to another is lesscomplex than modifying software logicto obtain needed information from otherdata elements. However, the use of anunintelligent identifier is required inorder to meet the guiding principle ofassuring flexibility.

Specific technology limitations ofexisting systems could affect thecomplexity of conversion. For example,some existing provider data systems usea telephone keypad to enter data. Dataentry of alpha characters isinconvenient in these systems. In orderto mitigate this inconvenience, wewould implement the NPI by initiallyassigning numeric NPIs. After allnumeric possibilities have beenexhausted, we would introduce alphacharacters in one position at a time.This implementation strategy wouldallow additional time for systems withtechnology limitations to overcomeconversion difficulties.

In general, the shorter the identifier,the easier it is to implement. It is morelikely that a shorter identifier, such asthe NPI, would fit into existing dataformats.

The selection of the NPI does notimpose a greater burden on the industrythan the nonselected candidates.

d. EnumeratorsBased on the analysis discussed

earlier in the preamble, we assess thetwo most viable combinations of choicesfor the entities that would enumeratehealth care providers. We do not assesschoices that permit large numbers ofenumerators (for example, all healthplans, educational institutions,professional associations) because these

choices do not satisfy the criticalprogrammatic requirements ofmaintaining a high degree of dataquality and consistency and minimizingconfusion for health care providers.

No matter which of the twoenumeration options is chosen, certaincosts and impacts would not vary.

• We assume that the NPS would beused in both options to generate NPIsand serve as the central enumerationsystem and database. We began todevelop the NPS for Medicare use, andthis effort, which was funded by HCFA,is now nearing completion. As the NPSbecomes national in scope, we estimatethat the cost of maintaining the NPSsoftware, hardware, andtelecommunications, and operating aHelp Desk to deal with user questions,would cost approximately $10.4 millionover the first three years of operationand approximately $2.9 million per yearthereafter. Roughly half of these costsare attributable to telecommunicationsexpenses. This analysis presumes theavailability of Federal funds to supportthe development and operations of theNPS. However, we are seekingcomments on how the NPS could befunded once it becomes national.

• We further assume that, in bothoptions, the same implementationstrategy of loading the NPS databaseusing health plans’ existing prevalidatedfiles will be utilized to the extentpossible. This would reduce costs bynot repeating the process of soliciting,receiving, controlling, validating andkeying applications from health careproviders that have already beenenumerated by a trusted source. Forexample, we would use existingMedicare provider files to initially loadthe NPS database. The majority of workto reformat and edit these files hasalready been completed.

We estimate that approximately 1.2million current health care providersand 30,000 new health care providersannually would require NPIs becausethey conduct HIPAA transactions.

An additional 3 million health careproviders (120,000 new health careproviders annually) do not conductHIPAA transactions, but they maychoose to be enumerated at some futuretime. We refer to these health careproviders as ‘‘non-HIPAA-transactionhealth care providers’’ (see section 4.Enumeration Phases of this preamble).These health care providers would beprimarily individual practitioners suchas registered nurses and pharmacistswho perform services in institutions andwhose services are not billed by theinstitution. More research is required onthe time frame and process for

enumerating these health careproviders.

Based on Medicare carriers’ costs, wehave estimated that the average cost toenumerate a health care provider shouldnot exceed $50. Enumeration activitieswould include assisting health careproviders and answering questions,accepting the application for an NPI;validating as many of the data elementsas possible at the point of application toassure the submitted data are accurateand the application is authentic;entering the data into the NPS to obtainan NPI for the health care provider;researching cases where there is apossible match to a health care provideralready enumerated; notifying thehealth care provider of the assigned NPI;and entering updated data into the NPSwhen notified by the health careprovider. The cost of processing a dataupdate is not known, and for purposesof this analysis we are assuming anaverage cost of $10 per updatetransaction, and that 5 percent per yearof these health care providers on filewould have updated data. However, weestimate that approximately 15 percentof health care providers that do notconduct business with Federal healthplans or Medicaid would requireupdates each year. These health careproviders may be unfamiliar with theterminology for some of the informationthey need to provide in order to beenumerated; thus, they may need tocorrect errors they could have made incompleting the applications for NPIs ormay have a need to change some of thatinformation for other reasons. The pertransaction cost would be lower ifpractice location addresses andmembership in groups were notcollected (see section IV., Data, andsection IX.E., Maintenance of theDatabase, of this preamble) and ifenumerators were already validatingdata as part of their own enrollmentprocesses. The number of updateswould also be affected by the practicelocation and group membership issuesbecause these data are more volatilethan demographic data (see IV., Data,and IX.E., Maintenance of the Database,of this preamble).

For a similarly sized commercialnumbering system that uniquelyidentifies corporations and assignsunique identifiers, we have receivedindependent estimates from Dun &Bradstreet (D&B) of $7 per enumerationand $3 per update. The D&B estimatesare based on the cost of assigning andmaintaining the Data UniversalNumbering System (D–U–N–S) number.The D–U–N–S number is a nine-digit,non-indicative number assigned to eachrecord in D&B’s file. It uses a modulus


10 check digit in the ninth position.Over 47 million D–U–N–S numbershave been assigned, worldwide, with 22million attributed to locations in theUnited States. D&B uses the D–U–N–Snumber to enumerate businesses,including commercial sites, soleproprietorships, cottage industries,educational institutions, not-for-profits,and government entities, but does notmaintain records on private individuals.D&B estimates an average cost of $7 toadd a record to its database and assignit a unique record identifier. Toestablish a record and ensureuniqueness, D&B requires the entity’slegal name, any ‘‘doing business as’’names, physical address, telephonenumber, chief executive, date started,line of business, number of employeesand relationship(s) with other businessentities. D&B runs a daily computerprocess to audit all records addedduring the day and extracts any thatmay be duplicates for research by ananalyst. Updates to each record areestimated at approximately $3 but canrun as high as $30 per year for veryrobust database entries, some of whichcontain 1500 different data elements.

The D&B estimates may beunderstated for our purposes becausethe four to six data elements used touniquely identify the enumeratedcorporations do not require verification.We welcome comments on which dataelements are required to uniquelyidentify health care providers(individuals, groups, and organizations),on whether verification of the data isnecessary for purposes of enumeration,and on estimates of the cost toenumerate and update that minimumdata set. We understand that the costwould be lower if the number andcomplexity of the data elements werereduced, but this cost must be balancedagainst the level of confidence that canbe placed in the uniqueness of thehealth care providers identified.Specific consideration of these tradeoffsin submitted comments will be veryhelpful.

The $50 estimated average cost toenumerate a health care provider is anupper limit. The cost would decreasesignificantly if the second dataalternative is selected (see section IV.B.,Practice Addresses and Group/Organization Options, of this preamble).

Under this alternative, the NPS wouldcapture only one practice address for anindividual or organization provider. Itwould not assign location codes. TheNPS would not link the NPI of a groupprovider to the NPIs of individuals whoare members of the group. Costs woulddecrease because we would collectsignificantly less data at the time ofenumeration, and the data that would becollected would not need to be updatedvery frequently. Recent consultationswith the industry reveal a growingconsensus for this alternative.

Table 5 below provides estimates as tothe cost of each enumeration option forstart-up and outyear, with Federal,State, and private costs, for HIPAA-transaction and non-HIPAA-transactionhealth care providers, and the Federalcosts of the NPS. We define ‘‘start-up’’as the first 3 years during which theNPS becomes operational nationally andthe bulk of the health care providersrequiring NPIs are enumerated.‘‘Outyear’’ would be each subsequentyear, in which the majority of actionswould be enumerations of new healthcare providers and provider updates.Assumptions follow the table.

TABLE 5.—ENUMERATION COSTS: FEDERAL, STATE, AND PRIVATE

Enumeration Costs: Federal, State, and Private

Costs to:

Start-up costsHIPAA-trans-action provid-

ers

Outyear costsHIPAA-trans-action provid-

ers

Start-up costsnon-HIPAA-transactionproviders

Outyear costsnon-HIPAA-transactionproviders

OPTION 1—REGISTRY

Federal for NPS ................................................................................................ 10,400,000 2,900,000 ........................ ........................Federal for non-HIPAA-transaction health care providers ............................... ........................ ........................ 165,000,000 7,500,000Federal .............................................................................................................. 64,560,000 2,280,000 ........................ ........................State ................................................................................................................. 0 0 ........................ ........................Private ............................................................................................................... 0 0 ........................ ........................

Total ........................................................................................................... 74,960,000 5,180,000 ........................ ........................

OPTION 2—COMBINATION OF FEDERAL HEALTH PLANS, MEDICAID STATE AGENCIES, AND FEDERALLY-DIRECTED REGISTRY

Federal for NPS ................................................................................................ 10,400,000 2,900,000 ........................ ........................Federal for non-HIPAA-transaction health care providers ............................... ........................ ........................ 165,000,000 7,500,000Federal (if all Medicaid State agencies participate) ......................................... 9,990,000 495,000 ........................ ........................Federal (if 5% of Medicaid State agencies decline to participate) .................. 10,310,000 505,000 ........................ ........................State (if all Medicaid State agencies participate) ............................................. 0 0 ........................ ........................State (if 5% of Medicaid State agencies decline to participate) ...................... 0 0 ........................ ........................Private ............................................................................................................... 0 0 ........................ ........................

Total (if all Medicaid State agencies participate) ...................................... 20,390,000 3,395,000 ........................ ........................

Total (if 5% of Medicaid State agencies decline to participate) ............... 20,710,000 3,405,000 ........................ ........................

Assumptions

1. Definitions

a. ‘‘HIPAA-transaction health careprovider’’ means a health care providerthat we would require to have an NPI;that is, a health care provider that must

be identified in the transactionsspecified in HIPAA.

b. ‘‘Non-HIPAA-transaction healthcare provider’’ means a health careprovider that we would not require tohave an NPI.

c. ‘‘Start-up’’ means the first 3 yearsin which the NPS becomes operationalnationally and the bulk of the healthcare providers requiring NPIs areenumerated. It is the sum of the cost ofenumerating existing health careproviders in the first year plus the


annual cost of enumerating new andupdating existing health care providersfor the 2 subsequent years.

d. ‘‘Outyear’’ means each subsequentyear in which the majority of actionswould be enumerating new health careproviders and updating existing ones. Itis the sum of the cost of enumeratingnew health care providers plus the costof updating existing health careproviders.

2. The cost to enumerate a health careprovider that is not enrolled or enrollingin a Federal health plan (e.g., Medicare,CHAMPUS) or Medicaid is estimated tobe $50. (See Assumption 4.)

3. The cost to update information ona health care provider that is notenrolled or enrolling in a Federal healthplan (e.g., Medicare, CHAMPUS) orMedicaid is estimated to be $10. (SeeAssumption 4.)

4. The cost to Federal health plans(e.g., Medicare, CHAMPUS) andMedicaid to enumerate or update theirown health care providers is relativelysmall as these health plans must collectthe same information to enroll or updatethe health care providers in their ownprograms. Possible up-front costs tothese health plans and Medicaid wouldbe offset by simpler, more efficientcoordination of benefits, elimination ofthe need to maintain multipleenumeration systems, and eliminationof the need to maintain other providernumbers. The Federal Government pays75 percent of Medicaid State agencies’costs to enumerate and update healthcare providers. Because all of these costsare relatively small and would be offsetby savings, they are considered to be $0(zero).

5. This analysis presumes theavailability of Federal funds to supportthe registry.

6. It is estimated that 5 percent ofexisting HIPAA-transaction health careproviders that conduct business withFederal health plans or Medicaidrequire updates annually; 15 percent ofthe remaining HIPAA-transaction healthcare providers require updates annually.

7. It is estimated that 5 percent ofMedicaid State agencies may decline toparticipate in enumerating/updatingtheir health care providers. The registrywould enumerate/update that 5 percent.

8. Non-HIPAA-transaction health careproviders would not be enumerated inthe initial phases of enumeration. Thesecosts are estimated to be $165,000,000for start-up and $7,500,000 for outyear.The registry would enumerate/updatethese health care providers only if fundsare available.

Option 1 calls for all 1.2 millionHIPAA-transaction health careproviders to be enumerated by a

Federally-directed registry. The one-time cost for the registry to assign NPIsto existing HIPAA-transaction healthcare providers would depend on theextent to which existing files could beused. The cost could be as high as $60million (1.2 million health careproviders × $50) or as low as $9 million(see option 2). The low estimateassumes that prevalidated provider filesare available for 100 percent of allFederal and Medicaid providers. Theannual outyear cost would be $2.1million (30,000 new health careproviders × $50 plus 60,000 updates ×$10). The Federal health plans andMedicaid State agencies would nolonger have to assign their ownidentifiers, which would result in somesavings, but they would still incur costsrelated to provider enrollment activitiesthat would duplicate Federally-directedregistry functions (for example,duplicate collection and verification ofsome information).

Option 2 calls for enumeration ofHIPAA-transaction health careproviders to be performed by acombination of Federal programs namedas health plans, Medicaid Stateagencies, and a Federally-directedregistry. This registry would enumeratenon-Federal, non-Medicaid providers.All enumerators would receive,validate, and enter application data intothe NPS and would communicate withhealth care providers. Data files wouldbe available from a central source. Theregistry would utilize the NPS andwould be operated under Federaloversight but could, if appropriate, becontracted out.

Medicare, Medicaid, CHAMPUS, andthe Department of Veterans Affairsalready assign identifiers to health careproviders with whom they conductbusiness. They would simply begin touse the NPS to issue NPIs instead ofusing their own systems to assign theidentifiers they now use. Initially, theseFederal health plans and Medicaid mayincur up-front costs in issuing NPIs;however, these additional costs wouldbe offset by savings from the fact thateach health care provider would onlyhave to be enumerated once; multipleenumeration systems would not have tobe maintained; other provider numberswould not have to be maintained; andcoordination of benefits would besimpler and more efficient. We estimatethat approximately 5 percent ofMedicaid State agencies may decline toparticipate (that is, they would notenumerate and update their health careproviders). These health care providerswould need to be enumerated andupdated by the Federally-directedregistry; however, that cost would be

offset by savings realized by thediscontinuance of UPIN assignment andmaintenance of the UPIN registry. Weestimate that approximately 85 percentof the health care providers that conductHIPAA transactions would beenumerated in this manner (75 percentby Federal health plans, 10 percent byMedicaid). Additional costs, if any, toenumerate these health care providersor update their data would beinsignificant.

The remaining 15 percent of healthcare providers that conduct HIPAAtransactions (180,000) would beenumerated by a Federally-directedregistry. The one-time cost ofenumerating these health care providerswould be $9 million (180,000 healthcare providers × $50). The cost ofenumerating 4,500 new health careproviders would be $225,000 per year,and the cost to process 27,000 updateswould be $270,000, for a total registrycost of $495,000 per outyear.

Based on the cost estimates in thisanalysis, option 1 is considerably moreexpensive than option 2. We believeoption 2 to be preferable to option 1 inthat Federal programs and MedicaidState agencies would enumerate andupdate their own health care providers.The enumeration functions of the 5percent of Medicaid State agencies thatmay decline to enumerate and updatetheir own health care providers wouldfall to the Federally-directed registry.

The initial and ongoing cost ofdeveloping, implementing andoperating the NPS would be borne bythe Federal government, depending onthe availability of funds; some of thiscost could be offset by ceasing currentenumeration systems like Medicare’sUPIN registry.

The previous analysis relates only tohealth care providers that are requiredto have an NPI to perform HIPAAtransactions. The remaining health careproviders would not be required toobtain an NPI but could do so if theywished to have one for other reasons.We indicated in the Implementationsection of this preamble that we wouldnot issue NPIs to these health careproviders until the health care providersthat needed NPIs to conduct any of theelectronic transactions specified inHIPAA had been enumerated. The costof enumerating the approximately 3million non-HIPAA-transaction healthcare providers could be as high as $150million (3 million health care providers× $50). We are soliciting comments onsources of information on non-HIPAA-transaction health care providers. Wecannot provide a realistic estimate of thecost of enumerating these health careproviders without this additional input.


e. Maintenance of the Database

Another cost implication is themaintenance of the database beingdeveloped by the NPS. (We discuss thiscost implication in more detail insection IV. Data but believe the generaldiscussion should be repeated here inthe impact analysis as well.) Thatdatabase, known as the NationalProvider File (NPF), is currently beingdesigned to contain the data elementsshown in the table entitled, ‘‘NationalProvider File Data Elements’’ in sectionIV. Data, A. Data Elements, earlier inthis preamble. The majority of theinformation is used to uniquely identifya health care provider; otherinformation is used for administrativepurposes. A few of the data elements arecollected at the request of potentialusers that have been working withHCFA in designing the database prior tothe passage of HIPAA. All of these dataelements represent only a fraction of theinformation that would comprise aprovider enrollment file. The dataelements shown in the ‘‘NationalProvider File Data Elements’’ tableearlier in the preamble, plus cease/effective/termination dates, switches(yes/no), indicators, and history, arebeing considered as those that wouldform the NPF. The table includesappropriate comments. The table doesnot display systems maintenance orsimilar fields, or health care providercease/effective/termination dates.

We need to consider the benefits ofretaining all of the data elements shownin the table versus lowering the cost ofmaintaining the database by keepingonly the minimum number of dataelements needed for unique provideridentification. We solicit input on thecomposition of the minimum set of dataelements needed to uniquely identifyeach type of health care provider. Inorder to consider the inclusion orexclusion of data elements, we need toassess their purpose and use.

The data elements in the table with apurpose of ‘‘I’’ are being proposed toidentify a health care provider, either inthe search process (which is electronic)or in the investigation of health careproviders designated as possiblematches by the search process. Thesedata elements are critical becauseunique identification is the keystone ofthe NPS.

The data elements in the table with apurpose of ‘‘A’’ are not essential to theidentification processes mentionedabove, but they nonetheless arevaluable. Certain ‘‘A’’ data elements canbe used to contact a health care providerfor clarification of information orresolution of issues encountered in the

enumeration process and for sendingwritten communications; other ‘‘A’’ dataelements (e.g., Provider Enumerate Date,Provider Update Date, EstablishingEnumerator/Agent Number) are used toorganize and manage the data.

The data elements in the table with apurpose of ‘‘U’’ are collected at therequest of potential users of theinformation in the system. While notused by the system’s search process touniquely identify a health care provider,Race (with a purpose of ‘‘U’’) isnevertheless valuable in theinvestigation of health care providersdesignated as possible matches as aresult of that process. In addition, Raceis important to the utility of the NPS asa statistical sampling frame. Race iscollected ‘‘as reported’’; that is, it is notvalidated. It is not maintained, onlystored. The cost of keeping this dataelement is virtually nil. Other dataelements (Resident/Intern Code,Provider Certification Code andNumber, and Organization Type ControlCode) with a purpose of ‘‘U’’, while notused for enumeration of a health careprovider, have been requested to beincluded by some members of the healthcare industry for reports and statistics.These data elements are optional and donot require validation; many remainconstant by their nature; and the cost tostore them is negligible.

The data elements that we judge willbe expensive to either validate ormaintain (or both) are the licenseinformation, provider practice locationaddresses, and membership in groups.We solicit comments on whether thesedata elements are necessary for theunique enumeration of health careproviders and whether validation ormaintenance is required for thatpurpose.

Licenses may be critical indetermining uniqueness of a health careprovider (particularly in resolvingidentifies involving compoundsurnames) and are, therefore, consideredto be essential by some. Licenseinformation is expensive to validateinitially, but it is not expensive tomaintain because it does not changefrequently.

The practice location addresses can beused to aid in investigating possibleprovider matches, in converting existingprovider numbers to NPIs, and inresearch involving fraud orepidemiology. Location codes, whichare discussed in detail in section B.Practice Addresses and Group/Organization Options of this preamble,could be assigned by the NPS to pointto and identify practice locations ofindividuals and groups. Some potentialusers felt that practice addresses

changed too frequently to be maintainedefficiently at the national level. Theaverage Medicare physician has two tothree addresses at which he or shepractices. Group providers may havemany more practice locations. Weestimate that 5 percent of health careproviders require updates annually andthat addresses are one of the mostfrequently changing attributes. As aresult, maintaining more than onepractice address for an individualprovider on a national scale could beburdensome and time consuming. Manypotential users believe that practiceaddresses could more adequately bemaintained at local, health-plan specificlevels.

Some potential users felt thatmembership in groups was useful inidentifying health care providers. Manyothers, however, felt that these data arehighly volatile and costly to maintain.These users felt it was unlikely thatmembership in groups could besatisfactorily maintained at the nationallevel.

We welcome comments on the dataelements proposed for the NPF andinput as to the potential usefulness andtradeoffs for these elements such asthose discussed above.

References

1. Dobson, Allen, Ph.D. and Bergheiser,Matthew; ‘‘Reducing Administrative Costs ina Pluralistic Delivery System throughAutomation;’’ Lewin-VHI Report prepared forthe Healthcare Financial ManagementAssociation; 1993.

2. Congressional Budget Office; ‘‘FederalCost Estimate for H.R. 3070;’’ 1996.

3. Workgroup for Electronic DataInterchange; ‘‘Report,’’ 1993.

4. ‘‘Electronic Network Solution for RisingHealthcare Costs;’’ New Jersey Institute ofTechnology and Thomas Edison StateCollege, 1995.

5. Faulkner & Gray’s Health Data Directory,1997 Edition; Kurt T. Peters, Publisher (alsoearlier editions).

List of Subjects in 45 CFR Part 142

Administrative practice andprocedure, Health facilities, Healthinsurance, Hospitals, Medicare,Medicaid.

Accordingly, 45 CFR subtitle A,subchapter B, would be amended byadding Part 142 to read as follows:

Note to Reader: This proposed rule andanother proposed rule found elsewhere inthis Federal Register are two of severalproposed rules that are being published toimplement the administrative simplificationprovisions of the Health Insurance Portabilityand Accountability Act of 1996. We proposeto establish a new 45 CFR Part 142. ProposedSubpart A—General Provisions is exactly thesame in each rule unless we have added newsections or definitions to incorporate


additional general information. The subpartsthat follow relate to the specific provisionsannounced separately in each proposed rule.When we publish the first final rule, eachsubsequent final rule will revise or add to thetext that is set out in the first final rule.

PART 142—ADMINISTRATIVEREQUIREMENTS

Subpart A—General Provisions

Sec.142.101 Statutory basis and purpose.142.102 Applicability.142.103 Definitions.142.104 General requirements for health

plans.142.105 Compliance using a health care

clearinghouse.142.106 Effective date of a modification to

a standard or implementationspecification.

Subparts B—C [Reserved]

Subpart D—National Provider IdentifierStandard

142.402 National provider identifierstandard.

142.404 Requirements: Health plans.142.406 Requirements: Health care

clearinghouses.142.408 Requirements: Health care

providers.142.410 Effective dates of the initial

implementation of the national provideridentifier standard.

Authority: Sections 1173 and 1175 of theSocial Security Act (42 U.S.C. 1320d-2 and1320d-4).

Subpart A—General Provisions

§ 142.101 Statutory basis and purpose.Sections 1171 through 1179 of the

Social Security Act, as added by section262 of the Health Insurance Portabilityand Accountability Act of 1996, requireHHS to adopt national standards for theelectronic exchange of healthinformation in the health care system.The purpose of these sections is topromote administrative simplification.

§ 142.102 Applicability.(a) The standards adopted or

designated under this part apply, inwhole or in part, to the following:

(1) A health plan.(2) A health care clearinghouse when

doing the following:(i) Transmitting a standard transaction

(as defined in § 142.103) to a health careprovider or health plan.

(ii) Receiving a standard transactionfrom a health care provider or healthplan.

(iii) Transmitting and receiving thestandard transactions when interactingwith another health care clearinghouse.

(3) A health care provider whentransmitting an electronic transaction asdefined in § 142.103.

(b) Means of compliance are stated ingreater detail in § 142.105.

§ 142.103 Definitions.For purposes of this part, the

following definitions apply:Code set means any set of codes used

for encoding data elements, such astables of terms, medical concepts,medical diagnostic codes, or medicalprocedure codes.

Health care clearinghouse means apublic or private entity that processes orfacilitates the processing of nonstandarddata elements of health information intostandard data elements. The entityreceives health care transactions fromhealth care providers, health plans,other entities, or other clearinghouses,translates the data from a given formatinto one acceptable to the intendedrecipient, and forwards the processedtransaction to the appropriate recipient.Billing services, repricing companies,community health managementinformation systems, community healthinformation systems, and ‘‘value-added’’networks and switches that performthese functions are considered to behealth care clearinghouses for purposesof this part.

Health care provider means aprovider of services as defined insection 1861(u) of the Social SecurityAct, a provider of medical or otherhealth services as defined in section1861(s) of the Social Security Act, andany other person who furnishes or billsand is paid for health care services orsupplies in the normal course ofbusiness.

Health information means anyinformation, whether oral or recorded inany form or medium, that—

(1) Is created or received by a healthcare provider, health plan, public healthauthority, employer, life insurer, schoolor university, or health careclearinghouse; and

(2) Relates to the past, present, orfuture physical or mental health orcondition of an individual, theprovision of health care to anindividual, or the past, present, orfuture payment for the provision ofhealth care to an individual.

Health plan means an individual orgroup plan that provides, or pays thecost of, medical care. Health planincludes the following, singly or incombination:

(1) Group health plan. A group healthplan is an employee welfare benefit plan(as currently defined in section 3(1) ofthe Employee Retirement Income andSecurity Act of 1974, 29 U.S.C. 1002(1)),including insured and self-insuredplans, to the extent that the planprovides medical care, including items

and services paid for as medical care, toemployees or their dependents directlyor through insurance, or otherwise, and

(i) Has 50 or more participants; or(ii) Is administered by an entity other

than the employer that established andmaintains the plan.

(2) Health insurance issuer. A healthinsurance issuer is an insurancecompany, insurance service, orinsurance organization that is licensedto engage in the business of insurancein a State and is subject to State law thatregulates insurance.

(3) Health maintenance organization.A health maintenance organization is aFederally qualified health maintenanceorganization, an organization recognizedas a health maintenance organizationunder State law, or a similarorganization regulated for solvencyunder State law in the same manner andto the same extent as such a healthmaintenance organization.

(4) Part A or Part B of the Medicareprogram under title XVIII of the SocialSecurity Act.

(5) The Medicaid program under titleXIX of the Social Security Act.

(6) A Medicare supplemental policy(as defined in section 1882(g)(1) of theSocial Security Act).

(7) A long-term care policy, includinga nursing home fixed-indemnity policy.

(8) An employee welfare benefit planor any other arrangement that isestablished or maintained for thepurpose of offering or providing healthbenefits to the employees of two or moreemployers.

(9) The health care program for activemilitary personnel under title 10 of theUnited States Code.

(10) The veterans health care programunder 38 U.S.C., chapter 17.

(11) The Civilian Health and MedicalProgram of the Uniformed Services(CHAMPUS), as defined in 10 U.S.C.1072(4).

(12) The Indian Health Serviceprogram under the Indian Health CareImprovement Act (25 U.S.C. 1601 etseq.).

(13) The Federal Employees HealthBenefits Program under 5 U.S.C. chapter89.

(14) Any other individual or grouphealth plan, or combination thereof, thatprovides or pays for the cost of medicalcare.

Medical care means the diagnosis,cure, mitigation, treatment, orprevention of disease, or amounts paidfor the purpose of affecting any bodystructure or function of the body;amounts paid for transportationprimarily for and essential to theseitems; and amounts paid for insurancecovering the items and the


transportation specified in thisdefinition.

Participant means any employee orformer employee of an employer, or anymember or former member of anemployee organization, who is or maybecome eligible to receive a benefit ofany type from an employee benefit planthat covers employees of that employeror members of such an organization, orwhose beneficiaries may be eligible toreceive any of these benefits.‘‘Employee’’ includes an individual whois treated as an employee under section401(c)(1) of the Internal Revenue Codeof 1986 (26 U.S.C. 401(c)(1)).

Small health plan means a grouphealth plan or individual health planwith fewer than 50 participants.

Standard means a set of rules for a setof codes, data elements, transactions, oridentifiers promulgated either by anorganization accredited by the AmericanNational Standards Institute or HHS forthe electronic transmission of healthinformation.

Transaction means the exchange ofinformation between two parties tocarry out financial and administrativeactivities related to health care. Itincludes the following:(1) Health claims or equivalent

encounter information.(2) Health care payment and remittance

advice.(3) Coordination of benefits.(4) Health claims status.(5) Enrollment and disenrollment in a

health plan.(6) Eligibility for a health plan.(7) Health plan premium payments.(8) Referral certification and

authorization.(9) First report of injury.(10) Health claims attachments.(11) Other transactions as the Secretary

may prescribe by regulation.

§ 142.104 General requirements for healthplans.

If a person conducts a transaction (asdefined in § 142.103) with a health planas a standard transaction, the followingapply:

(a) The health plan may not refuse toconduct the transaction as a standardtransaction.

(b) The health plan may not delay thetransaction or otherwise adverselyaffect, or attempt to adversely affect, theperson or the transaction on the groundthat the transaction is a standardtransaction.

(c) The health information transmittedand received in connection with thetransaction must be in the form ofstandard data elements of healthinformation.

(d) A health plan that conductstransactions through an agent must

assure that the agent meets all therequirements of this part that apply tothe health plan.

§ 142.105 Compliance using a health careclearinghouse.

(a) Any person or other entity subjectto the requirements of this part maymeet the requirements to accept andtransmit standard transactions byeither—

(1) Transmitting and receivingstandard data elements, or

(2) Submitting nonstandard dataelements to a health care clearinghousefor processing into standard dataelements and transmission by the healthcare clearinghouse and receivingstandard data elements through thehealth care clearinghouse.

(b) The transmission, under contract,of nonstandard data elements between ahealth plan or a health care providerand its agent health care clearinghouseis not a violation of the requirements ofthis part.

§ 142.106 Effective date of a modificationto a standard or implementationspecification.

HHS may modify a standard orimplementation specification after thefirst year in which HHS requires thestandard or implementationspecification to be used, but not morefrequently than once every 12 months.If HHS adopts a modification to astandard or implementationspecification, the implementation dateof the modified standard orimplementation specification may be noearlier than 180 days following theadoption of the modification. HHSdetermines the actual date, taking intoaccount the time needed to comply dueto the nature and extent of themodification. HHS may extend the timefor compliance for small health plans.

Subpart B–C—[Reserved]

Subpart D—National Provider IdentifierStandard

§ 142.402 National provider identifierstandard.

(a) The provider identifier standardthat must be used under this subpart isthe national provider identifier, whichis supported by the Health CareFinancing Administration. The nationalprovider identifier is an 8-positionalphanumeric identifier, which includesas the eighth position a check digit.

(b) The file containing identifyinginformation for each health careprovider for its national provideridentifier includes the followinginformation:

(1) The national provider identifier.

(2) Other identifiers, such as thesocial security number (optional),employer identification number forsome provider types, and identifyingnumbers from other health programs, ifapplicable.

(3) Provider names.(4) Addresses and associated practice

location codes.(5) Demographics (date of birth, State/

country of birth, date of death ifapplicable, race (optional), sex).

(6) Provider type(s), classification(s),area(s) of specialization.

(7) Education for certain providertypes, State licensure for certainprovider types (optional), and boardcertification (optional for someclassifications).

§ 142.404 Requirements: Health plans.Each health plan must accept and

transmit the national provider identifierof any health care provider that must beidentified by the national provideridentifier in any standard transaction.

§ 142.406 Requirements: Health careclearinghouses.

Each health care clearinghouse mustuse the national provider identifier ofany health care provider that must beidentified by the national provideridentifier in any standard transaction.

§ 142.408 Requirements: Health careproviders.

(a) Each health care provider mustobtain, by application if necessary, anational provider identifier.

(b) Each health care provider mustaccept and transmit national provideridentifiers wherever required on alltransactions it accepts or transmitselectronically.

(c) Each health care provider mustcommunicate any changes to the dataelements in its file in the nationalprovider system to an enumerator ofnational provider identifiers within 60days of the change.

(d) Each health care provider mayreceive and use only one nationalprovider identifier. Upon dissolution ofa health care provider that is acorporation or a partnership, or uponthe death of a health care provider whois an individual, the national provideridentifier is inactivated.

§ 142.410 Effective dates of the initialimplementation of the national provideridentifier standard.

(a) Health plans. (1) Each health planthat is not a small health plan mustcomply with the requirements of§§ 142.104 and 142.404 by (24 monthsafter the effective date of the final rulein the Federal Register).

(2) Each small health plan mustcomply with the requirements of


§§ 142.104 and 142.404 by (36 monthsafter the effective date of the final rulein the Federal Register).

(b) Health care clearinghouses andhealth care providers. Each health careclearinghouse and health care providermust begin using the standard specifiedin § 142.402 by (24 months after theeffective date of the final rule in theFederal Register).

Authority: Sections 1173 and 1175 of theSocial Security Act (42 U.S.C. 1320d–2 and1320d–4).

Dated: March 27, 1998.Donna E. Shalala,Secretary.[FR Doc. 98–11692 Filed 5–1–98; 9:05 am]BILLING CODE 4120–01–P

Date post:	21-Aug-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times