The Health Plan Identifier (“HPID”) is a standard, unique health plan identifier required by the Health Insurance Portability & Accountability Act of 1996 (“HIPAA”). On September 5, 2012, the Department of Health and Human Services (“HHS”) issued final regulations adopting a unique HPID for health plans, which are divided for this purpose into “controlling health plans” and “sub-health plans.” A controlling health plan is defined as a health plan that controls its own business activities, actions, or policies, or is controlled by an entity that is not a health plan, which includes self-insured group health plans. Controlling health plans with annual receipts in excess of $5 million were required to obtain an HPID by November 5, 2014. However, based on our experience, the ability for self-insured plans to obtain an HPID is, to put it kindly, challenging (perhaps due to a focus by the rules on insured plans).
Effective October 31, 2014, the Centers for Medicare & Medicaid Services (“CMS”), a division of HHS that is responsible for enforcement of HIPAA compliance, announced a delay until further notice in enforcement of the regulations pertaining to obtaining and using the HPID in HIPAA transactions, available here. “This enforcement delay applies to all HIPAA covered entities, including healthcare providers, health plans, and healthcare clearinghouses.” CMS decided to delay enforcement in response to a recommendation provided to HHS on September 23, 2014 by the National Committee on Vital and Health Statistics, an advisory body to HHS, available here.
As a result, employer health plans need not obtain or use HPIDs unless and until contrary guidance is issued by CMS.