ERIC Testimony on the Health Plan Identifier

Testimony Submitted by The ERISA Industry Committee re: The Subcommittee on Standards of the National Committee on Vital and Health Statistics (NCVHS) May 3, 2017 Hearing on the Health Plan Identifier

Co-Chairs Goss and Coussoule and members of the committee, thank you for this opportunity to submit testimony to the Subcommittee on Standards of the NCVHS for your May 3, 2017 hearing on the health plan identifier (HPID) requirements.1

The ERISA Industry Committee (ERIC), the only national association that advocates exclusively for large employers on health, retirement, and compensation public policies at the federal, state, and local levels, calls on the NCVHS to recommend that the Department of Health and Human Services (HHS) and the Centers for Medicare and Medicaid Services (CMS) immediately halt the implementation of the HPID requirements and clarify that an HPID will not be required for HIPAA standard transaction purposes or for any other regulatory purpose, and that any new requirements should not be applied in the employer-sponsored self-insured group health plan market. It is ERIC’s long-standing position that the HPID requirements are not necessary and should be eliminated.

Preliminary Comments and Concerns

ERIC’s concern, stated bluntly, is that the HPID is a 20-year old solution to a problem that no longer exists. As originally conceived, the HPID was intended to facilitate the routing of HIPAA standard transactions to appropriate payer recipients. But the industry implemented a standardized national payer identifier based on the National Association of Insurance Commissioners (NAIC) identifier, and the NAIC identifier is now routinely used to route HIPAA standard transactions.

Section 1104(c)(1) of the ACA required CMS to “promulgate a final rule establishing a unique health plan identifier that is based on the input of a federal advisory committee, the National Committee on Vital and Health Statistics (NCVHS).” But NCVHS and other major advisory organizations, including the Workgroup for Electronic Data Interchange (WEDI) have been questioning the rationale for, and efficacy of, the HPID requirements for years, particularly as those requirements apply to employer-sponsored self-insured group health plans. 

For example, more than a year before the November 5, 2014 deadline for obtaining an HPID, WEDI recommended that “self insured (group) health plans be permitted but not required to obtain an HPID.”2 WEDI also conducted a survey of stakeholders (including self-insured plans) in August 2014 in which 76% of respondents expressed concerns about HPID implementation, and 85% of respondents thought that there was no value or questionable value in the use of the HPID (notably, none of the self-insured respondents saw any value in the use of the HPID.)3 

The NCVHS Subcommittee on Standards conducted two hearings on the HPID requirements in February and June 2014, during which nearly all of the industry groups submitting testimony questioned the application of the HPID requirements generally and particularly with respect to self-insured group health plans.4 Testimony offered at these hearings repeatedly expressed trepidation that implementing the HPID identifier would interfere with the current flow of standard transactions and introduce significant potential for disruption. 5 The testimony also expressed concern about the lack of transparency, given that the HPID database would not be public and could not be used to validate information, and the lack of a business justification for using the HPID in standard transactions, given that several standard transactions do not mention when an HPID is required.6

Pursuant to a September 2014 NCVHS recommendation, CMS announced that it would delay enforcement of the HPID requirements “until further notice.” While ERIC members were greatly relieved by that announcement, we believe the time has come to bring these issues to closure once and for all. If NCVHS believes that the HPID requirements will actually disrupt the industry’s current use of standard transactions, then there is no reason for CMS to move forward with implementing the HPID requirements.

Responses to Subcommittee Questions

Your invitation to submit testimony raised several specific questions, and we are happy to provide the following responses:

What health plan identifiers are used today and for what purpose? ERIC members generally sponsor group medical plans. These plans may be funded by insurance, trusts, or from employer funds. These plans do not use health plan identifiers. Most ERIC members rely exclusively on third party administrators (TPAs) to comply with HIPAA electronic transactions, and ERIC member plans do not generally directly engage in any HIPAA covered electronic transactions. The group medical plans maintained by ERIC members are “employee welfare benefit plans” governed by the Employee Retirement Income Security Act (ERISA), a complex federal law that regulates nearly every aspect of the plans’ operations. ERISA requires certain employers to file annual reports on Form 5500 for welfare benefit plans with the Department of Labor (DOL), and employers are required to identify their plans by type of welfare benefit (e.g., medical, dental, vision, life, AD&D, long-term disability, etc.) and by a 3-digit plan number selected by the employer (starting with plan #501).

Under ERISA, employers have significant latitude to determine the number of welfare plans they sponsor and how those plans will be reported on the Form 5500. Some employers may file a single Form 5500 for all welfare benefits (including health and non-health benefits), while other employers may file multiple Form 5500s for each welfare benefit, or for various combinations of welfare benefits. DOL regulations require these self-determined “plan numbers” to be disclosed to plan participants in a summary plan description (SPD).7 But aside from the Form 5500 filing and SPD disclosure requirements, neither the DOL nor any other federal agency requires employer-sponsored health plans to use a specific health plan identifier.

Additional compliance requirements, such as requiring health plans which do not conduct HIPAA electronic transactions to obtain and report under HPIDs, will add additional unnecessary costs for compliance, which will reduce funds available for payment of medical claims, and duplicate what is already required of a TPA and insurer. In other words, it will increase costs for plan beneficiaries, without bestowing any new benefits upon them.

What business needs are not adequately met with the current scheme in use today? ERIC members have no business needs that are not adequately met with the scheme in use today, and a new HPID scheme or other reporting by ERIC members would be unnecessary and duplicative. As noted, the industry has implemented a standardized national payer identifier based on the NAIC identifier, and that identifier is now routinely used to route standard transactions. 

What benefits does the current HPID model established by the HHS regulations provide, and does that model meet business needs? ERIC members perceive no benefits in the HPID model established by the regulations. To the contrary, and as noted below, that model has created great confusion and resulted in the expenditure of valuable resources with no apparent advantages. The current HPID model will merely add an additional layer of compliance and cost to ERIC member plans.

What challenges exist with the current HPID model established by HHS? The HPID requirements have caused considerable administrative confusion, uncertainty, and consternation for ERIC members. Neither the final HPID regulations nor the CMS enumeration process reflected familiarity with, or accommodation of, employer-sponsored group health plans. ERIC members have several significant concerns regarding the final HPID regulations and the CMS enumeration process:

  • First, the concepts of a controlling health plan (CHP) and a subhealth plan (SHP) were completely foreign to ERIC members, and did not reflect terms or terminology used by employers, TPAs, or the other federal agencies regulating group health plans.
  • Second, there was little or no recognition that HIPAA standard transactions are almost never conducted by self-insured group health plans, and that these plans generally do not have trading partner agreements relating to the exchange of information in electronic transactions.
  • Third, the CMS enumeration process was clearly not designed for self-insured group health plans – employers sponsoring group health plans had no familiarity with the CMS Enterprise Portal or with HIOS (a system designed exclusively for insurance carriers), and almost every employer encountered procedural and information obstacles to obtaining an HPID, a process involving more than 20 steps.8
  • Fourth, if the Department chooses to move forward with HPIDs, HHS must write many additional regulations to conform the current regulations with the language and nomenclature associated with ERISA, the large group market, and self-insured group medical plans. The terms that are currently used do not translate to employer-sponsored plans. HIPAA standard transactions, CHPs and SHPs are not factors in the world of employer sponsored health plans.
  • Fifth, and perhaps most troubling, the implementation cost for the HPID requirements would be a vast new expense for employers and plan beneficiaries, even though the TPAs and insurers are already complying. One TPA estimated they would have to charge $25,000.00 for each standard that a CHP would have to certify. As more electronic transactions are added to the list, this will significantly increase administrative burden and costs. It is currently unclear what issue this costly and burdensome reporting is needed to address. 

Another fundamental problem with the HPID enumeration process was that employers reading the regulations and the limited CMS guidance could, quite rationally, reach different conclusions. For example, two employers with nearly identical health plan arrangements might end up requesting one, two, or three, or even more different HPIDs. Giving employers the option of requesting one HPID or multiple HPIDs based simply on an employer’s preferences essentially guarantees non-uniform results. Which leads to a disturbing question – why would CMS create a database of employer-sponsored health plans that lacks uniformity and is essentially self-reported? How could such a haphazard, non-standardized approach possibly be reconciled with the agency’s stated objective for the HPID, namely to “increase standardization within HIPAA standard transactions and provide a platform for other regulatory and industry initiatives”? There should not be one set of regulatory definitions for purposes of the HIPAA privacy and security rules, and a different set of regulatory definitions for purposes of the HIPAA standard transaction rules (or other regulatory initiatives).

What recommendations exist going forward for health plan identifiers and the HPID final rule established by HHS? ERIC members strongly believe that the HPID is simply not necessary, either for its originally intended purpose (processing HIPAA standard transactions) or for the enforcement or administration of other federal laws (including the ACA, HIPAA, and ERISA). Our recommendation is that NCVHS encourage HHS and CMS to immediately exercise enforcement discretion and permanently abolish the HPID requirements.

Generally, ERIC members’ employer-sponsored self-insured group health plans do not engage in electronic payer transactions that need to be standardized. The expectation is that TPAs and insurers have established processes that provide for the correct payment of claims. TPAs and insurers should be the only entities responsible for these standardized transactions. As such, if the HPID is to be implemented, employers and employer-sponsored plans need not be a part of this certification process.

* * *

If ERIC can be of further assistance, please do not hesitate to contact James Gelfand, Senior Vice President for Health Policy, at or (202) 789‐1400.

* * *

1 The HPID requirements were first added to the law by Section 262 of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and renewed by Section 1104 of the Affordable Care Act (ACA). HHS issued final regulations implementing the HPID requirements on September 5, 2012 (77 Fed. Reg. 54664), requiring controlling health plans to obtain an HPID by November 5, 2014

(November 5, 2015 for small plans) and to use the HPID in HIPAA standard transactions by November 7, 2016. 

2 See WEDI Policy Advisory Group HPID recommendations sent to Secretary Sebelius on October 18, 2013, available here –

3 See WEDI letter describing HPID survey results sent to Secretary Burwell on September 19, 2014, available here – (WEDI login required) 

4 See NCVHS Subcommittee on Standards hearing transcripts here – and here –

5 Id. See, specifically, the testimony of Gail Kocher on behalf of the Blue Cross Blue Shield Association on February 19, 2014, and the testimony of Laurie Darst on behalf of WEDI and Gloria Davis on behalf of NextGen Healthcare both on June 10, 2014, all noting that the use of the HPID “will cause disruption of the current well-functioning transaction flows, potentially resulting in payment disruptions and accounts receivable impacts, as well as privacy and security breaches with misrouted transactions.”

6 Id. See, specifically, the testimony of Laurie Darst on behalf of WEDI and the testimony of Laurie Buckhardt on behalf of the Accredited Standards Committee, both on June 10, 2014.

7 See 29 CFR §2520.102-3(c) (an SPD is also required to disclose the IRS-assigned employer identification number of the plan sponsor). 8 CMS first outlined the required steps for obtaining an HPID in a “Quick Reference Guide” issued in late September 2014, mere weeks before the enumeration deadline. Although this guide has been deleted from the CMS website, it lives on in secondary sources. See, e.g.,