The United States Department of Health and Human Services (HHS) proposed a new rule for certification of compliance for health plans at the beginning of 2014. If introduced the rule would have obligated all controlling health plans (CHPs) to complete a range of documentation to HHS to prove compliance with electronic transaction standards set by the department in line with HIPAA Rules.
It has now been announced that the ‘Administrative Simplification: Certification of Compliance for Health Plans’ rule, which was focused promote more consistent testing processes for CHPs has been withdrawn.
If it had passed all the required stages and been introduced it would have had implications for CHPs. These bodies would have needed to prove compliance with HIPAA administration simplification standards for three separate electronic transactions: eligibility for a health plan, health care claim status and health care electronic funds transfers (EFT) and remittance advice. Not being able to prove compliance with this could have leaded to financial penalties for CHPs.
Most employers’ health care plans were managed by their insurance providers, so the proposed rule would not have had a direct implication for them. However, a significant burden would have been imposed on self-funded employers by the rule change. Following the proposed rule being made public by inclusion in the federal register in January 2014, HHS registered more than 72 public comments. Once it had looked into those comments the HHS took steps to withdraw the proposed rule.
The Department will be re-examining the concerns that they were made aware of in those and will be looking at different options and alternatives to show compliance with statutory requirements.
The Secretary of the HHS, Eric D Hargan, remarked that rules regulations have already been implemented to ensure compliance with HIPAA administration simplification standards and enforcement of compliance with those established standards. While the proposed rule has been pulled, the HHS has confirmed that all HIPAA covered entities must still comply with 45 CFR parts 160 and 162.