Federal Register Notice
July 24, 1997
(62 FR 39844)
DEPARTMENT OF HEALTH AND HUMAN SERVICES
National Committee on Vital and Health Statistics: Publication of Recommendations Relating to HIPAA Health Data Standards
AGENCY: Office of the Secretary.
ACTION: Notice.
SUMMARY: Section 1172(f) Subtitle F of Pub. L. 104-191, the Health Insurance Portability and Accountability Act of 1966, requires the Secretary of Health and Human Services to publish in the Federal Register any recommendation of the National Committee on Vital and Health Statistics (NCVHS) regarding the adoption of a data standard under that law. Accordingly, the full text of the initial set of NCVHS recommendations relating to HIPAA data standards is reproduced below. The text of the recommendations is also available on the NCVHS website: http://aspe.os.dhhs.gov/ncvhs/. The executive summary of the NCVHS recommendations to HHS relating to health information privacy and confidentiality is also reproduced below. The full text of the NCVHS privacy report is available on the NCVHS website.
SUPPLEMENTARY INFORMATION: Under the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1966 (HIPAA), the Secretary of Health and Human Services is required to adopt standards for specified administrative health care transactions to enable information to be exchanged electronically. The law requires that, within 24 months of adoption, all health plans, health care clearinghouses and health care providers who choose to conduct these transactions electronically must comply with these standards. Further, the law requires the Secretary to submit to Congress detailed recommendations on standards with respect to the privacy of individually identifiable health information. In preparing these reports and recommendations, the Secretary is required to consult with the NCVHS, the statutory public advisory body to HHS on health data, privacy and health information policy. On June 27, 1997, the Committee submitted a set of initial recommendations relating to health data standards. In accordance with the law, the full text of the recommendations is published below. The executive summary of the NCVHS privacy report also is reproduced below.
The Honorable Donna E. Shalala,
Secretary of Health and Human Services,
200
Independence Avenue, SW.,
Washington, DC 20201.
Dear Secretary Shalala: On behalf of the National Committee on Vital and Health Statistics (NCVHS), I am pleased to forward to you our recommendations relating to the first of the health data standards being proposed for adoption in accordance with the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA outlines a new approach to the adoption of data standards to support electronic data interchange in the health industry in the United States, in a framework that protects the privacy and security of health information. The law assigns to you the responsibility for adopting such standards by February 1998. It also asks you to provide detailed recommendations to Congress with respect to the privacy of individually identifiable health information by next August. The NCVHS is very pleased to provide support, advice and consultation to you in this effort.
To assist in carrying out our advisory responsibilities to you, the NCVHS, in collaboration with HHS, has held a number of public hearings to obtain input and advice from throughout the health industry, State government, and the research and public health communities. The first of the health data standards to be proposed for adoption is the unique identifier for health providers, which HHS has had under development for some time and which we understand is planned for Federal Register publication in July for review and comment.
The NCVHS has been briefed on the proposal for the National Provider Identifier (NPI), and we offer our strong support. The proposal includes an eight digit alphanumeric identifier that would be assigned to all providers, along with essential identifying information. The identifier includes a check digit and contains no embedded intelligence. We recommend that HHS proceed to publish the proposal for public comment without delay. While public comments are likely on the technical details of the number and the optimal approach to enumeration, we have found broad support for the proposal in general and urge you to proceed.
The Committee did identify one concern that we bring to your attention. The NPI, like all of the subsequent standards to be adopted, should be conceived of as a generic industry-wide standard and it should not contain any requirements that are specific to individual programs-government programs or otherwise. It is our understanding that information about HHS Inspector General sanctions against providers is being considered as part of the NPI system.
We believe that this approach undermines the principle of a generic industry-wide standard and makes the successful implementation of the first standard needlessly difficult and controversial. While we are supportive of HHS efforts to prevent and detect health care fraud and abuse, we strongly recommend against the inclusion of sanctions information as part of the NPI system itself. The OIG provider sanctions information is already public, and it can be further publicized in other ways. We do agree that the use of the NPI to facilitate access to health care fraud and abuse information in other data systems is both appropriate and consistent with the intent of the statue.
We appreciate your national leadership in health data standards, electronic data interchange and privacy, and we are privileged to work with you on these issues.
Sincerely,
Don E. Detmer, M.D.,
Chairman.
The Honorable Donna E. Shalala,
Secretary of Health and Human Services,
200 Independence Avenue, SW,
Washington, DC 20201.
Dear Secretary Shalala: On behalf of the National Committee on Vital and Health Statistics (NCVHS), I am pleased to forward to you our recommendations relating to some of the health data standards being proposed for adoption in accordance with the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As you are aware, HIPAA outlines a new approach to the adoption of data standards to support electronic data interchange in the health industry in the United States, in a framework that protects the privacy and security of health information. The law assigns to you the responsibility for adopting such standards by February 1998. It also asks you to provide detailed recommendations to Congress with respect to the privacy of individually identifiable health information by next August. The NCVHS is very pleased to provide support, advice, and consultation to you in this effort.
To assist in carrying out our advisory responsibilities to you, the NCVHS, in collaboration with HHS, has held a number of public hearings to obtain input and advice from throughout the health industry, State government, and the research and public health communities. We have heard a great deal of input from the private and public sectors, and have synthesized that input into the following recommendations regarding the administrative simplification standards.
Administrative Transaction Messages
The NCVHS recommends that you adopt the following standards for transmission of administrative and financial transactions. In addition, we recommend that you specify the acceptable versions and implementation guides for these standards at the time the final rules are issued.
Health Claims* or Equivalent Encounter Information
Pharmacy-NCPDP Telecommunications Standard Format
Institutional-ASC X12N Health Care Claim (837)
Professional-ASC X12N Health Care Claim (837)
Dental-ADA Implementation Guide for ASC X12N 837
*The X12N standard for claims includes standard information for coordination of benefits.
Enrollment and Disenrollment in a Health Plan
ASC X12N Benefit Enrollment and Maintenance (834)
Eligibility for a Health Plan
ASC X12N Health Care Eligibility/Benefit Inquiry (270)
ASC X12N Health Care Eligibility/Benefit Information (271)
Health Care Payment and Remittance Advice
ASC X12N Health Care Claim Payment/Advice (835) [p39846]
Health Care Premium Payments
ASC X12N Consolidated Service Invoice/Statement (811)
ASC X12N Payment Order/Remittance Advice (820)
First Report of Injury
ASC X12N Report of Injury, Illness or Incident (148)
Health Claim Status
ASC X12N Health Care Claim Status Request (276)
ASC X12N Health Care Claim Status Notification (277)
Referral Certification and Authorization
ASC X12N Health Care Service Review Information (278)
The adoption of a standard for claim attachments is not due until next year, so we will make a timely recommendation for that transaction at a later time.
Although we recommend that institutional and professional claims should move to the ANSI X12N 837 standard, we recommend a strategy to ease the transition for providers and payers that currently rely on the older NSF or UB92 flat-file formats for electronic claims submissions. We have learned at the hearings that the financial health of providers is extremely sensitive to the timing of payments for claims submitted. As a result, there is some fear in the industry that pushing this transition to the 837 too rapidly could lead to financial failures if payments were delayed because of technical problems during the conversion. We recommend a transition strategy whereby willing trading partners, by mutual agreement, could continue to use existing flat-file mechanisms (NSF and UB92) to exchange claim transactions until February, 2002. Strict adherence to section 1175 of HIPAA (which forbids plans from refusing standard transactions or delaying payment on the grounds that a transaction is standard) will be expected and should be enforced.
Transaction Data Content
The Committee has a long history of national leadership on health data content issues. We will review the information now being collected by HHS in the master data dictionary of transaction data elements and, once that is available, will formulate our recommendations. The Committee's recommendations on data content also will include specific recommendations for a process for changing, maintaining, and updating the standard data content specifications for the above administrative transactions. As part of our ongoing responsibilities, we will continue to advise you on the need for new data elements, as well as deletions and modifications to current data elements, for health care transactions.
At this time, we would like to make specific recommendations about several data elements. In a previous communication, we endorsed HCFA's NPI proposal for a unique identifier for providers. The Committee would like to endorse the HCFA proposed Payer ID as the national standard for the payer identifier. A recommendation on the individual identifier may follow, after the Committee has had opportunity to review and discuss the commissioned report on this topic.
The Committee recommends that diagnosis and procedure coding continue to use the current code sets because replacements will not be ready for implementation by the year 2000. ICD-9-CM diagnosis codes, ICD-9-CM Volume 3 procedure codes, and HCPCS (including CPT and CDT) procedure codes should be adopted as the standards to be implemented by the year 2000. Annual updates to ICD-9-CM and HCPCS should continue to follow the schedule currently used. In addition, we recommend that you advise industry to build and modify their information systems to accommodate a change to ICD-10-CM diagnostic coding in the year 2001 and a major change to a unified approach to coding procedures (yet to be defined) by the year 2002 or 2003. We recommend that you identify and implement an approach for procedure coding that addresses deficiencies in the current systems, including issues of specificity and aggregation, unnecessary redundancy, and incomplete coverage of health care providers and settings. The committee will continue its leadership and participation in this endeavor.
Security Standards
Security standards will be recommended by the Committee after hearings are held on this topic. These hearings are currently scheduled for August.
We appreciate your national leadership in health data standards, electronic data interchange and privacy, and we are privileged to work with you on these issues.
Sincerely,
Don E. Detmer, M.D.,
Chairman.
The Honorable Donna E. Shalala,
Secretary of Health and Human Services,
200 Independence Avenue S.W.,
Washington, D.C. 20201.
Dear Secretary Shalala: On behalf of the National Committee on Vital and Health Statistics (NCVHS), I am pleased to forward to you our recommendations relating to health information privacy. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires you to provide detailed recommendations to the Congress with respect to the privacy of individually identifiable health information by August 1997. The law also directs you to consult with the NCVHS in developing your recommendations. The enclosed report is submitted in support of this responsibility.
In developing our recommendations to you for health information privacy, the NCVHS Subcommittee on Privacy and Confidentiality held six full days of public hearings during which we heard from 43 witnesses from the industry, privacy community, State government, and public health and research communities. We also benefited from two additional days of public hearings in San Francisco where we heard from an additional 40 witnesses from across the health industry spectrum, including a number of representatives from the privacy and patient advocacy community.
The NCVHS recommends that you and the Administration assign the highest priority to the development of a strong position on health privacy. The NCVHS also recommends that the 105th Congress enact a health privacy law before it adjourns in the fall of 1998.
We appreciate your leadership on health information privacy, and offer our continuing assistance in addressing this national issue.
Sincerely,
Don E. Detmer, M.D.,
Chairman.
Enclosure
Executive Summary
The Health -Insurance Portability and Accountability Act requires the Secretary of Health and Human Services to consult with the National Committee on Vital and Health Statistics when developing recommendations on standards for the protection of the privacy of individually identifiable health information. This report is the Committee's advice to the Secretary.
The Committee finds that the United States is in the midst of a health privacy crisis. Patients must feel comfortable in communicating sensitive personal information. Delays in passing privacy legislation will allow additional and uncontrolled uses of health information to develop.
The Committee recommends that the Secretary and the Administration assign the highest priority to the development of a strong position on health privacy that provides the highest possible level of protection for the privacy rights of patients. The Committee also unanimously recommends that the 105th Congress enact a health privacy law before it adjourns in the fall of 1998.
Health privacy legislation presents only hard choices and difficult tradeoffs. The importance of trust in the provider-patient relationship must be preserved. Health records are used to improve the quality of health care, reduce the costs of health care, expand the availability of health care, protect the public health, and assure public accountability of the health care system. Privacy competes with all of these objectives, and it is not easy to strike a fair balance between privacy and these other worthy goals. The Committee has no doubt, however, that a privacy bill can be passed that balances the interests of patients with the needs of the health care system.
The Committee calls for a law that will require creators and users of identifiable health care information to establish a full range of fair information practices, including a patient's right of access to records, right to seek amendment of records, and right to be informed about users of health information. The law must also impose restrictions on disclosure and use of the information, require adequate security, impose sanctions for violations, and increase reliance on non-identifiable information whenever possible. [p39847]
The Committee strongly supports the use of health records for health research, subject to independent review of research protocols and other procedural protections for patients. The Committee also strongly supports the use of health records for public health purposes, subject to substantive and procedural barriers commensurate with the importance of the public health functions. The Committee believes that patients need strong substantive and procedural protections if their health records are to be disclosed to law enforcement officials.
The Committee strongly supports limiting use and disclosure of identifiable information to the minimum amount necessary to accomplish the purpose. The Committee also strongly believes that when identifiable health information is made available for non-health uses, patients deserve a strong assurance that the data will not be used to harm them.
Contact Person for More Information: Information about the Committee as well as the text of the HIPAA recommendations is available on the NCVHS website or from James Scanlon, NCVHS Executive Staff Director, Office of the Assistant Secretary for Planning and Evaluation, DHHS, Room 440-D, Hubert H. Humphrey Building, 200 Independence Avenue S.W., Washington, D.C. 20201, telephone (202) 690- 7100, or Marjorie S. Greenberg, Executive Secretary, NCVHS, NCHS, Room 1100, Presidential Building, 6525 Belcrest Road, Hyattsville, Maryland 20782, telephone (301) 436-7050.
Dated: July 18, 1997.
James Scanlon, Director, Division of Data Policy, Office of the Assistant Secretary for Planning and Evaluation.
[FR Doc. 97-19492 Filed 7-23-97; 8:45 am]
BILLING CODE-4151-04-M