Skip to content

HHS Finalizes Regulations to Eliminate Health Plan Identifiers (HPIDs)



Administrative Simplification: Rescinding the Adoption of the Standard Unique Health Plan Identifier and Other Entity Identifier, 45 CFR Part 162, 84 Fed. Reg. 57621 (Oct. 28, 2019)

HHS has finalized regulations to rescind the requirement for health plans to obtain unique health plan identifiers (HPIDs) and to eliminate voluntary other entity identifiers (OEIDs). Although HIPAA required HHS to establish standards for HPIDs, HHS did not act on the requirement until the Affordable Care Act instructed HHS to issue final HPID regulations by October 1, 2012, in consultation with the National Committee on Vital and Health Statistics (NCVHS). HHS established standards for HPIDs in September 2012 (see our Checkpoint article), setting a November 5, 2014 deadline for larger health plans to obtain HPIDs (and providing an additional year for smaller health plans). Shortly before the 2014 deadline, however, HHS announced an indefinite enforcement delay, citing an NCVHS report questioning the business need, purpose, benefit, and value of HPIDs (see our Checkpoint article). HHS subsequently sought public comments regarding possible changes to its policy on HPIDs (see our Checkpoint article), and a 2017 NCVHS report recommended rescission of the HPID requirement (see our Checkpoint article). Proposed regulations issued in December 2018 followed the recommendation of the 2017 report (see our Checkpoint article).

In view of the industry’s adoption of other satisfactorily functioning mechanisms to identify payers, the cost and complexity of implementing HPIDs, and the uncertain value of OEIDs, the final regulations eliminate the HPID requirement and rescind OEIDs. They also delete regulatory definitions of “controlling health plan” and “subhealth plan,” which have no application following rescission of HPIDs and OEIDs. On or after December 27, 2019, HHS will no longer accept HPID or OEID applications, and will deactivate all HPIDs and OEIDs previously issued through the Health Insurance Oversight System (HIOS) and provide an explanatory email to all active HIOS users. HHS declined to develop policies regarding the use of deactivated HPIDs or OEIDs, but encourages entities with legacy HPIDs or OEIDs to collaborate and agree on the best identifiers for future transactions.

EBIA Comment: The fate of HPIDs and OEIDs was foretold when the indefinite enforcement delay was announced in 2014, and this dormant requirement has been a backburner issue since then. With these final regulations, covered entities and business associates can cross HPIDs and OEIDs off their compliance lists. Nevertheless, because two separate statutes still require HHS to adopt some form of standard unique identifier for health plans, HHS asks stakeholders to consider business cases for a standard identifier and to share their ideas with HHS or NCVHS. For more information, watch for updates to EBIA’s HIPAA Portability, Privacy & Security manual at Section XXXII.J (“Unique Health Identifiers”). See also EBIA’s Self-Insured Health Plans manual at Section XXXI.F (“EDI Standards”) and EBIA’s Health Care Reform manual at Section XXXII.C.3 (“Health Plan Identifier”).

Contributing Editors: EBIA Staff.

More answers