HIPAA Identifiers

Healthcare Fraud Webinar

To juxtapose HIPAA's Administrative Simplification efforts, the Centers for Medicare & Medicaid Services (CMS) introduced four unique identifiers which promise to standardize the identification numbers for providers, employers, and ensure future consistency and ease of use.

The four unique identifiers are:

  • The Standard Unique Employer Identifier - This is the standard Employer Identification Number or EIN which can be found on employee's federal Internal Revenue Service (IRS) Form W-2, Wage and Tax Statement received from their employer. With the help of using EIN, it would be easy to identify an entity acting in an employer role in standard HIPAA transactions that too without identifying the patient's health plan or insurance coverage. Moreover, EIN will not replace the group number, account number, policy number, or subscriber number.

Standards for Transactions:

Under HIPAA, HHS adopted certain standard transactions for the electronic exchange of health care data. These transactions include:

  • Claims and encounter information
  • Payment and remittance advice
  • Claims status
  • Eligibility
  • Enrollment and disenrollment
  • Referrals and authorizations
  • Coordination of benefits
  • Premium payment

HIPAA-covered entities who conduct any of these transactions electronically must use an adopted standard from ASC X12N or NCPDP

  • The National Provider Identifier (NPI) - For covered health care providers, NPI is a unique identification number. For all HIPAA administrative and financial transactions, covered health care providers and all health plans and health care clearinghouses should use NPIs. As the NPI is a 10-position, intelligence-free numeric identifier (10-digit number), it does not disclose other information about health care providers.

An NPI must be used in all HIPAA standard transactions.

HIPAA required HHS to establish national standards for electronic transactions to improve the efficiency and effectiveness of the nation's health care system. These standards apply to all HIPAA-covered entities:

  • Health plans
  • Health care clearinghouses
  • Health care providers who conduct electronic transactions, not just those who accept Medicare or Medicaid

Any provider who accepts payment from any health plan or other insurance company must comply with HIPAA if they conduct the adopted transactions electronically.

These providers must also have written agreements in place to ensure business associates comply with HIPAA. Examples of business associates include clearinghouses and independent medical transcriptionists.

  • The National Health Plan Identifier (HPID) - The Health Plan Identifier (HPID) is designed to furnish a standard way to identify health plans in electronic transactions.
    The Health Plan Identifier (HPID) is a standard, unique health plan identifier required by the HIPAA. On September 5, 2012, the Department of Health and Human Services (HHS) published the final rule (CMS-0040F), which adopted a unique identifier (HPID) for Health Plans. The Final Rule for Transactions and Codes Sets provides a definition for health plan at 45 CFR 160.103 , which references 42 U.S. Code ' 300gg-91 - Definitions. For the purposes of HPID enumeration, health plans are divided into controlling health plans and sub-health plans, two of several new terms introduced in the final rule. Other new terms include Other Entity Identifier (OEID); Health Plan and Other Entity Enumeration System (HPOES) and Health Insurance Oversight System (HIOS).
  • The National Individual Identifier - As the government has stopped endorsing the development of NII, the identifier no longer is pursued. The controversy related to compromising individual privacy can be seen as the reason for discarding the NII.