HSS Withdraws Proposed Rule Following Public Concerns

In January 2014, the Department of Health and Human Services proposed a new rule for certification of compliance for health plans to be introduced into HIPAA legislation. The rule was entitled “Certification of Compliance for Health Plans”. This rule would have required all controlling health plans (CHPs) to submit a range of documentation to HHS to demonstrate compliance with electronic transaction standards set by the HHS under HIPAA Rules. It was hoped that the introduction of this rule would simplify the administrative tasks regarding HIPAA compliance. The rule was also designed to promote more consistent testing processes for CHPs. The HHS has now announced that the proposed rule has now been withdrawn.

For the rule to have been passed into legislation, CHPs would have been required to demonstrate compliance with HIPAA administration simplification standards for three electronic transactions: Eligibility for a health plan, health care claim status, and health care electronic funds transfers (EFT) and remittance advice. If a CHP failed to comply with the new rule, they would have been subjected to a financial penalty.

Many employers prefer to have an insurance carrier handle their health. In these instances, the proposed rule would not have affected them directly. Self-funded employers would have seen a significant burden introduced onto them had the rule change been passed. Following publication of the proposed rule in the federal register in January 2014, HHS received more than 70 public comments about the effect that the rule would have on the prosperity of many different businesses. As is required by law, the HSS examined the comments closely. Following the examination, they made the decision to withdraw the proposed rule.

HHS will be re-examining the issues raised in the comments and will be exploring options and alternatives to comply with statutory requirements. The Secretary of the HHS explained that regulations have already been established for compliance with HIPAA administration simplification standards, and enforcement of compliance with those standards. While the proposed rule has been withdrawn, the HHS has confirmed that covered entities are still required to comply with 45 CFR parts 160 and 162.