 |
|
 |
 |
 |
|
 |
 |
|
 |
HIPAAdvisory > HIPAAregs > Employer Identifier |  |
 |
 |
 |
|||||||||||||||||||||||
|
Standard Unique Employer IdentifierIII. Comments and Responses Concerning the Proposed ProvisionsAll general comments on applicability of the HIPAA standards were addressed in the Transactions Rule. These comments will not be repeated here. There were 61 commenters on the proposed rule. These commenters included Federal and State government agencies, private organizations (including health plans and health care provider professional organizations), and individuals. A. Employer Identifier StandardComment: Two commenters said there should be no regulation as to the use or non-use of the hyphen as part of the format for the EIN. Eight commenters stated the hyphen should be omitted when transmitting standard transactions. One commenter said it should be omitted on standard transactions but used in human-readable formats. One commenter stated that the use of a modifier would be beneficial for identifying specific State agencies under a single EIN; another commenter recommended that the EIN not be used with a modifier. A few commenters recommended a check digit be used with the EIN; a larger number of commenters recommended a check digit not be used. Response: The hyphen is part of the EIN, as it is
defined at 26 CFR 301.7701-12 and assigned by the IRS. The standard
transaction formats use alphanumeric fields for the EIN. These fields
can accommodate the EIN with or without the hyphen. The implementation
guides for the standard transactions are silent on whether the hyphen
must be transmitted. Most translator software can easily add the
hyphen to or remove it from the EIN field within standard transactions.
In spite of the flexibility of the standard transaction formats
and the capability of translators to handle EINs with and without
the hyphen, we believe that we should require standardization of
the identifier format within the standard transactions, in order
to promote simplification and savings. We further believe that it
would be confusing to adopt the EIN as the standard unique employer
identifier, but then to direct that the adopted standard be modified,
by removing the hyphen, before use in standard transactions. It
would be equally confusing to adopt "the EIN minus the hyphen" as
the standard, because this identifier would still be referred to
informally as the EIN, and it would not be clear when the hyphen
is needed and when it is not. We believe it is advantageous to adopt
the EIN exactly as assigned by the IRS. This strategy is clearer
and more flexible, should the IRS, at some time in the future, modify
its defined format of the EIN for any reason. We therefore require
that the EIN as assigned by the IRS be used in the standard The EIN was selected as a cost-effective choice for the standard employer identifier because the IRS is already issuing it and employers already have this identifier. The IRS has no project initiated at this time to modify the format of the EIN or to add a check digit to the EIN. The presence of a check digit can help in detection of keying errors made in data entry of a number. We could have specified a check digit to be used with the IRS-issued EIN. However, we believe that in many cases where the EIN is used in standard transactions, it will be on file electronically and will not need to be inserted through data entry. Therefore, the benefits of a check digit would be modest. Modification of the IRS-issued identifier by addition of modifiers
or a check digit for use in health care transactions would require
costly additional processes and would negate the benefits of using
the existing IRS infrastructure; therefore, we do not add modifiers
or a check digit to the IRS format. Comment: Several commenters thought that the EIN was proposed to identify health care providers. Some stated that the EIN was not specific enough to uniquely identify health care providers. Others expressed privacy concerns if the EIN were used to identify health care providers. Response: The same entity may have multiple roles in health care transactions. On May 7, 1998, we proposed that the National Provider Identifier, not the EIN, be adopted to uniquely identify health care providers (63 FR 25320). The EIN will be used to identify an entity in the employer role. For example, a hospital may be both an employer and a health care provider. The hospital would use its EIN to identify itself when conducting transactions in an employer role, for example, making premium payments on behalf of its employees. When making claims for health care services furnished, it would use its National Provider Identifier. Comment: Several commenters thought that the EIN was proposed to identify the patient's health plan or insurance coverage. One commenter stated one identifier should be used for both payer and employer. One commenter stated it would be confusing to use a different identifier for employee welfare benefit plans and employers, since such plans are sponsored by employers. Response: The EIN will be used to identify an entity acting in the employer role in standard transactions. It will not identify the patient's health plan or insurance coverage. It will not replace the group number, account number, policy number, or subscriber number. Although it is true that the employee welfare benefit plans are often sponsored by employers, the EIN will be used to identify only the employer, not the health plan. In a future proposed rule, HHS intends to propose a health plan identifier to identify health plans. Employee welfare benefit plans would be identified by a health plan identifier. Comment: Several commenters supported the choice of the EIN. Two commenters stated the EIN did not meet the 10 criteria established for selection of a standard under the Act. Response: Of the two commenters stating that the EIN did not meet the criteria (see 65 FR 50351-50352 for the list of criteria), one commenter was not specific about how the EIN did not meet the criteria. The second commenter incorrectly believed that the EIN was being proposed to identify the insurance coverage of a patient rather than to identify an employer in standard transactions. B. RequirementsComment: One commenter stated that we should clarify the meaning of the terms "required" and "situational." Many commenters stated that the usage of the EIN of the employer in health care transactions was unclear and requested clarification, i.e., whether the EIN was required, situational, etc. One commenter said the EIN of the employer should be a situational data element on all electronic data interchange (EDI) transactions. Several commenters stated that the EIN should be required only on transactions exchanged between an employer and a health plan. Several commenters said they needed clarification on which transactions would use the EIN. Response: As used with respect to a data element
in a standard transaction, the word "required" means that the data
element is required according to the standard implementation guide
for that transaction. The word "situational" means that the data
element or choice of a specific code value is required if the data
condition described in the standard implementation guide occurs.
For purposes of this rule, if use of the employer identifier is
situational and the The X12N Version 4010 transaction implementation guides are the authority for specific information on the use of the EIN to identify the employer in X12N transactions. The following summarizes use of the EIN to identify the employer in X12N transactions:
An employer identifier is not used to identify an entity as an employer in the following X12N standard transactions:
The EIN of the employer is optional in the NCPDP retail pharmacy transactions. The implementation guides for the NCPDP transaction standards are the authorities for specific information on the use of the EIN of the employer in the NCPDP standard transactions. Comment: Many commenters expressed concern that health
care providers would be required to report the EIN of the patient's
or subscriber's employer on standard transactions. They requested
more specific data related to the costs to health care providers
of reporting these EINs. They noted that health care providers do
not routinely obtain and patients do not generally know these EINs.
Some commenters noted that, with the exception of the X12N 834 enrollment
transaction, the X12N implementation guides specify the employer
identifier is situational in all occurrences. Health care providers
are not a party to the X12N 834 and thus would not be required to
report a patient's employer's EIN. Many commenters therefore recommended
that all references to the use of employer identifiers by health
care providers be deleted from the regulation. One commenter noted
that third party administrators sometimes require health care providers
to report the employer on eligibility transactions, and that subcontracting
health care providers in Provider Sponsored Response: Health care providers do not conduct the X12N 834 enrollment transaction, the only standard transaction where the employer identifier is required. In all standard transactions that a health care provider might conduct, the employer identifier is either not a permitted value or is one of a choice of alternate values. In the situations where the employer identifier may be used in a standard transaction used by covered entities under HIPAA, the employer identifier is used only if the party being identified is an employer and its identifier has been given to the health care provider as the electronic transaction identifier for the employer as an information source in an eligibility transaction. The standard transaction for eligibility inquiry and response does not contain data elements for identifying the subscriber's employer. We expect that health care providers will be able to obtain the EIN from the employer, as is the current practice, for the limited cases when an EIN is needed in covered standard transactions initiated by the health care provider. Comment: Some commenters stated that employers may not want to disclose their EINs and requested that the final rule explicitly state the penalties for an employer that does not disclose its EIN. Some were concerned that the EIN may not be accessible to parties needing the EIN for health care transactions. One commenter said that because of administrative costs, employers will not want to provide their EINs. Another commenter stated that employers would be so overwhelmed by requests for their EINs that they would place them on everything to limit staff time required for answering these requests. Response: These concerns were generated because commenters
incorrectly thought that EINs would be required in transactions
initiated by health care providers or others who would not know
the EIN. Although identification of the subscriber's employer was
part of the data content of the institutional health care claim
transaction in the proposed Transactions Rule, that data element
was removed from the institutional health care claim transaction
that was adopted by the final Transactions Rule. In fact, the EIN
will be used, for the most part, in transactions initiated by the
employer itself. The EIN is required for the enrollment in a health
plan standard transaction, which is usually initiated by employers
(which are not covered entities). In other transactions, such as
the eligibility for a health plan transaction, the employer identifier
only occurs in conjunction with the use of the standard transaction
between one or more organizations who are noncovered entities under
HIPAA, or as one of the possible choices of identifiers for the
employer. In the eligibility for a health plan transaction, the
employer identifier can be used as one of the permitted identifiers
for the employer as the source or receiver of eligibility information.
Thus, when a health care provider is initiating the eligibility
for a health plan transaction to an employer, in the process of
determining the proper electronic routing identifiers and other
electronic identifiers, the health care provider has the opportunity
to obtain an EIN if required by the employer as its electronic routing
or other electronic identifier. We believe that use of the EIN will
not generally create compliance problems for covered We had proposed to require each employer to disclose its EIN, upon request, to any covered entity that needed to use that employer's EIN in a standard transaction. This requirement is not adopted in this final rule because employers are not covered entities under the Administrative Simplification provisions of HIPAA. However, we believe that employers will have a strong incentive to continue the common business practice of providing their EINs voluntarily in those rare cases where it is not already known in order to maintain or improve the efficiency of administrative processes. Comment: Many commenters thought that the EIN of the patient's employer or of the patient would be required in health care claim and encounter transactions. These commenters stated that use of the EIN in these transactions is an invasion of privacy, both personal and medical. Several commenters stated that implementation of a national standard employer identifier will permit unwarranted Federal monitoring of patient care and linking of medical records through employers. They stated that the possibility of Federal monitoring and linking of medical records will create barriers of distrust between doctors and patients and between employers and employees. They stated use of the EIN will eventually lead to a numbering system on citizens that will make it easier to track citizens from one employer to another, build citizen profiles, or discriminate against citizens based upon health status. One commenter thought that the use of the EIN would result in the collection of centralized medical records and had potential for abuse. Several commenters stated this regulation was an improper role of government. Several commenters said they would like to shelve the proposed rule, while others said there should be a nationally publicized hearing or that the use of the EIN should go to a public vote and not be decided by the government. Several commenters were concerned about the security of medical records stored in central computer locations. One commenter supported a "Patients' Bill of Rights" with enforcement through the court systems. One commenter requested clarification of penalties for patients who refuse to give the names or EINs of their employers. One commenter said that States should not be required to give employers access to benefit information. This commenter stated this would be unacceptable, based on confidentiality and administrative burden. Response: Many commenters misunderstood the proposed application of the employer identifier. The inclusion of the employer identifier is optional in the NCPDP retail pharmacy claim. The employer identifier is not used at all to identify an entity as an employer in the X12N standard health care claim or equivalent encounter information transactions. It is used primarily to identify employers that are sending or receiving transactions for enrollment in a health plan or payment of premiums. Those transactions do not carry information about the treatment of individuals. We do not believe the employer identifier will facilitate federal monitoring of patient care, collection of central medical records, or tracking of citizens. We do not believe it will lead to barriers of distrust between doctors and patients, or between employers and employees. HHS proposed standards for security of health information, including medical records, in a proposed rule (63 FR 43242) published on August 12, 1998. HHS also adopted standards for privacy of individually identifiable health information in the Privacy Rule (65 FR 82462) published December 28, 2000. We do not require patients to give the EIN of their employers to anyone or require States to give employers access to benefit information. Comment: One commenter recommended the revision of Secs. 142.604 and 142.608 as follows: "Each health plan/health care provider must accept and transmit the national employer identifier of any employer that must be identified in any standard transaction." One commenter stated that Sec. 142.606 should be deleted since clearinghouses do not collect, validate, or supply data elements to the transaction. Response: We agree that Secs. 142.604 and 142.608 should be revised for clarity. We do not agree that Sec. 142.606 should be deleted because health care clearinghouses are covered entities and are required to use the standards, but we made a similar revision as that made to Secs. 142.604 and 142.608. These revisions are reflected in Sec. 162.610. C. Implementation ConcernsComment: One commenter recommended HHS notify employers of this proposal for national use of EINs. Response: Employers are not covered entities, and this rule places no requirements upon them. In many cases, employers already use the EIN to identify themselves in standard transactions. Use of the EIN by employers in standard transactions will continue to be voluntary. While employers are not covered entities under this rule, health plans are free, as part of their business arrangements with employers, to require employers to use the standard transactions and to provide their EINs for this purpose. We have provided public notice of this proposal by publication of the proposed rule in the Federal Register on June 16, 1998 (63 FR 32784) and by publication of this final rule in the Federal Register. Comment: Several commenters requested clarification of the employer enumeration process and how information in the employer identifier system would be maintained. They also stated that timely and accurate updates to this system are critical to accurate public health data collection efforts. One commenter wanted confirmation that the plans for authenticating prior to the IRS's issuance of an EIN would remain the same as today. It was suggested that one or more centers be established to answer questions about the employer identifier and redirect questions to the IRS or other Departments. Response: The IRS maintains the EIN enumeration system and database, and makes information on the EIN available through its web site at http://www.irs.ustreas.gov/. The IRS authentication, enumeration and update processes and the IRS enumeration system will not be changed as a result of this regulation. The IRS answers questions about the EIN through its web site. HHS answers questions about the Administrative Simplification regulations through its web site at http://aspe.hhs.gov/admnsimp. Comment: One commenter asked whether the EIN is always the same as the taxpayer identifying number. Response: The taxpayer identifying number may be an EIN, a Social Security Number, or an IRS individual taxpayer identification number. The IRS, at 26 CFR 301.7701-12, defines the Employer Identification Number as "the taxpayer identifying number of an individual or other person (whether or not an employer) which is assigned pursuant to section 6011(b) or corresponding provisions of prior law, or pursuant to section 6109, and in which nine digits are separated by a hyphen, as follows: 00-0000000." Comment: A commenter wanted to know the IRS policy on reusing an EIN. Response: Currently, the IRS does not reuse EINs; that is, it does not assign a previously used EIN to a new applicant for an EIN. IRS Publication Number 1635, "Understanding Your EIN, Employer Identification Numbers," includes information on business and corporate changes that would allow continued use of an organization's EIN or would require issuance of a new EIN. This publication can be ordered by calling (800) 829-3676 or can be downloaded from the IRS web site at http://www.irs.gov/pub/irs-pdf/p1635.pdf. Comment: Several commenters recommended the use of an online EIN database and suggested an IRS directory be established. Several commenters recommended use of a standards-based directory schema. Another stated it would be necessary to have a directory only if transactions other than the X12N 834 Health Care Benefit Enrollment were to require use of the EIN. This commenter stated the X12N 834 transaction would not require a directory since it is initiated by employers. Response: For the most part, the EIN will be used in HIPAA transactions initiated by the employer. The employer will know its own EIN; therefore, an on-line public directory will not be necessary. In the few cases where a standard transaction that requires an employer's identifier is initiated by an entity other than the employer, we expect that the entity will obtain the EIN from the employer, as is the current practice. Comment: A concern was raised by one commenter about the length of time it would take to receive an EIN and how both Medicare and Medicaid claims would be paid if the employer did not have an EIN. One commenter said that the proposed rule makes electronic transmissions impossible for any employer that lacks an EIN or refuses to disclose its EIN. Two commenters suggested that the IRS determine those employers that do not already have EINs and that HHS require those named by the IRS to obtain EINs. Another commenter suggested that instructions be made available on what to do if an employer does not have an EIN. One commenter stated that employers utilizing Social Security Numbers for tax reporting purposes should be required to apply for EINs. Response: Many of these concerns were based on an incorrect belief that the patient's employer's EIN would be required in standard claim transactions. Actually, the patient's employer's EIN is not included in the X12N standard claim transactions and is optional in the NCPDP retail pharmacy claim. We know of no situation where an employer identifier would be required in a standard transaction and the employer would not have an EIN. The employer identifier is used in standard transactions to identify the employer of employees who are subjects in the transaction. Any business that pays wages to one or more employees is required to have an EIN as its taxpayer identifying number. A sole proprietor who has no employees or who files no excise or pension tax return is the only business person who is not required to obtain an EIN; a sole proprietor with no employees would not need to be identified as an employer in standard transactions. The IRS publication, "Understanding Your EIN, Employer Identification Numbers," Publication 1635, states that the IRS generally assigns an EIN within 4-5 weeks of receiving an application by mail or assigns an EIN immediately via the tele-TIN telephone process. For the telephone number in each state, see the "Where to Apply" section in Publication 1635. Publication 1635 can be downloaded from the IRS web site at http://www.irs.ustreas.gov/plain/bus_info/pub1635.html or can be ordered by calling (800) 829-3676. Comment: One Medicaid State agency requested clarification on whether Medicaid State agencies would use the EIN when making health plan premium payments or when making capitation payments to managed care plans. Other commenters had concerns of how health plan sponsors that are not employers would be identified in standard transactions. One commenter requested that the description on how to obtain an EIN (63 FR 32793) be expanded to include those non-employer entities that will need an identifier for HIPAA transactions. Response: HIPAA requires that the Secretary adopt a standard unique health identifier for each individual, employer, health plan, and health care provider for use in the health care system. If the Medicaid State agency is making premium payments or capitation payments as an employer on behalf of its own employees, it would use its EIN. The law does not provide for adoption of a standard identifier for health plan sponsors that are not employers but that may enroll or make premium payments on behalf of other persons. We recognize that in some situations, the EIN is used to identify health plan sponsors that are not employers. This practice will not be affected by this final rule. Comment: One commenter asked how foreign employers would be identified in standard transactions. Response: Foreign employers are treated the same
as all other employers under this rule. In this rule, we have intentionally
adopted a definition of "employer" that is identical to the definition
used by the Internal Revenue Service in 26 U.S.C. 3401(d). This
definition covers foreign employers who pay wages to employees for
whom tax withholding is required by the IRS. For purposes of this
rule, it is important that any employer that enrolls or disenrolls
employees in a health plan or that makes premium payments on behalf
of employees to a health plan be able to be identified by the standard
employer Comment: In the proposed rule (63 FR 32793) we noted that some employer organizations have more than one EIN. We asked for comment on whether one EIN should be used consistently in health care transactions. One commenter noted that in some cases employer organizations with multiple EINs may be doing business with multiple health plans and using a different EIN with each plan, resulting in coordination of benefits problems. Several commenters recommended that specific guidelines be defined for using a single EIN across the board in health-related transactions. Several commenters stated that the use of multiple EINs would not be a problem. Several commenters made suggestions on which EIN should be designated for use in health care transactions, for example, the one that appears on the IRS Form W-2, Wage and Tax Statement, of the employee that is a subject of the transaction, the one that identifies the employee's employment address, or the one with the lowest numeric value. Some commenters noted that the intended purpose of the employer identifier is to identify the employer and that the employer should decide which EIN to use. Several commenters suggested that an IRS publication include information on IRS protocols for multiple EINs. Two commenters requested information about the IRS maintenance of EINs when corporate changes such as mergers occur. Response: When a business entity is a consolidated group consisting of several corporations, each corporation may be separately identified for certain Federal tax reporting purposes, and may have its own EIN. The consolidated group may also have an EIN, under which it files a consolidated income tax return. For any relationship of an employer to an employee of that employer, only one unique EIN designates the employer. The standard unique employer identifier of an employer of a particular employee is the EIN that appears on that employee's IRS Form W-2, Wage and Tax Statement, from the employer. The IRS regulations at 26 CFR 301.7701 contain definitions of entities that may be identified for Federal tax purposes. The instructions accompanying IRS Form SS-4, "Application for Employer Identification Number," detail the kinds of entities that must have EINs and the situations that require an entity to obtain a new EIN. IRS publication 1635, "Understanding Your EIN, Employer Identification Numbers," gives further information on business or corporate changes that do and do not require an entity to obtain a new EIN. IRS publications can be downloaded from the IRS web site at http://www.irs.ustreas.gov/plain/forms_pubs/index.html or ordered by calling (800) 829-3676. Comment: One commenter was concerned about possibly conflicting Federal and State regulations for use of the EIN. Response: This commenter did not note any particular conflicts in use of the EIN and we are not aware of any conflicts. Section 1178 of the Act discusses the effect of the Administrative Simplification provisions on State law. The general rule is that the standards adopted under the Act supersede any contrary provision of State law. For a more detailed discussion of the statutory preemption provisions and the regulatory implementation of those provisions, see 65 FR 82480 through 82481 and 65 FR 82579 through 82588. D. Approved UsesComment: One commenter stated that the regulations should not require the EIN on "past" health information. Another commenter expressed concern over the lack of guidelines and controls in dissemination and use of EINs for health care purposes. These commenters said that the regulation should clearly define the approved uses and cross-refer to penalties for misuse. Response: This regulation does not require use of the EIN in transactions conducted before the compliance date. HHS intends to publish a proposed rule concerning enforcement of the HIPAA standards. Civil penalties for failure to comply with requirements and standards are covered in Section 1176 of the Act. Criminal penalties for misuse of an employer identifier are covered in Section 1177 of the Act. Comment: One commenter questioned if the EIN would replace the United Business Identifier used in non-health transactions. Another asked if the EIN would replace other employer identifiers, or be used in addition to them. Response: This rule does not address non-health care transactions. We cannot speak to the issue of what will happen in such transactions. The EIN is the only employer identifier in standard transactions. Comment: Some commenters were concerned that employers would not want to use their EINs because of privacy issues. One commenter stated that effective security and confidentiality measures should protect the EIN. Three commenters stated that health data organizations and public policy researchers should have access to the EIN for public health surveillance. They wanted this access to be clarified. Response: The confidentiality of the EIN is protected under the Internal Revenue Code. Section 26 U.S.C. Sec. 6103 provides that, generally, taxpayer return information, including taxpayer identity (which includes a taxpayer identifying number), must be kept confidential and may not be disclosed by, among others, federal officers or employees, except as permitted by Title 26. In this rule we make no changes to the existing access that health data organizations and public policy researchers have to the EIN. Health data organizations and researchers desiring access to data from a Federal system of records that contains the EIN should address their requests to the Freedom of Information Act official in the agency responsible for the system. E. The Specific Impact of the Employer IdentifierComment: One commenter stated that the cost to implement the EIN would add to premiums paid by individuals and their families. Several commenters said the expense and resources to implement this identifier are greater than estimated. One commenter stated that more specific data related to the exact costs to health care providers should be made available for public comment prior to publication of the final rule. Response: Those concerned with the cost of the identifier consisted primarily of commenters that incorrectly thought that health care providers would be required to use the EIN on health care claims. As noted in our previous responses, the EIN will be used primarily by employers on transactions they initiate; therefore, we do not expect the costs to be higher than those estimated in the proposed rule. When the employer identifier is used in standard transactions initiated by entities other than the employer, we expect that these entities will obtain the EIN from the employer, as is the current practice. [Top of Page] [Previous] [Next]Contents |
|
 |
