The Regulatory Framework Task Force of the Accident and Health Insurance (B) Committee of the National Association of Insurance Commissioners (NAIC) submits this statement to the Subcommittee on Health Data Needs, Standards, and Security of the National Committee on Vital and Health Statistics (NCVHS) in response to the notice of the Subcommittee's hearings and solicitation of public comments appearing at 62 Fed. Reg. 1336 (Jan. 9, 1997). The purpose of this statement is to provide the perspective of state insurance departments to assist the National Committee on Vital and Health Statistics as it formulates recommendations to the Secretary of the U.S. Department of Health and Human Services (HHS) to assist her in adopting standards, pursuant to Subtitle F of Title II of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), for specified transactions to enable health information to be exchanged electronically. (Section 1173 of the Social Security Act as added by HIPAA.)
Background: The National Association of Insurance Commissioners, founded in 1871, is an organization of the chief insurance regulatory officials of the fifty states, the District of Columbia, and four U.S. territories. The NAIC exists to assist state insurance regulators, individually and collectively, to assure the fair and equitable treatment of insurance consumers. (NAIC Mission Statement, Article II.)
The NAIC's primary instruments of providing technical assistance and guidance to the states are its model laws, regulations, and guidelines. Model laws and regulations are developed by committees of regulators at the NAIC's national meetings, which take place four times a year. NAIC meetings are public and the regulators solicit comments on all drafts. Each model is referred to a parent committee for approval and ultimately to the plenary session of the NAIC for adoption. All NAIC members have the opportunity to vote on a model at the plenary session. A state may either adopt an NAIC model intact or modify it to meet the state's specific needs and conditions. A state may also choose not to adopt an NAIC model.
The NAIC committees also develop policy papers on a variety of topics. These papers are subjected to the same approval process as the NAIC's model laws and regulations.
Activities of State Insurance Departments and the NAIC with Respect to Health Information and Data:
State insurance departments typically require insurance carriers, health plans, and other regulated entities to report to the insurance department a large amount of aggregate information, including information about the premiums collected, the claims paid, and the complaints and grievances received by the carrier, plan, or entity. The transactions specified in section 1173(a) of the Social Security Act, as added by HIPAA, are the source of much of this aggregate information that carriers must report as a condition of doing business within a state. Insurance departments therefore have extensive expertise in the area of data reporting. Some have experience with electronic submissions and have worked with sister state agencies to develop standards of the type contemplated in the Administrative Simplification section of HIPAA. The rapid expansion of managed health care, with its integration of the health care financing and health care delivery functions, has motivated some state insurance departments to evaluate their regulatory reporting requirements and work with sister state agencies, such as the state Medicaid agency, to assess whether the state's regulatory requirements for health plans are consistent with its purchasing requirements for Medicaid and other state health programs.
The NAIC adopted in 1996 five model acts that set standards for managed care entities in the areas of quality assurance, health care professional credentialing verification, grievance procedures, utilization review procedures, and the adequacy of the planís provider network. These models were initially developed by the NAIC's Regulatory Framework Task ("the Task Force"), whose parent committee is the Accident and Health Insurance (B) Committee. The Task Force is now charged with examining issues related to the reporting of health information. In 1998 the Task Force will develop, through its Health Information and Privacy Working Group, a policy paper examining the role of state insurance departments in the collection, use, and dissemination of health information and data.
To obtain information for this paper, the Accident and Health Insurance (B) Committee has recently surveyed the state insurance departments to determine more precisely the extent of their current functions with respect to health data activities. The range of these activities is varied, and the responses do not reflect the full range of the activities of state insurance departments because the departments are still in the process of responding. However, the survey has revealed that at least one state insurance department has the responsibility under state law for creating and maintaining a health care data base. Another insurance department reported that it regulates a community health management information system. Several departments reported that they collect information about the utilization of health services and the cost of services. One department collects information on membership and utilization statistics in order to track membership in different types of health plans and programs. At least one state insurance department prepares an annual report on the cost of mandated benefits. Several insurance departments stated that they work with sister state agencies in the collection of this information.
In addition to working on this health data policy paper, the Health Information and Privacy Working Group monitors the activities of the Workgroup for Electronic Data Interchange (WEDI) and is a voting member of the National Uniform Claim Committee (NUCC).
The NAIC is also working with state insurance departments on some other activities, not specific to health information, that address the need to standardize the reporting of insurance information and data and to facilitate its collection in electronic from.
Questions posed by the Subcommittee on Health Data Needs, Standards, and Security: The statement in the Federal Register asked commenters to address the following four questions:
1. What are your organization's expectations for the results of the Administrative Simplification standards requirements in the Health Insurance Portability and Accountability Act of 1996 (HIPAA)? In what ways will the outcome affect the members of your organization, both positively and negatively?
Section 1173(a) of the Social Security Act, as added by HIPAA, specifies the following transactions as those for which the HHS Secretary must adopt standards, including data elements:
(1) Health claims or equivalent encounter information;
(2) Health claims attachments;
(3) Enrollment and disenrollment in a health plan;
(4) Eligibility for a health plan;
(5) Health care payment and remittance advice;
(6) Health plan premium payments;
(7) First report of injury;
(8) Health claim status;
(9) Referral certification and authorization.
In addition to these specified transactions, the Secretary may adopt standards, including data elements, for "other financial and administrative transactions determined appropriate by the Secretary, consistent with the goals of improving the operation of the health care system and reducing administrative costs." (Section 1173(a)(1)(B)).
Collection of data: Standardization of the transactions specified in section 1173 will make it easier for carriers to report, and for regulators to verify and compare, the information embodied in the transactions. Such standardization will have enormous consequences for insurance regulators. For example, standardization of claims data and enrollment data will enable regulators to calculate aggregate data about the utilization of services for specific populations. From this information insurance regulators will be able to assess the impact of specific insurance reforms, to compare costs on the basis of per capita expenditures for certain geographic areas, and to target regulatory strategies and other initiatives. Standardized information about utilization and costs will assist regulators in reviewing insurance rates. In general, standardized information will enable regulators to base decisions on precise local and regional data and reduce the reliance on adjusted national data.
However, those insurance departments that have attempted some efforts to standardize health data reporting within their state are extremely aware of the complexity of the task. Insurance carriers, health plans, and other regulated entities vary widely in their capacity to collect and report data. Not all carriers and plans have sophisticated hardware or software, and not all have adequate staffing. Those carriers and plans that do have the resources to invest in sophisticated systems have an enormous competitive advantage. Government initiatives in this area will profoundly affect the health care marketplace.
The capacity of state insurance departments to collect and evaluate data also varies. In addition, insurance departments that have attempted to coordinate with sister state agencies have found that different agencies have very different needs and capacities with respect to the collection of health data and information. The state insurance departments urge the NCVHS to be aware of the role of the insurance departments and the extent to which some departments, in conjunction with their sister state agencies, have developed standards that will be affected by the Administrative Simplification standards and requirements mandated by HIPAA. We would welcome the opportunity to provide the NCVHS with greater detail about the activities of certain state insurance departments with respect to the collection of health data and information, and would urge the NCVHS to consult broadly with state insurance departments and other state agencies about the range of their activities in the field of health data and information. Without such consultation, the NCVHS could recommend, and the HHS Secretary could adopt, standards that nullified the work of these departments.
Preemption: The Task Force also wishes to emphasize to this Subcommittee the broad exceptions to the general preemption language contained in Section 1178 of the Social Security Act as amended by HIPAA. Section 1178 specifies that, "[e]xcept as provided in paragraph (2), a provision or requirement under this part, or a standard or implementation specification adopted or established under sections 1172 through 1174, shall supersede any contrary provision of State law, ...." Paragraph (2), however, provides a number of broad exceptions to this rule. Specifically, a contrary provision of state law is not superseded if the Secretary determines that it is necessary: (1) to prevent fraud and abuse; (2) to ensure appropriate State regulation of insurance and health benefit plans; or (3) for State reporting on health care delivery or costs. A contrary provision of state law is also not superseded if the Secretary determines that it is necessary "for other purposes" or "addresses controlled substances." In addition a contrary provision of state law is not superseded, regardless of a Secretarial determination, if it is "subject to section 264(c)(2) of the Health Insurance Portability and Accountability Act of 1996 [and] relates to the privacy of individually identifiable information."
HIPAA also provides that the impact on state laws of the Administrative Simplification section is limited in two ways: (1) It cannot be construed "to invalidate or limit the authority, power, or procedures established under any law providing for the reporting of disease or injury, child abuse, birth or death, public health surveillance, or public health investigation or intervention." (Section 1178(b)). (2) It cannot "limit the ability of a State to require a health plan to report, or to provide access to, information for management audits, financial audits, program monitoring and evaluation, facility licensure or certification, or individual licensure or certification." (Section 1178(c)).
Examination of data: State insurance regulators need access to the information contained in the specified transactions to monitor the conduct of insurance carriers and health plans and to examine their financial solvency. For example, in conducting both financial examinations and market conduct examinations of a health carrier, regulators must examine claims files. The number of claims paid affects a company's reserves. The carrierís payment of claims also indicates whether it is treating claimants fairly. In addition state insurance regulators need access to this information to investigate specific consumer complaints. The volume of complaints against an insurance carrier or health plan may be a significant indicator of problems that are broader than the specific complaint.
State insurance regulators urge the Secretary to ensure that the data requirements and standards that she establishes pursuant to HIPAA permit insurance regulators to have timely and unimpeded access to all information necessary to ensure compliance with the law by insurance carriers and health plans. In addition, because some insurance departments collect information on health care delivery and costs, insurance regulators want to ensure that federal standards do not prevent this activity. Insurance departments also undertake activities to prevent fraud and abuse and urge that the Secretary's adoption of standards and requirements pursuant to HIPAA not hinder this critical activity. Finally, as the NAIC Task Force stated in its statement to the Subcommittee on Privacy and Confidentiality of the NCVHS, it is very important that states be accorded the maximum flexibility to supplement HIPAA's privacy standards if they so desire, as is expressly permitted by section 264(c)(2) of Subtitle F of Title II of HIPAA. All these explicit exceptions contained in section 1178(a), as well as the Public Health exception of section 1178(b) and the exception for state regulatory reporting contained in section 1178(c), merit careful consideration as this Subcommittee and the NCVHS make their recommendations.
Randy Desonia of the National Governorsí Association (NGA) also noted in his remarks to this Subcommittee on Feb. 10, 1997, that existing state activities with respect to health data collection are extensive and diverse. The NAIC Task Force joins him in urging this Subcommittee and the NCVHS to give careful consideration to all these state activities in formulating recommendations to the Secretary. We also support his suggestion that this Subcommittee and the NCVHS evaluate the broad policy questions as well as the technical issues relating to computer technology and the definition of data elements.
2. Does your organization have any concerns about the process being undertaken by the Department of Health and Human Services to carry out the Administrative Simplification requirements of this law? If so, what are those concerns and what suggestions do you have for improvements?
The NAIC appreciates the effort made by staff of the U.S. Department of Health and Human Services to solicit the views of state insurance departments and to include the NAIC in the public hearing process.
3. What major problems are experienced by the members of your organization with the current transactions specified under the HIPAA? For generators of the data, how readily available is the information that you need to provide for the transactions and how meaningful is that information from a clinical perspective? For users of the data, are you receiving the information you need from the transactions to pay the bill, manage the care process, etc., and what is your perception of its quality?
State insurance regulators recognize that standardizing the definitions and content of existing claims forms would greatly enhance the ability of all parties to use collected health data to answer basic questions about the cost and use of health care services. The standardization of claims data and enrollment data would be particularly helpful. Using claims data to calculate a numerator and enrollment data to calculate a denominator, insurance regulators and others could answer with precision a number of questions about the populationís use of services and the cost of those services. Standardized data will also improve the quality of the data, and electronic submission will facilitate rapid reporting.
However, the NAIC has taken no position on the question of what should constitute the standardized form for any transaction. Nor has the NAIC adopted any policy on the question of the appropriate identifiers for patients, providers, or payers.
4. How can the goal of administrative simplification best be achieved while meeting the needs of all stakeholders?
Administrative simplification is an important goal. However, standards set at the federal level will significantly affect local health care markets and will have a disparate impact on different markets. As noted above, insurance carriers and health plans vary widely in the sophistication of their information systems. The health care markets of different states also vary significantly, both in size and with respect to the predominant types of insurance coverage. Finally, there is wide variation in the ability of state insurance departments and other state agencies to monitor electronic transactions and to collect and utilize data. Requirements and standards for data that are set at the federal level, even when limited to the nine transactions set forth in section 1173(a) of the Social Security Act as added by HIPAA, may not be appropriate for the local conditions of each state's market. Because the standards set by the HHS Secretary will have an enormous impact of both the insurance market and the regulatory structure of each state, we urge the NCVHS to consult widely with state insurance departments and other state agencies. We would be happy to provide the technical assistance of insurance regulators from states that have undertaken work in the field of health data.
Conclusion: State insurance departments have historically collected an enormous amount of aggregate information from health carriers, health plans, and other regulated entities. This trend is increasing because of the growth of managed care, with its emphasis on both health care financing and delivery, and because of the increased capacity for electronic data interchange. Insurance regulators recognize the importance of administrative simplification and the need to standardize the data elements, definitions, and code sets for certain transactions. But those state insurance departments with extensive experience also recognize the complexity of the task facing the NCVHS and the HHS Secretary. They urge the NCVHS and the Secretary to consult widely with state agencies. They have concerns about the impact of federal standards on local health insurance markets and health care delivery systems. Those insurance departments that have expertise want to ensure that their efforts are known to the NCVHS and the Secretary.
The NAIC's Regulatory Framework Task Force supports the efforts of HHS, through the NCVHS, to solicit the comments and participation of all interested parties in the process of formulating the recommendations of the NCVHS to the Secretary with respect to the data standards and requirements of HIPAA. We thank the Subcommittee on Data Needs, Standards, and Security for this opportunity to submit written comments. Please do not hesitate to contact NAIC staff if we can provide the assistance and expertise of our members.