Health Plans Need Contingency Plans for National Provider Identification Compliance after May 23, 2007

Health plans who are not ready to comply with the National Provider Identifier Rule by the May 23, 2007 deadline should already have contingency plans in place or should be developing contingency plans now, according to representatives from the Centers for Medicare and Medicaid Services (“CMS”). In April, CMS released its NPI Contingency Guidance to assist providers, plans, clearinghouses, and other affected entities struggling to comply with the NPI Rule in the face of the imminent May 23, 2007 compliance deadline. CMS has indicated it will forego enforcement for the time being against plans making good faith compliance efforts through use of an appropriate contingency plan. Further clarification came during a national roundtable hosted by CMS on April 18, 2007. Representatives from CMS included Karen Trudel, Deputy Director of the Office of E-Health Standards and Services and Cathy Carter, Director of the Business Applications and Management Group, Office of Information Services.

Background

To meet the needs of the Medicare and Medicaid programs, CMS began investigating the implementation of a national provider identifier system in 1993. In 1996, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) formally required the Department of Health and Human Services to promulgate and adopt a national standard identifier for health care providers for use in covered transactions. CMS published the final rule adopting the NPI number as the standard health care provider identifier on January 23, 2004 (the “NPI Rule”). The NPI Rule became effective on May 23, 2005, and May 23, 2007 was set as the required implementation date.

The NPI Rule requires covered entities, including health care providers, plans, and clearinghouses, to use the NPI number to identify the health care provider in all “standard transactions,” including health care claims, where the health care provider’s identifier is required. After the May 23, 2007 deadline, the NPI Rule does not permit covered entities (except for small health plans, having annual receipts of $5 million or less, who have until May 23, 2008) to conduct noncompliant transactions. For health plans, this would mean that the plan may not process electronic claims submissions that lack NPI numbers. However, this also means that the plan must have the ability to process such claims, which has not been an easy task for many health plans.

After May 23, 2007, complaints may be filed with CMS against covered entities that are not in compliance with the NPI Rule. Each violation carries a penalty of up to $100, but not more than $25,000 for identical violations during a calendar year.

Compliance Guidance

Many covered entities, especially plans, are finding it difficult to meet the upcoming compliance deadline. According to the CMS representatives on the Roundtable call, approximately 15% of health care providers have not yet obtained NPI numbers, and approximately half of health plans are not ready to use the NPI numbers to process standard transactions. Part of the problem, CMS indicated, is that approximately half of health care software vendors do not have software that is capable of generating or processing claims with NPI numbers. Another problem is that, due in part to a lack of clarity in earlier CMS guidance, some health care providers have been reluctant to share their NPI numbers with health plans and other covered entities. Additionally, standard transactions most often occur between two covered entities, and a lack of compliance readiness by one entity puts the second covered entity in a difficult position, even if the second entity is otherwise in compliance with the NPI Rule.

Given the compliance difficulties covered entities are facing, CMS released the NPI Contingency Guidance to give covered entities flexibility to mitigate unintended adverse effects on their business operations and the availability and quality of patient care. The Guidance provides that, until May 23, 2008, CMS will not impose civil monetary penalties on covered entities that are making reasonable, diligent, good faith efforts to come into compliance with the NPI Rule, e.g., have a contingency plan. With regard to health plans, the Guidance provides that plans can continue processing payments to providers as long as the plan can demonstrate to CMS that it is actively conducting provider outreach and testing efforts to assess compliance readiness with its providers and other trading partners. This gives plans the option of continuing to use legacy identifiers to process claims, alone or in conjunction with NPI numbers, during the twelve-month transition period.

The Roundtable Call

CMS immediately emphasized at the start of the Roundtable call that the NPI Contingency Guidance is not an extension of the compliance deadline – the deadline remains May 23, 2007. The Guidance is simply CMS’ statement that it will use discretion when enforcing compliance with the deadline for those covered entities that are making good faith efforts. CMS was also very clear that a “contingency plan” need not be a formal, legal document; CMS is simply looking for verifiable evidence of what efforts health plans and other entities have undertaken (especially prior to the compliance deadline) to meet their obligations under the NPI Rule.

As mentioned above, CMS expects health plans to be actively conducting provider outreach and education, and to be actively conducting testing efforts with the plan’s provider community and other trading partners, to assess all parties’ ability to process standard transactions. Plans who have not already begun undertaking these efforts should begin doing so immediately. CMS will not look favorably on plans that are not making sustained, demonstrable efforts towards compliance.

CMS also put the onus on health plans to develop contingency plans. As the processors of many standard transactions, providers are not going to be able to do their part if plans are unable to accept and process standard transactions. Conversely, plans may find it expedient to continue to process noncompliant transactions after the May 23 rd deadline, if significant portions of their provider communities have yet to obtain required NPI numbers. Many of the participants on the Roundtable call were providers who asked CMS how they should proceed in various situations. CMS’ response to many of these questions was to direct the provider to the contingency plans of the plans with whom the providers participate.

CMS stated that it will continue to assess industry readiness with the NPI Rule through the twelve-month contingency plan period. While plans and other entities may terminate their contingency plans at any time, currently all contingency plans must be terminated and all entities must be in full compliance by May 23, 2008.

Future Guidance

On the Roundtable call, CMS said that soon it will be announcing a contingency plan for the Medicare Fee for Service program, and guidance on data dissemination and access to health care providers NPI numbers from the National Plan and Provider Enummeration System (“NPPES”). No date for release of either guidance has been set.