Printed from BusinessInsurance.com

REASONABLE RULES KEY IN PORTABILITY BILL

Posted On: Mar. 23, 1997 12:00 AM CST

THE ENACTMENT of legislation to promote the portability of health benefits clearly was one of the most significant achievements of the 104th Congress.

As we now turn to the implementation stage for that legislation, employers and health plans need a flexible regulatory approach, clear guidance and ample time to collect the required information if the Health Insurance Portability and Accountability Act, or HIPAA, is to achieve its promise to improve the lives of millions of working Americans as they move from job to job.

One of the most important lessons learned from the national health reform debate and the enactment of health portability legislation last year was that successful government-sponsored health care reforms ought to work with, not against, voluntary, employer-based health care systems. While there continue to be problems and gaps in our nation's health care system, there is a fundamental and continuing public interest in maintaining private, voluntary sponsorship of health care benefits as the foundation of health coverage for most Americans.

Benefit mandates, anti-managed care legislation and increased regulatory burdens erode that foundation by raising the cost of health benefits, leading some employers-especially smaller and midsize companies-to scale back or discontinue coverage, and causing more employees to opt out of health coverage when asked to contribute to higher premiums.

Rather than enacting benefit mandates that only drive up health care costs and gradually take more employers and employees out of health coverage, private and public health purchasers should be encouraged to work together to develop the information needed to make better, more informed health care decisions.

Work already has begun in the three federal agencies charged with developing a single set of guidance and regulation on HIPAA by April 1. A number of provisions of HIPAA present practical difficulties in need of regulatory clarification or guidance in order to reduce the burden of implementation. These include the certification provisions, the definition of state vs. federal responsibilities, the state opt-out provision, and the fraud and abuse provisions.

Certification issues

A basic HIPAA requirement is that an individual's prior health coverage-and that of his or her spouse and other dependents-must be certified by either the employer who sponsored the health benefits or by the health plan. Much now depends on how this basic requirement is implemented and whether employers and health plans will be able to meet the expectations and timetables set out in the act.

The act sets Jan. 1, 1998, as the date upon which certification of prior coverage must in most cases begin. While this date may provide sufficient lead time for many employers to issue coverage certificates to employees, certifying the coverage of spouses and dependents may be much more problematic.

Many health plans and employers simply do not have accurate records that track the exact time periods of enrollment for every individual who is eligible under a family coverage plan.

Children, for example, may drop out of a health plan at different times if they move to their other parent's plan or go off to school. A spouse may drop off the employee's health plan due to changes in family circumstances or because he or she elects coverage through another employer's plan. In some cases, employers will have knowledge about these changes, but frequently they do not. These sorts of circumstances will make it nearly impossible for either the employer or the health plan to comply with the requirement that all individuals be certified for the period of their prior coverage.

To address the practical difficulties that employers and health plans soon will face as they attempt to provide individual health coverage certificates, the regulations implementing the act should make a distinction between the certificates of prior coverage that must be provided to employees and those provided to spouses and dependents and allow a transition period for this latter group. The effective date for employer-based data on spouses and dependents should be established in consultation with employers and health plans based on a realistic assessment of the amount of time that will be needed to routinely obtain records on the coverage periods of every individual covered under a plan.

During the transition period, an alternative procedure could be made available to establish the prior coverage period of a spouse or dependent in those cases where the period could not be established by enrollment records maintained by an employer or health plan.

In these instances, a certificate could be issued based on an individual's attestation of the period during which a spouse or dependent was covered under the plan. Because these certificates would be issued based on personal statements and not plan records, the individual attestation could be accompanied by a warning concerning the penalties or sanctions associated with giving false information.

Employers and health plans could be allowed to obtain reasonable documentation to support a certificate based on such personal assertions of prior coverage (such as premium payment documents, claims statements, or copies of an insurance policy) before the individual's new health care coverage would become effective, usually at the point that the individual begins a new job.

Finally, the problems associated with complying with the certification requirements of HIPAA are becoming a subject of growing concern for employers and health plans as the effective dates of the act approach. Therefore, it is very important that the HIPAA regulations be issued no later than the April 1, 1997, date required by the act if employers and health plans are to have adequate time to prepare for the act's effective dates.

Furthermore, the regulations should take a flexible approach to compliance that recognizes the practical problems employers and health plans will face in their ability to produce reliable information on every individual who may have been enrolled in a plan in the past. If the regulations are delayed, or if flexible mechanisms are not established to minimize the expected compliance burdens, further action may be required to postpone the effective dates of the act.

Pre-emption of conflicting state laws

In drafting HIPAA, much effort went into defining the federal and state responsibilities. In general, HIPAA builds on the legislative framework of the federal Employee Retirement Income Security Act of 1974, which for more than 20 years has established federal standards for employer-sponsored group health plans while leaving states their traditional authority to regulate insured health plans for those matters that relate to the business of insurance.

The provisions of HIPAA apply to group health plans whether they are insured or self-funded. HIPAA also includes an important provision that reinforces the primacy of the federal standards and limits future state action, except in several narrowly prescribed areas.

We strongly support the continuation of the pre-emption framework established by ERISA and continued under HIPAA. Few issues are more important to employers than possible changes in the ERISA pre-emption structure, especially for employers who operate on a national or multistate basis. Regulatory guidance in this area of the act should reinforce and clarify the uniformity and primacy of the new federal requirements and the limited scope available for further state actions.

As a logical extension of the pre-emption provisions of the new portability law, employers and health plans should be allowed to rely on:

A uniform written notice to employees to inform them of their rights and responsibilities under HIPAA.

A uniform certification form for prior health coverage that would not vary from state to state or among different employers.

Variation in the information obtained on previous health coverage for different state purposes or by different employers would significantly complicate the job already facing employer sponsors of health plans.

State opt-out of HIPAA

State and local government plans are permitted to opt out of the requirements of HIPAA, which could result in several practical problems.

Has anyone considered the certification problems posed by individuals who leave state jobs for private-sector employment? If government plans are allowed to bypass HIPAA's requirements, state employees and their dependents may not have the same documentation to certify their prior health coverage as individuals who have had health coverage through private employer-sponsored plans.

It is also unclear whether the opt-out applies if the state or local government contracts with an insurance company, as many do, to provide coverage to its employees, as the opt-out privilege is not directly extended to insurers.

In any event, the state opt-out requirements need to be clarified, and employers who hire former state or local workers or their dependents should be allowed to verify claims of prior continuous coverage. It also may be helpful to allow individuals who had previous coverage under a state plan to request certification of continuous coverage, even if states are not routinely required to provide them.

Fraud and abuse provisions

While efforts to combat fraud and abuse in all areas of the health care system are to be applauded, the criminal liability language in the act is very broad and leaves many doubts about whether particular practices might lead to unwarranted litigation.

For example, it is not clear how far the chain of liability might extend if a benefits manager, an outside consultant, or a health plan or third-party administrator is aware that an ineligible individual is receiving benefits under a plan.

Other ambiguities include the act's reference to the ability of law enforcement officials to provide "limited immunity" to individuals during a fraud investigation. In this case, it is simply not clear how the concept of limited immunity would work in practice and to which situations it might apply. Similarly, we have questions whether there will be standards or guidance for fraud-monitoring efforts that will limit an employer sponsor's vulnerability to fraud as well as its liability under the new criminal sanction provisions.

Many of these issues are fact-sensitive, and law enforcement officials will need to be prudent in their pursuit of health care fraud under this new act. Nevertheless, further guidance and examples of safe harbors need to be developed to inform plan sponsors and others on how these untested provisions of the law may be applied in the future.

Much hard work remains if HIPAA is to truly improve the lives of the more than 145 million working Americans and their families who have health care benefits that are voluntarily sponsored by employers.

The ultimate test of the legislation lies ahead in the ability of employers, health plans and plan participants to understand the provisions of the act and easily apply them on a daily basis.

Terry Humo is senior technical consultant and an attorney with Sedgwick Noble Lowndes' Technical Resource Center in Roseland, N.J. Mr. Humo appeared along with John E. Doerr, national practice leader-group benefits for Sedgwick Nob le Lowndes, before the Senate Labor and Human Resources Committee on Feb. 11, 1997, to present the position of the Assn. of Private Pension & Welfare Plans on the portability act.