HHS HIPAA Compliance

Proposed HIPAA Credential for Health Plans

ACA Section 1104 Mandated Certification Process

Section 1104 of the ACA requires HIPAA covered health plans to file a statement with HHS certifying that their data and information systems are in compliance with certain HIPAA-mandated transaction standards and associated operating rules. The intent of the ACA-mandated health plan certification is to move the health care industry toward a consistent testing framework that will support a more seamless transition to new and modified standards and operating rules for administrative transactions.  The goal of these transactions is to reduce the clerical burden on patients, health care providers, and health plans.
On January 2, 2014, HHS published the Notice of Proposed Rule Making (NPRM), "Administrative Simplification: Certification of Compliance for Health Plans" (CMS-0037-P), in the Federal Register. The NPRM proposes that controlling health plans (CHPs) certify to HHS their demonstrated compliance with the HIPAA-mandated standards and operating rules for the following:  eligibility for a health plan, health care claim status, and health care electronic funds transfers (EFT) and remittance advice transactions. The NPRM proposes two options for health plans to meet the documentation of compliance requirements: 

The January 2, 2014 NPRM proposed a December 31, 2015 deadline by which CHPs were required to certify compliance. However, the proposed rule, including the December 31, 2015 deadline, was not mandated in a final regulation before December 31, 2015.

According to the Centers for Medicare & Medicaid Services website, “CMS is currently developing a second proposed rule [regarding the ACA-mandated HHS Certification of Compliance program] that would revise the initial proposed provisions in response to public feedback received through the rulemaking process."

CAQH CORE Developed Draft HIPAA Credential Forms

As the proposed administrator of the HIPAA Credential, CAQH CORE initiated a transparent and collaborative industry-wide effort to develop forms designed to meet the needs of the HIPAA Credential as described in the NPRM. In February 2014, CAQH CORE published the initial draft HIPAA Credential Forms on its website, developed based upon the proposed requirements in the NPRM. From May through June, 2014, CAQH CORE solicited industry input on the clarity and content of the forms and received more than 250 comments from both CORE and non-CORE Participating Organizations.
Over a 5-month period, the CAQH CORE Certification/Testing Subgroup, composed of a broad cross-section of industry stakeholders, revised several draft versions based upon industry feedback, surveys, and market testing before approving these Final Draft HIPAA Credential Forms.  Once HHS issues a final rule on the ACA-mandated health plan certification, the CAQH CORE Certification/Testing Subgroup will reconvene to make any necessary adjustments to the draft forms.
These draft forms are for illustrative purposes only, as the Department of Health and Human Services (HHS) has not published a final rule on the Affordable Care Act (ACA)-mandated health plan certification. CAQH CORE’s intent in publishing these draft forms is to give the industry, especially health plans, a general sense of the type of documentation that may be required to complete the HIPAA Credential application process, according to recently proposed regulation.  
These forms are subject to change based on the release of the HHS final rule.  These forms cannot be used to apply for the HIPAA Credential.
Final Draft HIPAA Credential Forms
Industry stakeholders are encouraged to join CORE as Participating Organizations to contribute to this process. CORE Participating Organizations include health plans, providers, technology companies, government entities, trade associations, vendors, financial institutions, and standard-setting organizations. For information on how to become a CORE Participating Organization, please see the CORE Participant Application Form or contact core@caqh.org.
Comments are welcome at core.certification@caqh.org.  
CAQH Program: