HHS: Guidance Letter 2022-04—Payment of Health Care Claims by Health Plans Using Virtual Credit Cards (VCCs) and Adopted Health Insurance Portability and Accountability Act of 1996 (HIPAA) Standards for Health Care Electronic Funds Transfers (EFTs) and Electronic Money Consultations transfers (ERA) transactions; 45 Code of Federal Regulations (CFR) §§ 162.1601 and 162.1602(d) Frequently Asked Questions (July 14, 2022)
The HHS National Standards Group (NSG) has issued FAQs to further elaborate on the issues discussed in Guidance Letter 2022-04, published in March 2022, which addressed the HIPAA standards for electronic health fund transfers (EFT) and electronic funds transfer transactions (ERA) between health plans and health care providers (see our checklist article). By way of background, the NSG administers the HHS Compliance Review Program to ensure that covered entities are complying with the HIPAA Administrative Simplification Rules for Electronic Health Transactions. NSG’s guidance letters are not legally binding, but explain NSG’s interpretations of HIPAA’s administrative simplification provisions. NSG FAQs provide brief operational or technical information.
According to the guidance letter, the FAQ reiterates that health plans cannot require health care providers to accept virtual credit card payment for services and must comply with the provider’s request to use accepted standards for EFT payments through the Automated Clearing House (ACH) network or for ERA Transactions. The FAQ also emphasizes that a provider does not have to be part of a health plan’s network or otherwise affiliated with a health plan to receive EFT and ERA transactions using accepted standards. As noted in the guidance letter, HIPAA does not provide an exception to the requirement that health plans conduct a transaction as a standard provider request transaction. However, the provider must register for EFT and ERA transactions with each health plan that the provider bills. NSG cautions that the recommendation letter does not address whether charging standard transaction fees violates HIPAA requirements. The question is whether the health plan’s actions “adversely affect” the standard transaction. Moreover, while health plans must adhere to transaction standards in response to provider requests, plans must not agree to a provider’s request to send payments by other means (eg, via paper check). Additionally, a health plan is not prohibited from offering to process an ERA transaction in a non-standard format on behalf of a provider, but the provider may reject the offer and request delivery in the standard format. FAQs explain what providers can use ASSET application file complaints against health plans that do not comply with the request to send EFT and ERA transactions using accepted standards.
EBIA Comment: Although NSG is focused on enforcement, the FAQ section notes that NSG is not authorized to reimburse providers for costs they incur as a result of a health plan’s noncompliance with HIPAA. Rather, any civil monetary penalty is deposited in the United States Treasury. This is another area that differs from enforcement of the privacy, security, and breach notification provisions, which require HHS to establish a methodology for distributing a percentage of civil monetary penalties or restitution amounts to individuals affected by noncompliance (see our Control Point article). Covered entities and business associates interested in avoiding the expense and inconvenience of enforcement should review the FAQs and related resources, including fact sheets (see our point article). For more information, see EBIA HIPAA Portability, Privacy and Security guidance in Chapters XX (“Ensuring Privacy, Security, and EDI Regulations”) and XXXII (“Electronic Transactions and Code Sets”).
Contributing editors: EBIA staff.