Back in September 2012, the Department of Health and Human Services (HHS) published the final rule, which “adopts a unique [health plan] identifier (HPID) for Health Plans”. The deadline is quickly approaching for certain types of health plans, but many organizations are not prepared.

What health plans need an HPID?

The HHS has divided health plans into two categories:

  1.  Controlling Health Plans (CHP): health plans that control their own business activities, actions, or policies; or are controlled by entities that are not health plans.
  2. Subhealth Plans: Small plans (defined as those with annual receipts (claims paid) of $5 million or less).

Good news for those that fall into the Subhealth Plans category, you have until 2015 to apply for your HPID. For those that fall into the “Controlling Health Plans”category, the time is quickly approaching to have that HPID in place.  You must register with HHS  by November 5th.

Enumeration, what’s that?

You may hear the term “enumeration” when referring to obtaining an HPID. This simply refers to the process of applying for a receiving the HPID, according to, “all controlling health plans must enumerate.” Please be advised though that Third Party administrators cannot receive an HPID for themselves, but must submit a request on behalf of their health plan customers.

 So what are the next steps?

You must use a unique health plan identifier code (“HPID”) when conducting certain electronic transactions, such as electronic claims payment. AND all other covered entities must use your HPID when identifying the plan in such transactions.  After receiving an HPID, an employer should provide the HPID to the third party administrator of their health plan so that the third party administrator can use the HPID for electronic transactions that it processes for the plan.

For help on why and how to register for an HPID, access the HHS website: click here.

Contact our experts to learn more about how our professional services and solutions can help you comply with these regulations.


Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.