DHHS Eagle graphic
ASL Header
Mission Nav Button Division Nav Button Grants Nav Button Testimony Nav Button Other Links Nav Button ASL Home Nav Button
US Capitol Building
HHS Home
Contact Us
dot graphic Testimony bar

This is an archive page. The links are no longer being updated.

Testimony on Health Insurance Portability and Accountability Act by Nancy-Ann Min DeParle
Administrator, Health Care Financing Administration
U.S. Department of Health and Human Services

Before the Senate Committee on Labor and Human Resources
March 19, 1998

Good morning, Mr. Chairman, members of the Committee. Thank you for inviting me to speak with you this morning.

The promise of the Health Insurance Portability and Accountability Act (HIPAA) was to afford millions of Americans greater security in their health insurance coverage through improved access, portability and renewability in the group and individual markets. Helping to assure that HIPAA delivers on this promise has been a complicated and challenging undertaking for the Health Care Financing Administration (HCFA). While it was clear on the day of enactment that HIPAA required HCFA to assume a new role in regard to oversight of State regulation of health insurance, the extent to which we are now involved in direct regulation was unanticipated by Congress and the Administration.

Since enactment, we have reorganized our priorities to find resources within HCFA for HIPAA implementation but given our new responsibilities in regard to direct insurance regulation and the demands of implementing the unprecedented volume of Medicare and Medicaid changes included in the Balanced Budget Act of 1997, this is not a workable strategy. As is clear from the reaction of some carriers to HIPAA requirements, as described in the GAO report that the Chairman requested, the promise of this legislation will not be fulfilled without effective enforcement. Effective enforcement is not possible without adequate resources. To address the current resource problem, a supplemental budget request has been sent to Congress for HCFA's implementation and enforcement of HIPAA.

Last February, the previous HCFA Administrator, Bruce Vladeck, appeared before this Committee as HCFA, working with our partners in DOL and Treasury, was in the midst of preparing the initial set of HIPAA regulations. Much has happened since then and this hearing provides an opportunity to formally update the Committee on the progress that we have made and the significant challenges that we face. IM


With the publication of the interim final regulations last April, the three Departments completed the first phase of HIPAA implementation. In preparing these regulations we sought input from states, consumers and the insurance industry.

  • Although not required by the statute, we published a public solicitation for input in the Federal Register in December 1996. The Departments carefully considered the public comments received on behalf of employees, dependents, and others seeking health coverage, as well as employers, plan administrators, insurance issuers, and States in developing the interim rules. The comments proved to be very helpful in developing the regulation, especially with regard to the Departments' decision to design a model certificate of creditable coverage that reduces the potential burdens on employers and insurance carriers, while making the certification process more effective for employees and dependents.

  • We also worked closely with the States and the National Association of Insurance Commissioners (NAIC) to get their views and comments on the policy and regulatory processes issues. We met with many other State groups, such as the National Governors' Association and the American Public Welfare Association's National Association of State Medicaid Directors. We are grateful for the time and effort that many State officials spent in educating us and providing their advice and assistance.

  • In order to help States in developing alternative mechanisms for the individual market, we published a notice in the Federal Register in January 1997. This notice generally described the statutory provisions, provided procedural guidance for States implementing alternative mechanisms, and described the statutory provisions that apply in a State that does not implement an acceptable alternative mechanism.

As reported by the GAO, the States and the insurance industry were pleased with the open and inclusive nature of the regulation process. We are still in the process of analyzing the comments to the April regulation. We would have hoped to be further along in this process but decided to focus first on implementing regulations for the Mental Health Parity Act and the Newborns' and Mothers' Health Protection Act.


On September 26, 1996, right on the heels of HIPAA enactment, the President signed into law the Mental Health Parity Act and the Newborns' and Mothers' Health Protection Act. The Mental Health Parity Act requires that if a group health plan offers any mental health benefits then the lifetime and annual dollar limits for mental illness must at least be equal to those for physical illness. However, the statute exempts a plan from the Act's requirements if implementation results in a cost increase of at least one percent or if the plan is for employers with 50 or less employees. The Newborns' and Mothers' Health Protection Act establishes standards that will apply to group health plans and health insurance issuers relating to minimum benefits for hospital stays following childbirth. Both Acts became effective for plan years beginning on or after January 1, 1998.

On June 26, 1997, a Request for Information was published in the Federal Register so as to obtain specific information to help us in interpreting the above referenced statutes. We explicitly asked for comments on interpreting the statute's exemption for a plan that could demonstrate that the mental health parity provisions would result in an increase in cost under the plan of more than one percent. We also requested information to help us interpret the hospital lengths-of-stay provisions, and to analyze the potential impact of regulatory alternatives on the business community and the public.

On December 22, 1997, interim final regulations to implement the Mental Health Parity Act were published in the Federal Register with a 90-day comment period. To ensure that plans have time to comply, those plans that assumed in good faith that they would be prospectively eligible for an exemption based on cost have been given until April 1, 1998 to implement parity, provided they notify the appropriate government agencies. We expect regulations to implement the Newborns' and Mothers' Health Protection Act to be published this summer. We will notify the committee when they will be published in the Federal Register.

Issuer Practices

As the GAO report indicates, the states and HCFA have been attempting to address various issuer practices that are both inconsistent with the guaranteed availability provisions of HIPAA and unjustified by any higher costs that issuers may incur in serving HIPAA-eligible populations. On Tuesday, the President directed the Secretary to conduct a thorough review of options for strengthening the protections afforded by HIPAA.

Yesterday, HCFA issued a bulletin to State insurance commissioners and private insurers that communicates our position in regard to agent commissions and processing delays. This bulletin is the first in a series that we expect to issue as we continue with our implementation and enforcement responsibilities. Let me outline our position in regard to agent commissions and processing delays and our concerns as to the rating issue.

Agent Commissions

Some issuers are attempting to discourage the offering of policies to HIPAA-eligible individuals in the individual market, or to small groups containing high risk individuals, by withholding commissions from agents for sales to such individuals or small groups. Agents have sent us copies of notices from a number of issuers stating they will not pay or will reduce commissions and bonuses for sales to high risk groups and/or HIPAA-eligible individuals. We believe that the issuer's commission structure should treat high risk individuals and groups in a neutral way (i.e., providing neither an incentive nor a disincentive to submit high risk individuals or groups for enrollment).

Several States have taken action, under their Unfair Trade Practices Acts or their rating authority, to combat the practice of unfairly reducing or eliminating agent commissions. Other States that have prior approval of rates have attacked this practice by declaring that issuers who alter commission structures to deter agents from soliciting or processing applications from HIPAA- protected individuals or groups are using an unapproved rate. HCFA is encouraging States to use their authority to take appropriate actions against practices which circumvent the insurance reform provisions of HIPAA.

While Federal law currently provides no direct equivalent to these State authorities for taking action against such practices, we believe that these and other marketing or distribution practices may, in many instances, constitute failure on the part of issuers to offer required coverage to HIPAA-eligible individuals or small employers. For an issuer to modify the normal operation of its marketing and distribution system so as not to attract its fair share of the high risk individuals and small groups protected by HIPAA is not in accord with the intent of the statute to protect these individuals and groups. HCFA intents to carefully monitor issuers' practices and will take appropriate enforcement action to the extent such practices are found, under the regulations, to constitute a failure to offer coverage.

Application Processing Delays

Another abuse of which we have been informed involves issuers delaying action on applications for coverage submitted by HIPAA-eligible individuals or by small employers, so as to cause the individual or group to incur a significant break in coverage. We note that the Department of Labor coordinated with the NAIC to successfully resolve this problem in at least one State. Other States have taken effective action on their own initiative. However, new information shows that this problem persists in some other States. A significant break in coverage has a different effect in the individual and group markets. In the individual market, a person must (among other requirements) have eighteen months of creditable coverage without a significant break to qualify as a HIPAA-eligible individual. A significant break terminates the status of a HIPAA-eligible individual and thus leaves a person without guaranteed access to coverage. For group health plan participants, a significant break in coverage means they are exposed to a full pre-existing condition exclusionary period under any new coverage and may thus lose benefits to which they would have been entitled to had there been no delay.

These delays can take a number of forms:

  • With respect to the group market, we have heard reports that issuers held applications for lengthy periods before delivering premium quotes.

  • Similarly, we have heard that some individual market issuers may be causing HIPAA- eligible individuals to incur significant breaks in coverage by delaying premium quotes and by then quoting premiums that the applicants are not likely to find acceptable.

  • Also in the individual market, we have heard that some issuers have caused unreasonable delays by demanding that an applicant furnish all supporting documentation to establish status as a HIPAA-eligible individual before an application for coverage will be accepted.

We believe that all of these types of delay are inconsistent with the intent of HIPAA. We intend to take appropriate enforcement action when issuers are found to engage in these practices.

Rating Issues

As reported by the GAO, some issuers are offering coverage to HIPAA-protected individuals at rates as high as 500 to 600 percent of standard risk. This practice, known as "rating up," is often intended to exclude HIPAA-protected persons from coverage under these products. We are concerned that issuers may be intentionally offering coverage at unaffordable rates, in order to avoid providing coverage to HIPAA-eligible individuals and small groups while appearing to comply with the guaranteed availability provisions of HIPAA. We are continuing to gather information about this problem, and exploring regulatory and statutory options.

HCFA's Unexpected Role

States have traditionally regulated the business of insurance as affirmed by Congress in the 1945 McCarran-Ferguson Act. However, with certain States not implementing and enforcing HIPAA provisions, HIPAA requires the Federal government to be the fallback enforcer when necessary. As I stated earlier, it was generally not anticipated by Congress or by the Administration that Federal enforcement of HIPAA would be necessary. But, beginning in May and June of last year, the Missouri and Rhode Island State legislatures adjourned without enacting any legislation to conform existing law to HIPAA requirements. Soon after, California failed to address HIPAA's individual market provisions, thus greatly expanding the complexity and breadth of Federal enforcement activities.

In order to implement and enforce HIPAA provisions, HCFA, among other things, must collect and review documentation regarding policy forms for compliance, regulate certificates of prior creditable coverage, and monitor marketing of individual policies. Therefore, we have been working closely with State officials and have developed positive working relationships. We have also apprised Congressional delegations of the situation and have had several meetings with insurers. We are doing our best to implement Federal enforcement so that workers and their families in these States can benefit from this law as soon as possible.

As the GAO report indicates, it appears that HCFA will also be responsible for Federal enforcement in Massachusetts and Michigan. Furthermore, we believe that Federal enforcement may be triggered in more States in the months ahead. Some states may choose not to enforce specific aspects of the small group or individual market or the mental health parity provisions. If this becomes the case, then HCFA would be responsible for enforcing these provisions, creating a "patchwork quilt" of Federal and State enforcement within the State. This involves some important challenges.


HIPAA is a new and complicated law for which there are few operational, legislative or legal guideposts. Because we are often working in uncharted territory, we have been pleased to be able to issue so much detailed guidance on complex issues in so short a time. But our work is far from done. We agree with the GAO and many of its sources that difficult regulatory challenges lie ahead as we develop guidance on other HIPAA provisions. We are particularly concerned about resources. As the GAO report correctly notes, HIPAA provided no additional resources for HCFA to perform the new major regulatory and enforcement responsibilities. Our resource problem is further complicated by equally significant new responsibilities given to us in the Balanced Budget Act. So far, we have been doing the best we can by trying to redistribute already scare resources. We have redirected staff from other responsibilities to focus on the most essential tasks, such as developing regulations, reviewing State alternative mechanism proposals, and beginning enforcement activities in States that failed to enact their own HIPAA insurance reforms.

The Administration recently forwarded to the Congress a supplemental request for FY 1998 that would provide $6 million for HIPAA-related insurance reform activity, including 65 full-time- equivalent staff positions. This request would allow us to begin to address the responsibilities resulting from direct federal enforcement in the five States mentioned above. To the extent that Federal enforcement extends beyond these States, we will again have to examine our resource needs.

In addition to resources, we believe that there is a need to examine the tools available to HCFA in the case of federal enforcement. Under current law, the only enforcement tool available to the agency is civil monetary penalties. While CMPs may have been adequate given the assumption that direct Federal regulation would not occur, the reality of direct Federal regulation in at least five States may require that HCFA have the range of tools utilized by state insurance agencies.

One final area that may merit re-examination is the issue of state reporting. While HCFA is responsible for direct enforcement in States that are not effectively enforcing the statute, there is no mechanism by which states are to provide us with the information required to make this assessment. As indicated by GAO, we have to rely on "information provided voluntarily by states, surveys performed by others and anecdotal reports" to determine the status of individual states. While this is a difficult and sensitive area, we believe that accurate and timely information from States is a key ingredient to assuring that the promise of HIPAA is fulfilled.


The promise of HIPAA will not be fulfilled without tough but fair enforcement. The bulletin that we issued this week regarding agent commissions and processing delays provided guidance to States to support their effective enforcement. In the States where there is direct Federal enforcement, the bulletin serves as a warning to issuers who may be attempting to circumvent the law.

While we fully agree with GAO that a "comprehensive determination of HIPAA's impact remains years off ", we believe that it is clear that the issue of resources for Federal enforcement needs to be addressed immediately. Many challenges lie ahead both for the states and for HCFA and the other Departments. HCFA and the other Departments will continue to consult with the staff from the Committee and with representatives from States, employers, insurance companies, and consumer groups as we complete implementation of this landmark legislation and move forward with enforcement activities.

I would be happy to answer any questions you might have.

Privacy Notice (www.hhs.gov/Privacy.html) | FOIA (www.hhs.gov/foia/) | What's New (www.hhs.gov/about/index.html#topiclist) | FAQs (answers.hhs.gov) | Reading Room (www.hhs.gov/read/) | Site Info (www.hhs.gov/SiteMap.html)