Good morning, Mr. Chairman, members of the Committee. Thank you for
inviting me to speak with you this morning.
The promise of the Health Insurance Portability and Accountability Act
(HIPAA) was to afford millions of Americans greater security in their
health insurance coverage through improved access, portability and
renewability in the group and individual markets. Helping to assure that
HIPAA delivers on this promise has been a complicated and challenging
undertaking for the Health Care Financing Administration (HCFA). While it
was clear on the day of enactment that HIPAA required HCFA to assume a new
role in regard to oversight of State regulation of health insurance, the
extent to which we are now involved in direct regulation was unanticipated
by Congress and the Administration.
Since enactment, we have reorganized our priorities to find resources
within HCFA for HIPAA implementation but given our new responsibilities in
regard to direct insurance regulation and the demands of implementing the
unprecedented volume of Medicare and Medicaid changes included in the
Balanced Budget Act of 1997, this is not a workable strategy. As is clear
from the reaction of some carriers to HIPAA requirements, as described in
the GAO report that the Chairman requested, the promise of this legislation
will not be fulfilled without effective enforcement. Effective enforcement
is not possible without adequate resources. To address the current resource
problem, a supplemental budget request has been sent to Congress for HCFA's
implementation and enforcement of HIPAA.
Last February, the previous HCFA Administrator, Bruce Vladeck, appeared
before this Committee as HCFA, working with our partners in DOL and
Treasury, was in the midst of preparing the initial set of HIPAA
regulations. Much has happened since then and this hearing provides an
opportunity to formally update the Committee on the progress that we have
made and the significant challenges that we face.
IMPLEMENTATION OF HIPAA
With the publication of the interim final regulations last April, the three
Departments completed the first phase of HIPAA implementation. In preparing
these regulations we sought input from states, consumers and the insurance
- Although not required by the statute, we published a public solicitation
for input in the Federal Register in December 1996. The Departments
carefully considered the public comments received on behalf of employees,
dependents, and others seeking health coverage, as well as employers, plan
administrators, insurance issuers, and States in developing the interim
rules. The comments proved to be very helpful in developing the regulation,
especially with regard to the Departments' decision to design a model
certificate of creditable coverage that reduces the potential burdens on
employers and insurance carriers, while making the certification process
more effective for employees and dependents.
- We also worked closely with the States and the National Association of
Insurance Commissioners (NAIC) to get their views and comments on the
policy and regulatory processes issues. We met with many other State
groups, such as the National Governors' Association and the American Public
Welfare Association's National Association of State Medicaid Directors. We
are grateful for the time and effort that many State officials spent in
educating us and providing their advice and assistance.
- In order to help States in developing alternative mechanisms for the
individual market, we published a notice in the Federal Register in January
1997. This notice generally described the statutory provisions, provided
procedural guidance for States implementing alternative mechanisms, and
described the statutory provisions that apply in a State that does not
implement an acceptable alternative mechanism.
As reported by the GAO, the States and the insurance industry were pleased
with the open and inclusive nature of the regulation process. We are still
in the process of analyzing the comments to the April regulation. We would
have hoped to be further along in this process but decided to focus first
on implementing regulations for the Mental Health Parity Act and the
Newborns' and Mothers' Health Protection Act.
IMPLEMENTATION OF MENTAL HEALTH PARITY ACT AND NEWBORNS' AND
MOTHERS' HEALTH PROTECTION ACT
On September 26, 1996, right on the heels of HIPAA enactment, the President
signed into law the Mental Health Parity Act and the Newborns' and Mothers'
Health Protection Act. The Mental Health Parity Act requires that if a
group health plan offers any mental health benefits then the lifetime and
annual dollar limits for mental illness must at least be equal to those for
physical illness. However, the statute exempts a plan from the Act's
requirements if implementation results in a cost increase of at least one
percent or if the plan is for employers with 50 or less employees. The
Newborns' and Mothers' Health Protection Act establishes standards that
will apply to group health plans and health insurance issuers relating to
minimum benefits for hospital stays following childbirth. Both Acts became
effective for plan years beginning on or after January 1, 1998.
On June 26, 1997, a Request for Information was published in the Federal
Register so as to obtain specific information to help us in interpreting
the above referenced statutes. We explicitly asked for comments on
interpreting the statute's exemption for a plan that could demonstrate that
the mental health parity provisions would result in an increase in cost
under the plan of more than one percent. We also requested information to
help us interpret the hospital lengths-of-stay provisions, and to analyze
the potential impact of regulatory alternatives on the business community
and the public.
On December 22, 1997, interim final regulations to implement the Mental
Health Parity Act were published in the Federal Register with a 90-day
comment period. To ensure that plans have time to comply, those plans that
assumed in good faith that they would be prospectively eligible for an
exemption based on cost have been given until April 1, 1998 to implement
parity, provided they notify the appropriate government agencies. We expect
regulations to implement the Newborns' and Mothers' Health Protection Act
to be published this summer. We will notify the committee when they will be
published in the Federal Register.
CONCERNS AND CHALLENGES
As the GAO report indicates, the states and HCFA have been attempting to
address various issuer practices that are both inconsistent with the
guaranteed availability provisions of HIPAA and unjustified by any higher
costs that issuers may incur in serving HIPAA-eligible populations. On
Tuesday, the President directed the Secretary to conduct a thorough review
of options for strengthening the protections afforded by HIPAA.
Yesterday, HCFA issued a bulletin to State insurance commissioners and
private insurers that communicates our position in regard to agent
commissions and processing delays. This bulletin is the first in a series
that we expect to issue as we continue with our implementation and
enforcement responsibilities. Let me outline our position in regard to
agent commissions and processing delays and our concerns as to the rating
Some issuers are attempting to discourage the offering of policies to
HIPAA-eligible individuals in the individual market, or to small groups
containing high risk individuals, by withholding commissions from agents
for sales to such individuals or small groups. Agents have sent us copies
of notices from a number of issuers stating they will not pay or will
reduce commissions and bonuses for sales to high risk groups and/or
HIPAA-eligible individuals. We believe that the issuer's commission
structure should treat high risk individuals and groups in a neutral way
(i.e., providing neither an incentive nor a disincentive to submit high
risk individuals or groups for enrollment).
Several States have taken action, under their Unfair Trade Practices Acts
or their rating authority, to combat the practice of unfairly reducing or
eliminating agent commissions. Other States that have prior approval of
rates have attacked this practice by declaring that issuers who alter
commission structures to deter agents from soliciting or processing
applications from HIPAA- protected individuals or groups are using an
unapproved rate. HCFA is encouraging States to use their authority to take
appropriate actions against practices which circumvent the insurance reform
provisions of HIPAA.
While Federal law currently provides no direct equivalent to these State
authorities for taking action against such practices, we believe that these
and other marketing or distribution practices may, in many instances,
constitute failure on the part of issuers to offer required coverage to
HIPAA-eligible individuals or small employers. For an issuer to modify the
normal operation of its marketing and distribution system so as not to
attract its fair share of the high risk individuals and small groups
protected by HIPAA is not in accord with the intent of the statute to
protect these individuals and groups. HCFA intents to carefully monitor
issuers' practices and will take appropriate enforcement action to the
extent such practices are found, under the regulations, to constitute a
failure to offer coverage.
Application Processing Delays
Another abuse of which we have been informed involves issuers delaying
action on applications for coverage submitted by HIPAA-eligible individuals
or by small employers, so as to cause the individual or group to incur a
significant break in coverage. We note that the Department of Labor
coordinated with the NAIC to successfully resolve this problem in at least
one State. Other States have taken effective action on their own
initiative. However, new information shows that this problem persists in
some other States. A significant break in coverage has a different effect
in the individual and group markets. In the individual market, a person
must (among other requirements) have eighteen months of creditable coverage
without a significant break to qualify as a HIPAA-eligible individual. A
significant break terminates the status of a HIPAA-eligible individual and
thus leaves a person without guaranteed access to coverage. For group
health plan participants, a significant break in coverage means they are
exposed to a full pre-existing condition exclusionary period under any new
coverage and may thus lose benefits to which they would have been entitled
to had there been no delay.
These delays can take a number of forms:
- With respect to the group market, we have heard reports that issuers held
applications for lengthy periods before delivering premium quotes.
- Similarly, we have heard that some individual market issuers may be
causing HIPAA- eligible individuals to incur significant breaks in coverage
by delaying premium quotes and by then quoting premiums that the applicants
are not likely to find acceptable.
- Also in the individual market, we have heard that some issuers have
caused unreasonable delays by demanding that an applicant furnish all
supporting documentation to establish status as a HIPAA-eligible individual
before an application for coverage will be accepted.
We believe that all of these types of delay are inconsistent with the
intent of HIPAA. We intend to take appropriate enforcement action when
issuers are found to engage in these practices.
As reported by the GAO, some issuers are offering coverage to
HIPAA-protected individuals at rates as high as 500 to 600 percent of
standard risk. This practice, known as "rating up," is often intended to
exclude HIPAA-protected persons from coverage under these products. We are
concerned that issuers may be intentionally offering coverage at
unaffordable rates, in order to avoid providing coverage to HIPAA-eligible
individuals and small groups while appearing to comply with the guaranteed
availability provisions of HIPAA. We are continuing to gather information
about this problem, and exploring regulatory and statutory options.
HCFA's Unexpected Role
States have traditionally regulated the business of insurance as affirmed
by Congress in the 1945 McCarran-Ferguson Act. However, with certain States
not implementing and enforcing HIPAA provisions, HIPAA requires the Federal
government to be the fallback enforcer when necessary. As I stated earlier,
it was generally not anticipated by Congress or by the Administration that
Federal enforcement of HIPAA would be necessary. But, beginning in May and
June of last year, the Missouri and Rhode Island State legislatures
adjourned without enacting any legislation to conform existing law to HIPAA
requirements. Soon after, California failed to address HIPAA's individual
market provisions, thus greatly expanding the complexity and breadth of
Federal enforcement activities.
In order to implement and enforce HIPAA provisions, HCFA, among other
things, must collect and review documentation regarding policy forms for
compliance, regulate certificates of prior creditable coverage, and monitor
marketing of individual policies. Therefore, we have been working closely
with State officials and have developed positive working relationships. We
have also apprised Congressional delegations of the situation and have had
several meetings with insurers. We are doing our best to implement Federal
enforcement so that workers and their families in these States can benefit
from this law as soon as possible.
As the GAO report indicates, it appears that HCFA will also be responsible
for Federal enforcement in Massachusetts and Michigan. Furthermore, we
believe that Federal enforcement may be triggered in more States in the
months ahead. Some states may choose not to enforce specific aspects of the
small group or individual market or the mental health parity provisions. If
this becomes the case, then HCFA would be responsible for enforcing these
provisions, creating a "patchwork quilt" of Federal and State enforcement
within the State. This involves some important challenges.
OBSTACLES TO EFFECTIVE ENFORCEMENT
HIPAA is a new and complicated law for which there are few operational,
legislative or legal guideposts. Because we are often working in uncharted
territory, we have been pleased to be able to issue so much detailed
guidance on complex issues in so short a time. But our work is far from
done. We agree with the GAO and many of its sources that difficult
regulatory challenges lie ahead as we develop guidance on other HIPAA
provisions. We are particularly concerned about resources. As the GAO
report correctly notes, HIPAA provided no additional resources for HCFA to
perform the new major regulatory and enforcement responsibilities. Our
resource problem is further complicated by equally significant new
responsibilities given to us in the Balanced Budget Act. So far, we have
been doing the best we can by trying to redistribute already scare
resources. We have redirected staff from other responsibilities to focus on
the most essential tasks, such as developing regulations, reviewing State
alternative mechanism proposals, and beginning enforcement activities in
States that failed to enact their own HIPAA insurance reforms.
The Administration recently forwarded to the Congress a supplemental
request for FY 1998 that would provide $6 million for HIPAA-related
insurance reform activity, including 65 full-time- equivalent staff
positions. This request would allow us to begin to address the
responsibilities resulting from direct federal enforcement in the five
States mentioned above. To the extent that Federal enforcement extends
beyond these States, we will again have to examine our resource needs.
In addition to resources, we believe that there is a need to examine the
tools available to HCFA in the case of federal enforcement. Under current
law, the only enforcement tool available to the agency is civil monetary
penalties. While CMPs may have been adequate given the assumption that
direct Federal regulation would not occur, the reality of direct Federal
regulation in at least five States may require that HCFA have the range of
tools utilized by state insurance agencies.
One final area that may merit re-examination is the issue of state
reporting. While HCFA is responsible for direct enforcement in States that
are not effectively enforcing the statute, there is no mechanism by which
states are to provide us with the information required to make this
assessment. As indicated by GAO, we have to rely on "information provided
voluntarily by states, surveys performed by others and anecdotal reports"
to determine the status of individual states. While this is a difficult and
sensitive area, we believe that accurate and timely information from States
is a key ingredient to assuring that the promise of HIPAA is fulfilled.
The promise of HIPAA will not be fulfilled without tough but fair
enforcement. The bulletin that we issued this week regarding agent
commissions and processing delays provided guidance to States to support
their effective enforcement. In the States where there is direct Federal
enforcement, the bulletin serves as a warning to issuers who may be
attempting to circumvent the law.
While we fully agree with GAO that a "comprehensive determination of
HIPAA's impact remains years off ", we believe that it is clear that the
issue of resources for Federal enforcement needs to be addressed
immediately. Many challenges lie ahead both for the states and for HCFA and
the other Departments. HCFA and the other Departments will continue to
consult with the staff from the Committee and with representatives from
States, employers, insurance companies, and consumer groups as we complete
implementation of this landmark legislation and move forward with
I would be happy to answer any questions you might have.