It may not come as a surprise that Congressman Tom Price, MD (R-GA), a vocal critic of the Affordable Care Act who introduced legislation to replace it last spring, was selected to serve as Secretary of the U.S. Department of Health and Human Services (HHS) in the Trump administration. What may come as a bit of a surprise is how Price’s proposed replacement bill appears to favor transparency over individual privacy when it comes to certain health care claim information.
Section 601 of the “Empowering Patients First” bill (Bill) would require a health insurance issuer to send a report including specific claim information to a health plan, plan sponsor or plan administrator upon request (Report). The Bill would require the Report to include all information available to the health insurance issuer that is responsive to the request including … protected health information [PHI] … .”
Since a “plan sponsor” includes an employer (in the case of an employee benefit plan established or maintained by the employer), the Bill would entitle an employer to receive certain PHI of employees and employees’ dependents, as long as the employer first certifies to the health insurance issuer that its plan documents comply with HIPAA and that the employer, as plan sponsor, will safeguard the PHI and limit its use and disclosure to plan administrative functions.
The Report would include claim information that would not necessarily be PHI (such as aggregate paid claims experience by month and the total amount of claims pending as of the date of the report), but could also include:
“A separate description and individual claims report for any individual whose total paid claims exceed $15,000 during the 12-month period preceding the date of the report, including the following information related to the claims for that individual –
(i) a unique identifying number, characteristic or code for the individual;
(ii) the amounts paid;
(iii) the dates of service; and
(iv) applicable procedure and diagnosis codes.”
After reviewing the Report and within 10 days of its receipt, the plan, plan sponsor, or plan administrator would be permitted to make a written request for additional information concerning these individuals. If requested, the health insurance issuer must provide additional information on “the prognosis or recovery if available and, for individuals in active case management, the most recent case management information, including any future expected costs and treatment plan, that relate to the claims for that individual.”
Price transparency has been studied as a potentially effective way to lower health care costs, and employers are often in a difficult position when it comes to understanding what they pay, as plan sponsors, to provide health insurance coverage to employees and their families. Laws and tools that increase the transparency of health care costs are desperately needed, and the Empowering Patients First bill valiantly attempts to create a mechanism whereby plan sponsors can identify and plan for certain health care costs. On the other hand, in requiring the disclosure of procedure and diagnosis codes to employers, and in permitting employers to obtain follow-up “case management” information, the bill seems to miss the HIPAA concept of “minimum necessary”. Even if an employer certifies that any PHI it receives will be used only for plan administration functions, employees might be concerned that details regarding their medical condition and treatments might affect employment decisions unfairly and in ways prohibited by HIPAA.
If Dr. Price steps up to lead HHS in the coming Trump administration, let’s hope he takes another look at this Section from the perspective of HHS as the enforcer of HIPAA privacy protections.