Standard Unique Employer Identifier
III. Comments and Responses Concerning the Proposed
Provisions
All general comments on applicability of the HIPAA
standards were addressed in the Transactions Rule. These
comments will not be repeated here.
There were 61 commenters on the proposed rule. These
commenters included Federal and State government agencies,
private organizations (including health plans and health
care provider professional organizations), and individuals.
A. Employer Identifier Standard
Comment: Two commenters said there should
be no regulation as to the use or non-use of the hyphen
as part of the format for the EIN. Eight commenters
stated the hyphen should be omitted when transmitting
standard transactions. One commenter said it should
be omitted on standard transactions but used in human-readable
formats. One commenter stated that the use of a modifier
would be beneficial for identifying specific State agencies
under a single EIN; another commenter recommended that
the EIN not be used with a modifier. A few commenters
recommended a check digit be used with the EIN; a larger
number of commenters recommended a check digit not be
used.
Response: The hyphen is part of the EIN,
as it is defined at 26 CFR 301.7701-12 and assigned
by the IRS. The standard transaction formats use alphanumeric
fields for the EIN. These fields can accommodate the
EIN with or without the hyphen. The implementation guides
for the standard transactions are silent on whether
the hyphen must be transmitted. Most translator software
can easily add the hyphen to or remove it from the EIN
field within standard transactions. In spite of the
flexibility of the standard transaction formats and
the capability of translators to handle EINs with and
without the hyphen, we believe that we should require
standardization of the identifier format within the
standard transactions, in order to promote simplification
and savings. We further believe that it would be confusing
to adopt the EIN as the standard unique employer identifier,
but then to direct that the adopted standard be modified,
by removing the hyphen, before use in standard transactions.
It would be equally confusing to adopt "the EIN minus
the hyphen" as the standard, because this identifier
would still be referred to informally as the EIN, and
it would not be clear when the hyphen is needed and
when it is not. We believe it is advantageous to adopt
the EIN exactly as assigned by the IRS. This strategy
is clearer and more flexible, should the IRS, at some
time in the future, modify its defined format of the
EIN for any reason. We therefore require that the EIN
as assigned by the IRS be used in the standard
transactions, which means at present that the hyphen
must be transmitted as part of the EIN.
The EIN was selected as a cost-effective choice for
the standard employer identifier because the IRS is
already issuing it and employers already have this identifier.
The IRS has no project initiated at this time to modify
the format of the EIN or to add a check digit to the
EIN.
The presence of a check digit can help in detection
of keying errors made in data entry of a number. We
could have specified a check digit to be used with the
IRS-issued EIN. However, we believe that in many cases
where the EIN is used in standard transactions, it will
be on file electronically and will not need to be inserted
through data entry. Therefore, the benefits of a check
digit would be modest.
Modification of the IRS-issued identifier by addition
of modifiers or a check digit for use in health care
transactions would require costly additional processes
and would negate the benefits of using the existing
IRS infrastructure; therefore, we do not add modifiers
or a check digit to the IRS format.
Comment: Several commenters thought that
the EIN was proposed to identify health care providers.
Some stated that the EIN was not specific enough to
uniquely identify health care providers. Others expressed
privacy concerns if the EIN were used to identify health
care providers.
Response: The same entity may have multiple
roles in health care transactions. On May 7, 1998, we
proposed that the National Provider Identifier, not
the EIN, be adopted to uniquely identify health care
providers (63 FR 25320). The EIN will be used to identify
an entity in the employer role. For example, a hospital
may be both an employer and a health care provider.
The hospital would use its EIN to identify itself when
conducting transactions in an employer role, for example,
making premium payments on behalf of its employees.
When making claims for health care services furnished,
it would use its National Provider Identifier.
Comment: Several commenters thought that
the EIN was proposed to identify the patient's health
plan or insurance coverage. One commenter stated one
identifier should be used for both payer and employer.
One commenter stated it would be confusing to use a
different identifier for employee welfare benefit plans
and employers, since such plans are sponsored by employers.
Response: The EIN will be used to identify
an entity acting in the employer role in standard transactions.
It will not identify the patient's health plan or insurance
coverage. It will not replace the group number, account
number, policy number, or subscriber number. Although
it is true that the employee welfare benefit plans are
often sponsored by employers, the EIN will be used to
identify only the employer, not the health plan. In
a future proposed rule, HHS intends to propose a health
plan identifier to identify health plans. Employee welfare
benefit plans would be identified by a health plan identifier.
Comment: Several commenters supported
the choice of the EIN. Two commenters stated the EIN
did not meet the 10 criteria established for selection
of a standard under the Act.
Response: Of the two commenters stating
that the EIN did not meet the criteria (see 65 FR 50351-50352
for the list of criteria), one commenter was not specific
about how the EIN did not meet the criteria. The second
commenter incorrectly believed that the EIN was being
proposed to identify the insurance coverage of a patient
rather than to identify an employer in standard transactions.
B. Requirements
Comment: One commenter stated that we
should clarify the meaning of the terms "required" and
"situational." Many commenters stated that the usage
of the EIN of the employer in health care transactions
was unclear and requested clarification, i.e., whether
the EIN was required, situational, etc. One commenter
said the EIN of the employer should be a situational
data element on all electronic data interchange (EDI)
transactions. Several commenters stated that the EIN
should be required only on transactions exchanged between
an employer and a health plan. Several commenters said
they needed clarification on which transactions would
use the EIN.
Response: As used with respect to a data
element in a standard transaction, the word "required"
means that the data element is required according to
the standard implementation guide for that transaction.
The word "situational" means that the data element or
choice of a specific code value is required if the data
condition described in the standard implementation guide
occurs. For purposes of this rule, if use of the employer
identifier is situational and the
data condition occurs, the EIN is considered to be required.
The X12N Version 4010 transaction implementation guides
are the authority for specific information on the use
of the EIN to identify the employer in X12N transactions.
The following summarizes use of the EIN to identify
the employer in X12N transactions:
X12N 270/271 Eligibility for a Health Plan--Situational
(Used to identify the employer as the source of eligibility
information when the employer maintains that information.)
(Note: Although the implementation guide does support
the use by employers, and the information receiver
can be identified specifically as an employer, employer
participation in this transaction is not a HIPAA business
purpose.)
X12N 276/277 Health Care Claims Status--Situational
(Used to identify the employer in worker's compensation
claims. This usage covers situations where the employer
is considered the subscriber for a patient when the
claim is a result of a work-related injury or illness.
In this circumstance, the health care provider and
health plan are using the standard named in the final
Transactions Rule although this is not required by
the Final Rule because one or both are not covered
entities or this is a business purpose not covered
under the final Transactions Rule. In most cases,
the health care provider will already know the EIN
because it will have a relationship with the employer
for worker's compensation cases or because provision
of the EIN is required by local, State, or other regulation.)
X12N 820 Health Plan Premium Payments--Situational
(Used to identify an entity who is an employer as
the remitter of the premium or as the entity to which
the premium payment applies.)
X12N 834 Enrollment and Disenrollment in a Health
Plan--Required (when used to identify the sponsor
of the health plan when the sponsor is an employer.)
Situational (when used to identify the employer of
a person covered under a health plan when that employer
is not the sponsor. The non-sponsor employer is identified
only when the contract between the sponsor and the
health plan requires that the sponsor report this
information.)
An employer identifier is not used to identify
an entity as an employer in the following X12N standard
transactions:
X12N 278 Referral Certification and Authorization
X12N 835 Health Care Payment and Remittance Advice
X12N 837 Health Care Claims or Equivalent Encounter
Information-- Dental
X12N 837 Health Care Claims or Equivalent Encounter
Information--Professional
X12N 837 Health Care Claims or Equivalent Encounter
Information--Institutional
The EIN of the employer is optional in the NCPDP retail
pharmacy transactions. The implementation guides for
the NCPDP transaction standards are the authorities
for specific information on the use of the EIN of the
employer in the NCPDP standard transactions.
Comment: Many commenters expressed concern
that health care providers would be required to report
the EIN of the patient's or subscriber's employer on
standard transactions. They requested more specific
data related to the costs to health care providers of
reporting these EINs. They noted that health care providers
do not routinely obtain and patients do not generally
know these EINs. Some commenters noted that, with the
exception of the X12N 834 enrollment transaction, the
X12N implementation guides specify the employer identifier
is situational in all occurrences. Health care providers
are not a party to the X12N 834 and thus would not be
required to report a patient's employer's EIN. Many
commenters therefore recommended that all references
to the use of employer identifiers by health care providers
be deleted from the regulation. One commenter noted
that third party administrators sometimes require health
care providers to report the employer on eligibility
transactions, and that subcontracting health care providers
in Provider Sponsored
Organizations sometimes direct eligibility transactions
to the employer. Some commenters stated that if health
care providers were required to report or use the EIN
of the patient's employer, health insurance cards should
carry this EIN; otherwise, health cards should not carry
the EIN.
Response: Health care providers do not
conduct the X12N 834 enrollment transaction, the only
standard transaction where the employer identifier is
required. In all standard transactions that a health
care provider might conduct, the employer identifier
is either not a permitted value or is one of a choice
of alternate values. In the situations where the employer
identifier may be used in a standard transaction used
by covered entities under HIPAA, the employer identifier
is used only if the party being identified is an employer
and its identifier has been given to the health care
provider as the electronic transaction identifier for
the employer as an information source in an eligibility
transaction. The standard transaction for eligibility
inquiry and response does not contain data elements
for identifying the subscriber's employer. We expect
that health care providers will be able to obtain the
EIN from the employer, as is the current practice, for
the limited cases when an EIN is needed in covered standard
transactions initiated by the health care provider.
Comment: Some commenters stated that
employers may not want to disclose their EINs and requested
that the final rule explicitly state the penalties for
an employer that does not disclose its EIN. Some were
concerned that the EIN may not be accessible to parties
needing the EIN for health care transactions. One commenter
said that because of administrative costs, employers
will not want to provide their EINs. Another commenter
stated that employers would be so overwhelmed by requests
for their EINs that they would place them on everything
to limit staff time required for answering these requests.
Response: These concerns were generated
because commenters incorrectly thought that EINs would
be required in transactions initiated by health care
providers or others who would not know the EIN. Although
identification of the subscriber's employer was part
of the data content of the institutional health care
claim transaction in the proposed Transactions Rule,
that data element was removed from the institutional
health care claim transaction that was adopted by the
final Transactions Rule. In fact, the EIN will be used,
for the most part, in transactions initiated by the
employer itself. The EIN is required for the enrollment
in a health plan standard transaction, which is usually
initiated by employers (which are not covered entities).
In other transactions, such as the eligibility for a
health plan transaction, the employer identifier only
occurs in conjunction with the use of the standard transaction
between one or more organizations who are noncovered
entities under HIPAA, or as one of the possible choices
of identifiers for the employer. In the eligibility
for a health plan transaction, the employer identifier
can be used as one of the permitted identifiers for
the employer as the source or receiver of eligibility
information. Thus, when a health care provider is initiating
the eligibility for a health plan transaction to an
employer, in the process of determining the proper electronic
routing identifiers and other electronic identifiers,
the health care provider has the opportunity to obtain
an EIN if required by the employer as its electronic
routing or other electronic identifier. We believe that
use of the EIN will not generally create compliance
problems for covered
entities.
We had proposed to require each employer to disclose
its EIN, upon request, to any covered entity that needed
to use that employer's EIN in a standard transaction.
This requirement is not adopted in this final rule because
employers are not covered entities under the Administrative
Simplification provisions of HIPAA. However, we believe
that employers will have a strong incentive to continue
the common business practice of providing their EINs
voluntarily in those rare cases where it is not already
known in order to maintain or improve the efficiency
of administrative processes.
Comment: Many commenters thought that
the EIN of the patient's employer or of the patient
would be required in health care claim and encounter
transactions. These commenters stated that use of the
EIN in these transactions is an invasion of privacy,
both personal and medical. Several commenters stated
that implementation of a national standard employer
identifier will permit unwarranted Federal monitoring
of patient care and linking of medical records through
employers. They stated that the possibility of Federal
monitoring and linking of medical records will create
barriers of distrust between doctors and patients and
between employers and employees. They stated use of
the EIN will eventually lead to a numbering system on
citizens that will make it easier to track citizens
from one employer to another, build citizen profiles,
or discriminate against citizens based upon health status.
One commenter thought that the use of the EIN would
result in the collection of centralized medical records
and had potential for abuse. Several commenters stated
this regulation was an improper role of government.
Several commenters said they would like to shelve the
proposed rule, while others said there should be a nationally
publicized hearing or that the use of the EIN should
go to a public vote and not be decided by the government.
Several commenters were concerned about the security
of medical records stored in central computer locations.
One commenter supported a "Patients' Bill of
Rights" with enforcement through the court systems.
One commenter requested clarification of penalties for
patients who refuse to give the names or EINs of their
employers. One commenter said that States should not
be required to give employers access to benefit information.
This commenter stated this would be unacceptable, based
on confidentiality and administrative burden.
Response: Many commenters misunderstood
the proposed application of the employer identifier.
The inclusion of the employer identifier is optional
in the NCPDP retail pharmacy claim. The employer identifier
is not used at all to identify an entity as an employer
in the X12N standard health care claim or equivalent
encounter information transactions. It is used primarily
to identify employers that are sending or receiving
transactions for enrollment in a health plan or payment
of premiums. Those transactions do not carry information
about the treatment of individuals. We do not believe
the employer identifier will facilitate federal monitoring
of patient care, collection of central medical records,
or tracking of citizens. We do not believe it will lead
to barriers of distrust between doctors and patients,
or between employers and employees. HHS proposed standards
for security of health information, including medical
records, in a proposed rule (63 FR 43242) published
on August 12, 1998. HHS also adopted standards for privacy
of individually identifiable health information in the
Privacy Rule (65 FR 82462) published December 28, 2000.
We do not require patients to give the EIN of their
employers to anyone or require States to give employers
access to benefit information.
Comment: One commenter recommended the
revision of Secs. 142.604 and 142.608 as follows: "Each
health plan/health care provider must accept and transmit
the national employer identifier of any employer that
must be identified in any standard transaction." One
commenter stated that Sec. 142.606 should be deleted
since clearinghouses do not collect, validate, or supply
data elements to the transaction.
Response: We agree that Secs. 142.604
and 142.608 should be revised for clarity. We do not
agree that Sec. 142.606 should be deleted because health
care clearinghouses are covered entities and are required
to use the standards, but we made a similar revision
as that made to Secs. 142.604 and 142.608. These revisions
are reflected in Sec. 162.610.
C. Implementation Concerns
Comment: One commenter recommended HHS
notify employers of this proposal for national use of
EINs.
Response: Employers are not covered entities,
and this rule places no requirements upon them. In many
cases, employers already use the EIN to identify themselves
in standard transactions. Use of the EIN by employers
in standard transactions will continue to be voluntary.
While employers are not covered entities under this
rule, health plans are free, as part of their business
arrangements with employers, to require employers to
use the standard transactions and to provide their EINs
for this purpose. We have provided public notice of
this proposal by publication of the proposed rule in
the Federal Register on June 16, 1998 (63 FR 32784)
and by publication of this final rule in the Federal
Register.
Comment: Several commenters requested
clarification of the employer enumeration process and
how information in the employer identifier system would
be maintained. They also stated that timely and accurate
updates to this system are critical to accurate public
health data collection efforts. One commenter wanted
confirmation that the plans for authenticating prior
to the IRS's issuance of an EIN would remain the same
as today. It was suggested that one or more centers
be established to answer questions about the employer
identifier and redirect questions to the IRS or other
Departments.
Response: The IRS maintains the EIN enumeration
system and database, and makes information on the EIN
available through its web site at http://www.irs.ustreas.gov/.
The IRS authentication, enumeration and update processes
and the IRS enumeration system will not be changed as
a result of this regulation. The IRS answers questions
about the EIN through its web site. HHS answers questions
about the Administrative Simplification regulations
through its web site at http://aspe.hhs.gov/admnsimp.
Comment: One commenter asked whether
the EIN is always the same as the taxpayer identifying
number.
Response: The taxpayer identifying number
may be an EIN, a Social Security Number, or an IRS individual
taxpayer identification number. The IRS, at 26 CFR 301.7701-12,
defines the Employer Identification Number as "the taxpayer
identifying number of an individual or other person
(whether or not an employer) which is assigned pursuant
to section 6011(b) or corresponding provisions of prior
law, or pursuant to section 6109, and in which nine
digits are separated by a hyphen, as follows: 00-0000000."
Comment: A commenter wanted to know the
IRS policy on reusing an EIN.
Response: Currently, the IRS does not
reuse EINs; that is, it does not assign a previously
used EIN to a new applicant for an EIN. IRS Publication
Number 1635, "Understanding Your EIN, Employer Identification
Numbers," includes information on business and corporate
changes that would allow continued use of an organization's
EIN or would require issuance of a new EIN. This publication
can be ordered by calling (800) 829-3676 or can be downloaded
from the IRS web site at http://www.irs.ustreas.gov/plain/bus_info/pub1635.html.
Comment: Several commenters recommended
the use of an online EIN database and suggested an IRS
directory be established. Several commenters recommended
use of a standards-based directory schema. Another stated
it would be necessary to have a directory only if transactions
other than the X12N 834 Health Care Benefit Enrollment
were to require use of the EIN. This commenter stated
the X12N 834 transaction would not require a directory
since it is initiated by employers.
Response: For the most part, the EIN
will be used in HIPAA transactions initiated by the
employer. The employer will know its own EIN; therefore,
an on-line public directory will not be necessary. In
the few cases where a standard transaction that requires
an employer's identifier is initiated by an entity other
than the employer, we expect that the entity will obtain
the EIN from the employer, as is the current practice.
Comment: A concern was raised by one
commenter about the length of time it would take to
receive an EIN and how both Medicare and Medicaid claims
would be paid if the employer did not have an EIN. One
commenter said that the proposed rule makes electronic
transmissions impossible for any employer that lacks
an EIN or refuses to disclose its EIN. Two commenters
suggested that the IRS determine those employers that
do not already have EINs and that HHS require those
named by the IRS to obtain EINs. Another commenter suggested
that instructions be made available on what to do if
an employer does not have an EIN. One commenter stated
that employers utilizing Social Security Numbers for
tax reporting purposes should be required to apply for
EINs.
Response: Many of these concerns were
based on an incorrect belief that the patient's employer's
EIN would be required in standard claim transactions.
Actually, the patient's employer's EIN is not included
in the X12N standard claim transactions and is optional
in the NCPDP retail pharmacy claim. We know of no situation
where an employer identifier would be required in a
standard transaction and the employer would not have
an EIN. The employer identifier is used in standard
transactions to identify the employer of employees who
are subjects in the transaction. Any business that pays
wages to one or more employees is required to have an
EIN as its taxpayer identifying number. A sole proprietor
who has no employees or who files no excise or pension
tax return is the only business person who is not required
to obtain an EIN; a sole proprietor with no employees
would not need to be identified as an employer in standard
transactions. The IRS publication, "Understanding Your
EIN, Employer Identification Numbers," Publication 1635,
states that the IRS generally assigns an EIN within
4-5 weeks of receiving an application by mail or assigns
an EIN immediately via the tele-TIN telephone process.
For the telephone number in each state, see the "Where
to Apply" section in Publication 1635. Publication 1635
can be downloaded from the IRS web site at http://www.irs.ustreas.gov/plain/bus_info/pub1635.html
or can be ordered by calling (800) 829-3676.
Comment: One Medicaid State agency requested
clarification on whether Medicaid State agencies would
use the EIN when making health plan premium payments
or when making capitation payments to managed care plans.
Other commenters had concerns of how health plan sponsors
that are not employers would be identified in standard
transactions. One commenter requested that the description
on how to obtain an EIN (63 FR 32793) be expanded to
include those non-employer entities that will need an
identifier for HIPAA transactions.
Response: HIPAA requires that the Secretary
adopt a standard unique health identifier for each individual,
employer, health plan, and health care provider for
use in the health care system. If the Medicaid State
agency is making premium payments or capitation payments
as an employer on behalf of its own employees, it would
use its EIN. The law does not provide for adoption of
a standard identifier for health plan sponsors that
are not employers but that may enroll or make premium
payments on behalf of other persons. We recognize that
in some situations, the EIN is used to identify health
plan sponsors that are not employers. This practice
will not be affected by this final rule.
Comment: One commenter asked how foreign
employers would be identified in standard transactions.
Response: Foreign employers are treated
the same as all other employers under this rule. In
this rule, we have intentionally adopted a definition
of "employer" that is identical to the definition used
by the Internal Revenue Service in 26 U.S.C. 3401(d).
This definition covers foreign employers who pay wages
to employees for whom tax withholding is required by
the IRS. For purposes of this rule, it is important
that any employer that enrolls or disenrolls employees
in a health plan or that makes premium payments on behalf
of employees to a health plan be able to be identified
by the standard employer
identifier. Since any business that pays wages to one
or more employees is required to obtain an EIN as its
taxpayer identifying number, we know of no employer
that would not be able to be identified by an EIN when
enrolling or disenrolling employees in a health plan
or making premium payments on behalf of employees to
a health plan.
Comment: In the proposed rule (63 FR
32793) we noted that some employer organizations have
more than one EIN. We asked for comment on whether one
EIN should be used consistently in health care transactions.
One commenter noted that in some cases employer organizations
with multiple EINs may be doing business with multiple
health plans and using a different EIN with each plan,
resulting in coordination of benefits problems. Several
commenters recommended that specific guidelines be defined
for using a single EIN across the board in health-related
transactions. Several commenters stated that the use
of multiple EINs would not be a problem. Several commenters
made suggestions on which EIN should be designated for
use in health care transactions, for example, the one
that appears on the IRS Form W-2, Wage and Tax Statement,
of the employee that is a subject of the transaction,
the one that identifies the employee's employment address,
or the one with the lowest numeric value. Some commenters
noted that the intended purpose of the employer identifier
is to identify the employer and that the employer should
decide which EIN to use. Several commenters suggested
that an IRS publication include information on IRS protocols
for multiple EINs. Two commenters requested information
about the IRS maintenance of EINs when corporate changes
such as mergers occur.
Response: When a business entity is a
consolidated group consisting of several corporations,
each corporation may be separately identified for certain
Federal tax reporting purposes, and may have its own
EIN. The consolidated group may also have an EIN, under
which it files a consolidated income tax return. For
any relationship of an employer to an employee of that
employer, only one unique EIN designates the employer.
The standard unique employer identifier of an employer
of a particular employee is the EIN that appears on
that employee's IRS Form W-2, Wage and Tax Statement,
from the employer.
The IRS regulations at 26 CFR 301.7701 contain definitions
of entities that may be identified for Federal tax purposes.
The instructions accompanying IRS Form SS-4, "Application
for Employer Identification Number," detail the kinds
of entities that must have EINs and the situations that
require an entity to obtain a new EIN. IRS publication
1635, "Understanding Your EIN, Employer Identification
Numbers," gives further information on business or corporate
changes that do and do not require an entity to obtain
a new EIN. IRS publications can be downloaded from the
IRS web site at http://www.irs.ustreas.gov/plain/forms_pubs/index.html
or ordered by calling (800) 829-3676.
Comment: One commenter was concerned
about possibly conflicting Federal and State regulations
for use of the EIN.
Response: This commenter did not note
any particular conflicts in use of the EIN and we are
not aware of any conflicts. Section 1178 of the Act
discusses the effect of the Administrative Simplification
provisions on State law. The general rule is that the
standards adopted under the Act supersede any contrary
provision of State law. For a more detailed discussion
of the statutory preemption provisions and the regulatory
implementation of those provisions, see 65 FR 82480
through 82481 and 65 FR 82579 through 82588.
D. Approved Uses
Comment: One commenter stated that the
regulations should not require the EIN on "past" health
information. Another commenter expressed concern over
the lack of guidelines and controls in dissemination
and use of EINs for health care purposes. These commenters
said that the regulation should clearly define the approved
uses and cross-refer to penalties for misuse.
Response: This regulation does not require
use of the EIN in transactions conducted before the
compliance date. HHS intends to publish a proposed rule
concerning enforcement of the HIPAA standards. Civil
penalties for failure to comply with requirements and
standards are covered in Section 1176 of the Act. Criminal
penalties for misuse of an employer identifier are covered
in Section 1177 of the Act.
Comment: One commenter questioned if
the EIN would replace the United Business Identifier
used in non-health transactions. Another asked if the
EIN would replace other employer identifiers, or be
used in addition to them.
Response: This rule does not address
non-health care transactions. We cannot speak to the
issue of what will happen in such transactions. The
EIN is the only employer identifier in standard transactions.
Comment: Some commenters were concerned
that employers would not want to use their EINs because
of privacy issues. One commenter stated that effective
security and confidentiality measures should protect
the EIN. Three commenters stated that health data organizations
and public policy researchers should have access to
the EIN for public health surveillance. They wanted
this access to be clarified.
Response: The confidentiality of the
EIN is protected under the Internal Revenue Code. Section
26 U.S.C. Sec. 6103 provides that, generally, taxpayer
return information, including taxpayer identity (which
includes a taxpayer identifying number), must be kept
confidential and may not be disclosed by, among others,
federal officers or employees, except as permitted by
Title 26.
In this rule we make no changes to the existing access
that health data organizations and public policy researchers
have to the EIN. Health data organizations and researchers
desiring access to data from a Federal system of records
that contains the EIN should address their requests
to the Freedom of Information Act official in the agency
responsible for the system.
E. The Specific Impact of the Employer Identifier
Comment: One commenter stated that the
cost to implement the EIN would add to premiums paid
by individuals and their families. Several commenters
said the expense and resources to implement this identifier
are greater than estimated. One commenter stated that
more specific data related to the exact costs to health
care providers should be made available for public comment
prior to publication of the final rule.
Response: Those concerned with the cost
of the identifier consisted primarily of commenters
that incorrectly thought that health care providers
would be required to use the EIN on health care claims.
As noted in our previous responses, the EIN will be
used primarily by employers on transactions they initiate;
therefore, we do not expect the costs to be higher than
those estimated in the proposed rule. When the employer
identifier is used in standard transactions initiated
by entities other than the employer, we expect that
these entities will obtain the EIN from the employer,
as is the current practice.
|
