Proposed Rule for Certification of Compliance for Health Plans Withdrawn by HHS

The Department of Health and Human Services, at the start of 2014, completed a proposal for introducing a new rule to bring in an official certification of compliance for health plans.

The proposed rule would have obligated all controlling health plans (CHPs) to complete a variety of documentation to HHS to confirm compliance with electronic transaction standards established by the HHS under HIPAA Rules. The main objective pf proposed new rule – Administrative Simplification: Certification of Compliance for Health Plans – was to promote more uniform testing methods for CHPs. In a recent release the HHS announced that the proposed rule has been withdrawn.

If the proposed rule had passed all the required steps and been implemented, CHPs would have had to prove compliance with HIPAA administration simplification standards for three electronic transactions: Eligibility for a health plan, health care claim status, and health care electronic funds transfers (EFT) and remittance guidance. Any failure to adhere with the new rule would have resulted in financial penalties for CHPs.

Most employers’ health plans are managed by their official insurance providers, so the proposed rule would not have affected them directly, although a major burden would have been placed on self-funded employers by the rule amendment. Following introduction of the proposed rule to the federal register at the beginning of 2014, HHS registered more than 72 public comments. After investigating those comments, the HHS opted to withdraw the proposed new rule.

The plan for the HHS now is to examine the issues addressed in the comments and will be looking into options and other measure to ensure compliane with statutory requirements.

The Secretary of the HHS said that regulations have already been put in place for compliance with HIPAA administration simplification standards and enforcement of compliance with the required standards. While the proposed rule has been pulled, the HHS has revealed that covered organizations must still comply with 45 CFR parts 160 and 162.

Link copied to clipboard
Photo of author

Posted by

Emma Taylor

Emma Taylor is the contributing editor of Defensorum. Emma started on Defensorum as a news writer in 2017 and was promoted to editor in 2022. Emma has written and edited several hundred articles related to IT security and has developed a deep understanding of the sector. You can follow Emma on and contact Emma at