In lieu of an abstract, here is a brief excerpt of the content:

84 chapter seven HIPAA: Federalism and Implementation As HIPAA became the law of the land, the federal government continued to defer to the states in important ways. Because of passive federal oversight, states took control of the scope and shape of insurance reforms, particularly in the individual market. In contrast to the implementation of the CHIP rule, which resulted in greater uniformity between states, implementation of HIPAA maintained the diversity that already existed among the states. Oversight was so weak that states could basically enact what they wanted, when they wanted. As a result, HIPAA largely failed to make insurance more available and affordable.1 Implementation of the Patient Protection and Affordable Care Act requires early cooperation with the states and considerable flexibility, as did implementation of CHIP. However, if the federal government takes an approach to ACA similar to the one that it took with HIPAA—if it chooses to be extremely deferential to the states at every turn—national reform will surely meet with disaster. The standoffish position of the federal government that was so evident during HIPAA rulemaking was even more pronounced during implementation . The federal government had no real leverage to make states comply. Even when states wanted intervention, the federal government was reluctant and slow to act. The lack of a requirement that the states report to the Centers for Medicare and Medicaid Services in fact rendered the federal government blind. Further, when Congress finally enacted funds for federal oversight, CMS chose to hire temporary contractors instead of building the institutional capacity for a long-term commitment to program oversight . The contrast in responsibilities, particularly between the Department of Labor and CMS, offers insight into the importance of institutional 07-2483-4 chap7.indd 84 6/25/13 5:33 PM hipaa: federalism and implementation / 85 capacity, expertise, agency routines, reporting requirements, and resources. The implementation of HIPAA underscores the need for reporting requirements , real enforcement, and overall accountability as national reform is implemented. State and Federal Agency Action The three federal agencies responsible for HIPAA implementation—the Internal Revenue Service, the Department of Labor, and CMS—had different roles in the process and different relationships with the states. The Internal Revenue Service (IRS) had limited responsibility but a lot of clout. Any threat of action by the IRS certainly would have grabbed the attention of large businesses. The Department of Labor (DOL), through the Pension and Welfare Benefits Agency (PWBA), had more direct responsibility for implementation and oversight. Building on existing networks with employers, it established a collegial working relationship with the states. CMS was given a new set of responsibilities, but it had neither the expertise nor the resources to accomplish the task. Internal Revenue Service The main job of the IRS, in coordination with DOL and CMS, was to impose tax penalties for noncompliance, but the agency took very little action during the implementation process. The IRS could have imposed an excise tax on employers that did not comply with HIPAA standards. For example, it could have penalized employers whose health plans failed to issue certificates in a timely manner. But that was never a priority. In 2003 the IRS was reorganized into four components, and at the time it was still unclear which unit or units would take the lead in HIPAA enforcement. A senior IRS official said that in general, enforcement was decentralized to agents who, with an understanding of HIPAA provisions, could take action against an employer health plan. However, there is no evidence that that was taking place.2 DOL or CMS also had the authority to use the threat of IRS referral in the course of performing their oversight or implementation functions. There is no evidence that the agencies referred any plans to the IRS during that period, but the threat of potential IRS action could still have served as an additional incentive to comply. In any case, senior IRS officials had no reason to believe that any IRS enforcement action had ever been taken. 07-2483-4 chap7.indd 85 6/25/13 5:33 PM [3.147.104.248] Project MUSE (2024-04-26 09:29 GMT) 86 / hipaa: federalism and implementation Department of Labor The Pension and Welfare Benefits Agency of the Department of Labor was responsible for the oversight of employer benefit plans and had sole responsibility for HIPAA implementation by companies that self-insured under ERISA. Implementation and oversight were conducted largely through PWBA’s regional offices, at the direction of the...

Share