User’s Guide – Help with Dreaded CMS Memo
The dreaded CMS Memo now has a User’s Guide. I had previously written about the Center for Medicare and Medicaid Services (CMS) requiring that all the states begin report all of their Workers Comp data to the CMS on January 1, 2010. This was an obvious move by CMS to target the large reserves and settlement on Workers Compensation claims. CMS, of course, wanted to make sure their interests have been protected.
A recent CMS memo delayed the requirement for the release of the production file until April 1, 2010. It is my understanding from reading all of the articles that the insurance industry was not ready for the initial deadline of January 1st. I am sure that CMS was also not ready for the flood of information they would have received from all parties. The CMS will be publishing a Users Guide. I am under the assumption that they user guide is for data structure, not procedures.
The reporting requirements, though, have not changed. I must say, as I had expected, this is all becoming more confusing. Insurance carriers and TPA’s MUST still adhere to the reporting requirements.
The following is the letter that the American Insurance Association (AIA), Self Insurance Institute of American (SIIA) and the National Association of Mutual Insurance Companies (NAMIC) wrote to DHHS/CMS asking for the delay. CMS listened to their concerns. It is a very well-crafted letter. The three groups came as close as they could to pointing the finger without actually blaming the CMS for the requested delay. I will post the responding CMS memo next time.
Dear Secretary Sebelius:
On behalf of the property-casualty insurance and self-insurance industries, the undersigned organizations urgently submit this letter to respectfully request that the Department of Health and Human Services delay its April 1, 2010 implementation date of the Section 111: “Medicare Secondary Payer Mandatory Reporting requirements contained in the Medicare, Medicaid, and SCHIP Extension Act of 2007.
Property-casualty insurers, as well as companies that self-insure, have been working diligently for the past two years to meet the new reporting requireurers and self-insurers subject to the new requirements. Since failure to comply with the reporting requirements as of April 1, 2010 will expose insurers and self-insureds to substantial financial penalties, we believe that a more realistic implementation date is not only appropriate but also imperative.
Outlined below are five major reasons why the Department of Health and Human Services should immediately consider a delay in the implementation date.
First, CMS has yet to issue final guidance on some issues, such as which entity has reporting responsibility when, due to risk-sharing arrangements, more than one reporting entity has a share of the settlement. Therefore, it remains difficult to determine in some circumstances which entity has what specific reporting responsibility. This lack of final guidance from CMS regarding which entities have to comply and how, has caused confusion among stakeholders, including insurers, self-insureds, agents, brokers, and third-party administrators. As recently as January 28, 2010, in a “town hall” conference call, CMS stated that guidance was still being reviewed and could not yet be released. Issuing such guidance in sufficient time prior to implementation is critical, as any failure to report carries an onerous penalty of $1,000 per day, per claim. CMS has not indicated a willingness to waive such penalties if the cause of the failure to report is a lack of clear guidance from CMS.
Collection of Social Security Numbers or Health Insurance Claims Numbers
Second, the insurance and self-insurance industries have serious concerns with the mandatory requirement to submit certain data elements, including beneficiaries’ Social Security numbers and heath insurance claim numbers. CMS acknowledged these concerns in its response to the Paper Work Reduction Act. Unlike group health insurers, this information is not readily available to property-casualty insurers, as most claims are resolved over the telephone. Under the pending Section 111 requirements, insurers and others will have to telephone beneficiaries asking for sensitive information that CMS, on its own website, (http://www.stopmedicarefraud.gov/) advises individuals to guard as they would a credit card number. In other words, reporting entities are being directed to obtain information from individuals that CMS itself advises those individuals to provide only to their physician or other Medicare provider.
Confidentiality and Security of the Data
Third, we have serious concerns that CMS is not properly using the highest-level security and encryption technology to ensure the privacy of personally identifiable information that is required to be submitted. During the testing period, companies in the industry will be creating files, for the first time for CMS, containing the names and Social Security or health insurance claim numbers of thousands of individuals. As recently as last month, while in live production of a query, a reporting agent submitted one hundred files and received thousands of unrelated files in return. These files contained the personal information of CMS beneficiaries to which the reporting agent should not have had access. A similar instance occurred in December 2009. Following the December incident, CMS assured interested parties that the problem had been fixed. Apparently, it has not. There remains a concern about the privacy and confidentiality of the information required to be reported. Americans’ right to privacy for their health records is more important than an implementation date selected by CMS.
Inadequate Testing Period
Fourth, there are also serious problems with the shortness of the test period CMS employed to make sure that the system is operational prior to the implementation date. CMS has only just begun to allow entities to test the mandatory electronic reporting capabilities and interfaces with CMS systems. This short window of opportunity for system testing has put significant stress on the capabilities of internal information technology groups, reporting agents, and the CMS coordination of benefits contractor to whom covered entities must report. Predictably, this has led to delays in the testing process. Given that there are more than 24,000 entities registered to report, the time contemplated for testing the system is insufficient to guarantee a successful implementation on April 1, 2010.
Fifth, with respect to enforcement, we believe that the penalty provision of $1,000 per day, per claim, is excessive and, at the very least, should not be assessed on the first report submitted by any entity. The first report to CMS by a reporting entity will be the largest in terms of the volume of data submitted, as it will encompass legacy claim data from January 1, 2009 to the present. Furthermore, CMS is mandating that reporting only be done once a quarter, so errors and glitches inherent in a new reporting system cannot be addressed for 90 days. So, as currently envisioned by CMS, failure to report properly a $2,500 automobile medical payment to a beneficiary could subject the reporting entity to a $90,000 fine. Not only is this unreasonable, but the lack of an ability to correct a data submission more frequently amounts to a lack of due process in the assessment of penalties against reporting entities. Therefore, CMS should delay implementation until a data correction ability is created and tested by CMS.
In sum, we respectfully request that CMS delay implementation of the reporting requirement until CMS can demonstrate that the data will be secure, confidential, and transmitted by the appropriate entity. We also request that CMS not subject the industry to fines until production of the data reporting collection has been successful for a period of not less than one year and a data correction ability is created to allow changes more frequently than quarterly. In all of the industry’s conversations with CMS, CMS has consistently stated that its goal is accurate data, not enhanced revenue from fines. We take CMS representatives at their word, and we can confirm the enormous amount of work that CMS has put into this difficult project. None of our concerns should be read, in any way, as a criticism of the talented and hard working CMS staff that has been trying to work its way through this thicket of problems. Nevertheless, it is a thicket of problems.
We look forward to working with CMS in its continued efforts to successfully implement the reporting requirements and would very much appreciate the opportunity to talk with you and your staff about the best way to move forward.
American Insurance Association
National Association of Mutual Insurance Companies
Self-Insurance Institute of America
The reaction to the recent CMS memo strongly resembled the above letter from the three very large groups. The next CMS memo should clarify some of the points of concern in the letter.
©J&L Risk Management Inc Copyright Notice